The GA server is still running:
OTL Scan of DataServer:
OTL logfile created on: 3/9/2013 5:49:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\administrator\Desktop\3-10-2013 Virus work
Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 71.63% Memory free
5.83 Gb Paging File | 4.80 Gb Available in Paging File | 82.27% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 6.52 Gb Free Space | 19.09% Space Free | Partition Type: NTFS
Drive D: | 273.45 Gb Total Space | 150.61 Gb Free Space | 55.08% Space Free | Partition Type: NTFS
Drive F: | 14.95 Gb Total Space | 14.76 Gb Free Space | 98.73% Space Free | Partition Type: FAT32
Drive O: | 465.64 Gb Total Space | 97.01 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive R: | 273.45 Gb Total Space | 150.61 Gb Free Space | 55.08% Space Free | Partition Type: NTFS
Computer Name: HEDCODSERVER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/09 17:28:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\3-10-2013 Virus work\OTL.exe
PRC - [2012/01/30 04:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2011/12/11 12:05:32 | 009,430,200 | ---- | M] (Schwab Performance Technologies) -- C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe
PRC - [2011/08/26 19:26:50 | 001,664,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
PRC - [2011/08/26 19:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
PRC - [2011/08/10 05:09:07 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wins.exe
PRC - [2011/04/02 10:50:00 | 001,270,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
PRC - [2011/03/28 16:50:24 | 000,223,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe
PRC - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/07/21 17:00:12 | 000,143,144 | ---- | M] (Vale Software) -- c:\junxure\Backup\Agent\vswSQLEJS.exe
PRC - [2007/02/17 06:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe
PRC - [2007/02/17 06:03:42 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe
PRC - [2007/02/17 06:03:39 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/17 06:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2004/10/19 09:01:42 | 000,118,784 | ---- | M] () -- C:\Program Files\MegaRAID\rserver\Raidserv.exe
PRC - [2004/09/01 10:00:24 | 000,163,328 | ---- | M] () -- C:\WINDOWS\system32\Megaserv.exe
PRC - [2003/06/23 15:03:26 | 000,162,044 | ---- | M] () -- C:\Program Files\MegaRAID\regserv\Reg_serv.exe
PRC - [2003/06/12 14:12:16 | 000,040,960 | R--- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\FlushServ.exe
PRC - [2000/06/01 08:41:08 | 000,090,112 | ---- | M] () -- C:\ivupdate\IVM.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/14 03:13:05 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\5571f6ece2abdda5305bdd3a91bb105c\System.Configuration.Install.ni.dll
MOD - [2013/02/14 03:10:33 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013/02/14 03:04:50 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/01/10 03:30:43 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 03:29:12 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 03:28:41 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/10 03:28:17 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013/01/10 03:28:09 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
MOD - [2013/01/10 03:28:05 | 002,146,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\64ad3d6ccdc3afa7919528cc5a0143a6\ReachFramework.ni.dll
MOD - [2013/01/10 03:27:54 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll
MOD - [2013/01/10 03:27:21 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll
MOD - [2013/01/10 03:27:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll
MOD - [2013/01/10 03:26:51 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 03:26:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2011/10/14 06:11:14 | 000,249,856 | ---- | M] () -- C:\Program Files\Schwab Performance Technologies\PortfolioCenter\hysdba32.dll
MOD - [2011/10/14 06:11:14 | 000,196,608 | ---- | M] () -- C:\Program Files\Schwab Performance Technologies\PortfolioCenter\c4dll32.dll
MOD - [2011/05/18 09:15:12 | 000,075,416 | ---- | M] () -- C:\WINDOWS\system32\PDVFSNP.dll
MOD - [2007/08/27 11:35:34 | 000,090,112 | ---- | M] () -- C:\ivupdate\EUConfig.dll
MOD - [2004/10/19 09:01:42 | 000,118,784 | ---- | M] () -- C:\Program Files\MegaRAID\rserver\Raidserv.exe
MOD - [2004/09/01 10:00:24 | 000,163,328 | ---- | M] () -- C:\WINDOWS\system32\Megaserv.exe
MOD - [2003/06/23 15:03:26 | 000,162,044 | ---- | M] () -- C:\Program Files\MegaRAID\regserv\Reg_serv.exe
MOD - [2000/06/01 08:41:08 | 000,090,112 | ---- | M] () -- C:\ivupdate\IVM.exe
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2012/01/30 04:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2011/12/11 12:05:32 | 009,430,200 | ---- | M] (Schwab Performance Technologies) [Auto | Running] -- C:\Program Files\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe -- (SPTServer)
SRV - [2011/08/26 19:26:54 | 000,280,496 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe -- (SNAC)
SRV - [2011/08/26 19:26:50 | 001,664,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/08/26 19:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/08/10 05:09:07 | 000,158,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wins.exe -- (WINS)
SRV - [2011/05/18 09:15:24 | 000,194,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Symantec\Backup Exec\RAWS\PDVFSService.exe -- (PDVFSService)
SRV - [2011/04/02 10:50:00 | 001,270,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2011/03/28 16:50:24 | 000,223,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe -- (bedbg)
SRV - [2010/12/10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/07/21 17:00:12 | 000,143,144 | ---- | M] (Vale Software) [Auto | Running] -- c:\junxure\Backup\Agent\vswSQLEJS.exe -- (vswSQLEJobServer)
SRV - [2007/02/17 06:04:02 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/17 06:03:58 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/17 06:03:53 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/17 06:03:43 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/17 06:03:42 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/17 06:03:35 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2004/11/11 10:46:46 | 000,053,248 | ---- | M] (Adaptec Incorporated) [Auto | Stopped] -- C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe -- (AdaptecStorageManagerAgent)
SRV - [2004/10/19 09:01:42 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\MegaRAID\rserver\Raidserv.exe -- (RAID_SERVER)
SRV - [2004/09/01 10:00:24 | 000,163,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Megaserv.exe -- (MegaServ)
SRV - [2003/06/23 15:03:26 | 000,162,044 | ---- | M] () [Auto | Running] -- C:\Program Files\MegaRAID\regserv\Reg_serv.exe -- (REG_SERVER)
SRV - [2003/06/12 14:12:16 | 000,040,960 | R--- | M] (American Megatrends Inc.) [Auto | Running] -- C:\WINDOWS\system32\FlushServ.exe -- (FlushService)
SRV - [2003/03/25 04:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2003/03/25 04:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- a -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/09 14:04:10 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/02/19 10:41:05 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130309.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/02/19 10:41:05 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130309.003\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/29 13:02:40 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130301.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/12/13 03:51:26 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130308.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/08 22:41:22 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 22:41:22 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/26 19:50:19 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/26 19:29:38 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\symtdi.sys -- (SYMTDI)
DRV - [2011/08/26 19:29:34 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2011/08/26 19:29:32 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys -- (SymDS)
DRV - [2011/08/26 19:29:28 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/08/26 19:29:28 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2011/08/26 19:29:26 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/08/26 19:27:34 | 000,118,960 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teefer.sys -- (Teefer2)
DRV - [2011/05/18 09:15:12 | 000,075,416 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\PDVFSNP.dll -- (PDVFSNP)
DRV - [2011/03/01 14:00:06 | 000,071,480 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VirtFile.sys -- (VirtFile)
DRV - [2011/02/15 11:09:08 | 000,064,056 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\pdfsd.sys -- (PDVFSDriver)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2008/06/24 07:52:20 | 000,032,384 | R--- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2007/02/16 22:29:40 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/16 22:06:42 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/16 22:02:56 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\clusdisk.sys -- (ClusDisk)
DRV - [2007/02/16 21:51:18 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2005/01/31 18:20:50 | 000,071,040 | R--- | M] (Linksys, A Division of Cisco Systems, Inc ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EG1032xp.sys -- (RTL8023xp)
DRV - [2004/11/08 11:38:44 | 000,093,847 | R--- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aacmgt.sys -- (AACmgt)
DRV - [2003/03/24 13:54:06 | 000,343,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/softAdmin.htm
IE - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/softAdmin.htm
IE - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2013/02/19 19:11:29 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2003/03/25 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe File not found
O4 - HKLM..\RunOnce: [Z1] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\administrator\Start Menu\Programs\Startup\IVM.lnk = C:\ivupdate\IVM.exe ()
O4 - Startup: C:\Documents and Settings\administrator.HEDRICK\Start Menu\Programs\Startup\IVM.lnk = C:\ivupdate\IVM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O15 - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2052151345-2250342621-3819923535-500\..Trusted Domains: tightvnc.com ([www] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130793298742 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130864858964 (MUWebControl Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B}
https://securemeeting.schwab.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A6917D6-9F29-4112-82B9-EFBCB75C1A95}: NameServer = 192.168.1.5,192.168.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3038AF57-FF8E-4D1E-9C07-3C361292061E}: NameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D30A9A8-A4BF-4B83-8AC8-759AEF697CBC}: NameServer = 192.168.1.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/31 12:45:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/09 14:04:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/03/09 14:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Desktop\3-10-2013 Virus work
[2013/03/09 13:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Desktop\RK_Quarantine
[2007/12/23 08:58:18 | 000,140,824 | ---- | C] (MAPILab Ltd. & Add-in Express Ltd.) -- C:\Program Files\Common Files\secman.dll
========== Files - Modified Within 30 Days ==========
[2013/03/09 14:04:10 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/03/09 06:04:04 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\SDD_Backup Download - catch any late files.job
[2013/03/09 05:30:04 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\SDD_Daily Download.job
[2013/03/08 19:37:10 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\PC-Fri.job
[2013/03/08 19:25:20 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\restart_SPT.job
[2013/03/08 12:00:05 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{a3266a68-4a07-11da-ac22-806e6f6e6963}.job
[2013/03/08 12:00:01 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{a3266a67-4a07-11da-ac22-806e6f6e6963}.job
[2013/03/07 19:36:58 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\PC-Thur.job
[2013/03/06 19:36:52 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\PC-Wed.job
[2013/03/05 19:36:58 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\PC-Tue.job
[2013/03/04 19:36:55 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\PC-Mon.job
[2013/03/03 19:37:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\PC-Sun.job
[2013/03/02 19:37:21 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\PC-Sat.job
[2013/02/19 19:15:55 | 000,827,746 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/19 19:15:55 | 000,203,310 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/19 19:13:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/19 19:10:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/14 03:37:42 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 03:12:40 | 000,003,423 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/11 13:43:35 | 000,012,946 | ---- | M] () -- C:\WINDOWS\HYS.INI
========== Files Created - No Company Name ==========
[2013/03/09 14:04:10 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/01/10 03:41:51 | 000,068,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/17 07:17:22 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_regtlb.dll
[2011/08/31 09:57:04 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\administrator\Restart_SPT.bat
[2011/05/18 09:15:12 | 000,075,416 | ---- | C] () -- C:\WINDOWS\System32\PDVFSNP.dll
[2010/04/23 08:41:12 | 000,004,343 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/01/08 10:38:42 | 000,741,376 | ---- | C] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\filesync.metadata
[2005/10/31 13:31:56 | 000,004,412 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
========== ZeroAccess Check ==========
[2005/10/31 12:43:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007/12/21 14:28:05 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 03:02:57 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2007/02/17 06:03:19 | 000,278,016 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/06/24 13:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\CRM Software
[2009/08/05 12:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Juniper Networks
[2009/08/05 12:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/03/12 14:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Schwab Performance Technologies
========== Purity Check ==========
< End of report >