Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search links redirect to Scour Search


  • This topic is locked This topic is locked
16 replies to this topic

#1 bdeandel

bdeandel

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 16 July 2010 - 03:27 PM

Have run Malwarebytes and clean a bunch of stuff. That seems to have fixed the majority of the problems. Then ran tdsskiller.exe which found a rootkit and clean it up. Now both of these seem to indicate that there are no prolems but I am still getting redirected from search results using google.


DDS (Ver_10-03-17.01) - NTFSx86
Run by bdean at 15:54:08.60 on Fri 07/16/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2974 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\itlm\tlmagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\iprntctl.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Novell\iFolder\trayapp.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\BDEAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://intranet.wlgore.com
uInternet Connection Wizard,ShellNext = hxxp://genie.wlgore.com/
uInternet Settings,ProxyServer = 157.204.22.4:8080
uInternet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t global network client\NetSP.exe" -show
mRun: [NWTRAY] NWTRAY.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NDPS] c:\windows\system32\dpmw32.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AGNS_Config] nircmd execmd c:\windows\ATT_Config.cmd
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Pistolstar_SSO] "c:\program files\pistolstar\password power client\APOSSO.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "c:\documents and settings\bdean\desktop\unlocker1.8.8-portable\UnlockerAssistant.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Slirixan] rundll32.exe "c:\windows\iquregadaga.dll",Startup
mExplorerRun: [1] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\prox.cmd GPRUN"
mExplorerRun: [2] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
mExplorerRun: [3] nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\ScreenSaver.cmd"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\novell~1.lnk - c:\program files\novell\ifolder\trayapp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoPublishingWizard = 1 (0x1)
mPolicies-explorer: NoWebServices = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} - hxxps://cpc.on.intercall.com/confmgr/installs/ICWMInstall.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255663601550
DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} - hxxp://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://128.255.26.210/activex/AxisCamControl.cab
DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://e1.wlgore.com/jde/axctls/jdewebctlsU.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://aprpt01.wlgore.com/viewer/activeXViewer/activexviewer.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} - hxxp://chipsndip/CHipsNDip1/Activex/NWSess.ocx
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
LSA: Authentication Packages = msv1_0 nwv1_0

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-14 343920]
R0 NifFltr;NifFltr;c:\windows\system32\drivers\niffltr.sys [2006-9-27 25300]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1980-1-1 17968]
R1 enstart_;enstart_;c:\windows\system32\enstart_.sys [2009-10-15 25472]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2009-1-14 34592]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]
R2 CITMDRV;CITMDRV;c:\windows\system32\drivers\CITMDRV.SYS [2010-3-24 10752]
R2 enstart;enstart;c:\windows\system32\enstart.exe -s --> c:\windows\system32\enstart.exe -s [?]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\ibm\lotus\notes\nsd.exe [2009-9-29 3397000]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-24 70728]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2006-5-9 167936]
R2 tlmagent;IBM License Metric Tool and Tivoli Asset Discover Agent;c:\windows\itlm\tlmagent.exe [2010-3-24 897024]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2006-1-6 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2007-1-10 61440]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-8 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-9-16 32808]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-15 244368]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-14 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-14 43288]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S2 hpdj00;hpdj00;c:\docume~1\bdean\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp deskjet 3840 series -product=3840 --> c:\docume~1\bdean\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 3840 Series -product=3840 [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-24 66600]
S3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys --> c:\windows\system32\drivers\vmci.sys [?]
S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys --> c:\windows\system32\drivers\vmmouse.sys [?]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys --> c:\windows\system32\drivers\vmx_svga.sys [?]
S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys --> c:\windows\system32\drivers\vmxnet.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2010-07-16 19:30:00 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-16 19:30:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-16 16:51:12 0 d-----w- c:\docume~1\bdean\applic~1\smkits
2010-07-16 15:25:20 2 --shatr- c:\windows\winstart.bat
2010-07-16 15:25:03 0 d-----w- c:\program files\UnHackMe
2010-07-16 14:24:06 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-14 04:16:47 54016 ----a-w- c:\windows\system32\drivers\cmco.sys
2010-07-14 04:01:34 120 ----a-w- c:\windows\Dregebevamik.dat
2010-07-14 04:01:34 0 ----a-w- c:\windows\Gnayohek.bin
2010-06-22 12:57:28 0 d--h--w- c:\windows\system32\GroupPolicy.WksCache
2010-06-22 12:57:28 0 d--h--w- c:\windows\system32\GroupPolicy
2010-06-21 14:06:15 0 d--h--w- c:\windows\system32\GroupPolicy.WMOriginal2
2010-06-17 01:20:27 0 d-----w- c:\program files\Yahoo!

==================== Find3M ====================

2010-07-16 15:33:19 56960 ----a-w- c:\windows\system32\drivers\aic78xx.sys
2010-07-16 05:47:01 246401 ----a-w- c:\windows\system32\nvModes.dat
2010-05-24 15:16:20 63516 ----a-w- c:\windows\Global_Variables.cmd
2010-05-04 12:39:27 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 06:34:15 1860352 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 06:34:15 1860352 ----a-w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-10-19 19:18:20 31 ----a-w- c:\program files\Notes.ini

============= FINISH: 15:54:56.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:39 PM

Posted 23 July 2010 - 07:34 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 23 July 2010 - 09:42 AM

OTL logfile created on: 7/23/2010 10:36:03 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\BDEAN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.86 Gb Total Space | 85.04 Gb Free Space | 57.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 20.00 Gb Total Space | 5.87 Gb Free Space | 29.33% Space Free | Partition Type: NTFS

Computer Name: CH-BDEAN-L1
Current User Name: BDEAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/23 10:35:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BDEAN\Desktop\OTL.exe
PRC - [2010/06/24 08:29:15 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2010/03/24 10:26:05 | 000,897,024 | ---- | M] () -- c:\WINDOWS\itlm\tlmagent.exe
PRC - [2010/01/06 21:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/01/06 21:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/01/06 21:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/01/06 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/12/04 15:08:06 | 000,057,344 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntlgn.exe
PRC - [2009/12/04 15:08:06 | 000,053,248 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntctl.exe
PRC - [2009/10/20 01:11:52 | 000,616,712 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/09/29 12:30:00 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
PRC - [2009/09/29 12:29:38 | 000,015,752 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\ntaskldr.exe
PRC - [2009/09/29 12:29:06 | 003,397,000 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe
PRC - [2009/09/29 12:27:56 | 001,676,680 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\nlnotes.exe
PRC - [2009/09/25 17:54:24 | 000,079,120 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
PRC - [2009/09/22 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/22 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/23 11:08:10 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/23 11:08:10 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe
PRC - [2008/12/21 12:48:50 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/12/16 10:41:44 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/10/09 11:31:02 | 000,562,456 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
PRC - [2008/09/16 20:03:50 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/08/28 15:20:22 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/04/13 23:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 10:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/10/25 20:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/04 10:37:20 | 000,392,704 | ---- | M] (Novell, Inc) -- C:\Program Files\Novell\ZENworks\NalAgent.exe
PRC - [2007/02/20 13:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2007/02/07 11:03:18 | 000,152,128 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WM.EXE
PRC - [2007/01/10 13:52:02 | 000,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\Novell\xtagent.exe
PRC - [2006/09/27 15:46:22 | 000,266,317 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\iFolder\trayapp.exe
PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/06/13 08:57:30 | 000,012,224 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
PRC - [2006/06/13 08:52:18 | 000,113,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
PRC - [2006/05/12 11:04:46 | 000,582,648 | ---- | M] (RealVNC Ltd.) -- C:\Documents and Settings\BDEAN\Desktop\vncviewer.exe
PRC - [2006/05/09 11:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
PRC - [2004/08/04 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2004/05/17 15:27:28 | 000,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe
PRC - [2004/05/14 07:10:00 | 002,277,376 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
PRC - [2004/05/14 07:10:00 | 000,025,088 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
PRC - [2004/03/05 08:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2002/03/12 11:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


========== Modules (SafeList) ==========

MOD - [2010/07/23 10:35:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BDEAN\Desktop\OTL.exe
MOD - [2008/04/13 23:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\BDEAN\LOCALS~1\Temp\hpdj00.exe -- (hpdj00)
SRV - [2010/03/24 10:26:05 | 000,897,024 | ---- | M] () [Auto | Running] -- c:\windows\itlm\tlmagent.exe -- (tlmagent)
SRV - [2010/01/06 21:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 21:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/10/15 14:16:52 | 000,737,280 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\enstart.exe -- (enstart)
SRV - [2009/09/29 12:30:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2009/09/29 12:29:06 | 003,397,000 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/02/23 11:08:10 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe -- (STacSV)
SRV - [2008/10/09 11:31:02 | 000,562,456 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe -- (netcfgsvr)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/06/25 06:03:00 | 000,028,672 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2007/02/07 11:03:18 | 000,152,128 | ---- | M] (Novell, Inc.) [Unknown | Running] -- C:\Program Files\Novell\ZENworks\WM.EXE -- (ZFDWM)
SRV - [2007/01/10 13:52:02 | 000,061,440 | ---- | M] (Novell, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\Novell\xtagent.exe -- (XTAgent)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/06/13 08:52:18 | 000,113,152 | ---- | M] (Novell, Inc.) [Unknown | Running] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
SRV - [2006/05/09 11:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) [Unknown | Running] -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent)
SRV - [2004/08/04 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/04 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/04 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/03/05 08:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmxnet.sys -- (vmxnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmx_svga.sys -- (vmx_svga)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmmouse.sys -- (vmmouse)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2010/01/06 21:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 21:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 21:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 21:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 21:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/12/04 15:17:48 | 000,034,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2009/10/15 14:16:52 | 000,025,472 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\enstart_.sys -- (enstart_)
DRV - [2009/06/26 17:40:37 | 000,010,752 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CITMDRV.SYS -- (CITMDRV)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/02/23 11:08:10 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/01/30 04:45:00 | 006,252,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/12/16 15:41:44 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/10/28 20:53:53 | 000,017,968 | R--- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2008/10/09 11:35:56 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2008/10/09 11:35:38 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2008/10/09 11:35:00 | 000,221,568 | R--- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2008/08/01 00:39:26 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/24 18:42:48 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/15 08:11:58 | 000,318,488 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/06/02 14:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/06/02 14:42:50 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
DRV - [2008/05/08 16:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/05/08 16:52:54 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/05/08 16:52:50 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 18:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 16:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/04 16:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/06/25 06:03:00 | 000,506,159 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2007/06/25 06:03:00 | 000,160,209 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2007/06/25 06:03:00 | 000,043,280 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2007/06/25 06:03:00 | 000,039,731 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2007/06/25 06:03:00 | 000,038,416 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Nicm.sys -- (NICM)
DRV - [2007/06/25 06:03:00 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2007/06/25 06:03:00 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2007/06/25 06:03:00 | 000,020,332 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2007/06/25 06:03:00 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2007/06/25 06:03:00 | 000,015,891 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2007/06/25 06:03:00 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2007/06/25 06:03:00 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/12/12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/09/27 15:46:36 | 000,025,300 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\niffltr.sys -- (NifFltr)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/03/03 16:08:22 | 000,009,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WNTHW.SYS -- (WNTHW)
DRV - [2005/12/21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/05/23 15:47:18 | 000,006,899 | ---- | M] (Novell Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\blankscr.sys -- (BlankScr)
DRV - [2005/05/23 15:11:14 | 000,002,773 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Darpan.sys -- (Darpan)
DRV - [2005/05/13 21:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2004/08/04 06:29:28 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/17 20:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 20:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3542245194-2364831464-1968421150-1196\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.wlgore.com
IE - HKU\S-1-5-21-3542245194-2364831464-1968421150-1196\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3542245194-2364831464-1968421150-1196\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
IE - HKU\S-1-5-21-3542245194-2364831464-1968421150-1196\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 157.204.22.4:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{9A160745-7A0E-4ABC-9E56-D7B7D819B638}: C:\Documents and Settings\BDEAN\Local Settings\Application Data\{9A160745-7A0E-4ABC-9E56-D7B7D819B638} [2010/07/16 09:21:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3542245194-2364831464-1968421150-1196\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AGNS_Config] C:\WINDOWS\System32\nircmd.exe (NirSoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Pistolstar_SSO] C:\Program Files\Pistolstar\Password Power Client\APOSSO.exe (Pistolstar, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\BDEAN\Desktop\unlocker1.8.8-portable\UnlockerAssistant.exe File not found
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe File not found
O4 - HKU\S-1-5-21-3542245194-2364831464-1968421150-1196..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe (Novell, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\prox.cmd GPRUN"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2 = nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 3 = nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\ScreenSaver.cmd"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3542245194-2364831464-1968421150-1196\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} https://cpc.on.intercall.com/confmgr/instal...ICWMInstall.cab (ICWMInstallObj Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} http://download.microsoft.com/download/7/1...20/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1255663601550 (MUWebControl Class)
O16 - DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} http://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx (Novell User Group Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://128.255.26.210/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} http://e1.wlgore.com/jde/axctls/jdewebctlsU.cab (JDEWebRTFEditU Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://aprpt01.wlgore.com/viewer/activeXVi...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} http://chipsndip/CHipsNDip1/Activex/NWSess.ocx (Novell Session Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 157.204.84.63 157.204.7.84 157.204.47.53 157.204.7.170 157.204.7.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = use.wlgore.com
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGina.dll) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop Components:0 () - C:\Documents and Settings\BDEAN\My Documents\My Pictures\lake-powell-sunset-portrait-photography.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\BDEAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BDEAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/04 19:09:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{090f970c-0442-11df-9c9a-0c60763fe040}\Shell - "" = AutoRun
O33 - MountPoints2\{090f970c-0442-11df-9c9a-0c60763fe040}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{090f970c-0442-11df-9c9a-0c60763fe040}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3542245194-2364831464-1968421150-1196\...exe [@ = exefile] -- Reg Error: Value error. File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66DA9ADD-B1C4-4891-84D6-706E216B411B} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
ActiveX: {6803DF8A-43CE-4E52-B455-0B9B09D6E2D1} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
ActiveX: {964C8238-245C-4475-BB6E-D19D2C1220F2} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/23 10:35:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BDEAN\Desktop\OTL.exe
[2010/07/23 08:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Application Data\smkits
[2010/07/22 09:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\Deployment
[2010/07/21 09:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/07/16 15:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Desktop\gmer
[2010/07/16 15:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/16 15:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/16 15:28:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\BDEAN\Desktop\spybotsd162.exe
[2010/07/16 11:31:26 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\BDEAN\Desktop\tdsskiller.exe
[2010/07/16 11:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\My Documents\RegRun2
[2010/07/16 11:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/07/16 09:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\cujgfyntv
[2010/07/16 09:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 00:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/14 00:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\{9A160745-7A0E-4ABC-9E56-D7B7D819B638}
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/23 10:35:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BDEAN\Desktop\OTL.exe
[2010/07/23 10:20:24 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\BDEAN\NTUSER.DAT
[2010/07/23 09:47:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/23 09:41:08 | 000,000,593 | ---- | M] () -- C:\WINDOWS\msg_mgr.ini
[2010/07/23 09:41:07 | 000,000,303 | ---- | M] () -- C:\WINDOWS\attwktop.ini
[2010/07/23 09:37:30 | 000,001,826 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\Default.rdp
[2010/07/23 08:47:19 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\BDEAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Crystal Reports XI Release 2.lnk
[2010/07/23 08:47:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/23 08:20:32 | 000,246,401 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/22 15:57:42 | 000,246,401 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/22 10:19:18 | 000,085,288 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/22 10:00:12 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\BDEAN\ntuser.pol
[2010/07/21 23:04:04 | 000,592,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/21 23:04:04 | 000,492,106 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 23:04:04 | 000,089,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/21 22:46:26 | 000,201,679 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/21 22:45:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/21 22:45:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/21 22:45:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/21 22:44:56 | 3745,406,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/21 22:39:09 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\BDEAN\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Global Network Client.lnk
[2010/07/21 08:46:49 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Enable-WSUS.$$$
[2010/07/21 08:46:42 | 000,000,004 | ---- | M] () -- C:\WINDOWS\DISABLE-GHOSTBACKUP.$$$
[2010/07/21 08:46:41 | 000,000,004 | ---- | M] () -- C:\WINDOWS\ENABLE-NALFORCERUN.$$$
[2010/07/21 08:46:39 | 000,000,004 | ---- | M] () -- C:\WINDOWS\ENABLE-FIREWALLON.$$$
[2010/07/21 08:46:35 | 000,000,004 | ---- | M] () -- C:\WINDOWS\ENABLE-SECBANNER.$$$
[2010/07/16 18:03:53 | 000,000,197 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/16 17:38:27 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\Spybot - Search & Destroy.lnk
[2010/07/16 17:28:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dregebevamik.dat
[2010/07/16 15:36:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\gmer.zip
[2010/07/16 15:28:47 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\BDEAN\Desktop\spybotsd162.exe
[2010/07/16 15:21:25 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\dds.scr
[2010/07/16 11:31:32 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\BDEAN\Desktop\tdsskiller.exe
[2010/07/16 11:25:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/16 11:25:20 | 000,001,754 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/16 11:25:20 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/07/16 11:24:17 | 009,760,506 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\unhackme.zip
[2010/07/16 10:31:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\BDEAN\ntuser.ini
[2010/07/16 10:24:06 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/16 08:50:46 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\spam001.exe
[2010/07/16 01:29:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Gnayohek.bin
[2010/07/14 13:14:44 | 000,001,752 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/14 00:16:48 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cmco.sys
[2010/07/12 09:53:57 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\SupplierLot_Receipt_RMS743_RMS426_RMS443_RMS444_20100712.xls
[2010/07/09 11:42:11 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\RMS426_RMS443_RMS444_MaterialUsage_20100709.xls
[2010/07/09 08:17:14 | 003,720,958 | -H-- | M] () -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\IconCache.db
[2010/07/08 18:40:15 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\RMS652_SupplierDataNotCollected.xls
[2010/07/08 09:52:27 | 000,040,365 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric2.pdf
[2010/07/08 09:11:51 | 000,039,488 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric.pdf
[2010/07/06 13:42:33 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\Large Ext ParameterGroups not changed yet.xls
[2010/07/03 15:56:31 | 000,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/02 12:26:21 | 000,044,140 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\TC40001791.pdf
[2010/07/01 19:54:20 | 000,039,379 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\TC40004550.pdf
[2010/06/26 12:46:30 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\asasrv.ini
[2010/06/25 22:10:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/16 15:36:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\gmer.zip
[2010/07/16 15:30:07 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\Spybot - Search & Destroy.lnk
[2010/07/16 15:21:21 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\dds.scr
[2010/07/16 11:25:20 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/07/16 11:24:04 | 009,760,506 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\unhackme.zip
[2010/07/16 10:35:07 | 3745,406,976 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/16 10:24:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/16 08:50:46 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\spam001.exe
[2010/07/14 00:16:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmco.sys
[2010/07/14 00:01:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dregebevamik.dat
[2010/07/14 00:01:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gnayohek.bin
[2010/07/12 09:53:57 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\SupplierLot_Receipt_RMS743_RMS426_RMS443_RMS444_20100712.xls
[2010/07/09 11:42:11 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\RMS426_RMS443_RMS444_MaterialUsage_20100709.xls
[2010/07/08 18:40:15 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\RMS652_SupplierDataNotCollected.xls
[2010/07/08 09:46:07 | 000,040,365 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric2.pdf
[2010/07/08 09:11:40 | 000,039,488 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric.pdf
[2010/07/06 13:42:33 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\Large Ext ParameterGroups not changed yet.xls
[2010/07/02 11:24:25 | 000,044,140 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\TC40001791.pdf
[2010/07/01 19:54:20 | 000,039,379 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\TC40004550.pdf
[2010/05/19 16:33:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2010/05/19 16:33:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2010/05/19 16:33:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2010/04/07 08:19:56 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\npnipp.dll
[2010/03/31 02:11:25 | 000,004,001 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2010/03/24 10:26:18 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\CITMDRV.SYS
[2010/03/24 10:26:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\swdis.ini
[2010/03/15 12:54:03 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2010/03/15 12:54:01 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2009/11/24 19:48:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/10/19 19:34:09 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/19 09:32:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/10/19 09:32:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/10/19 09:31:58 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/10/19 09:31:58 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/10/19 09:31:57 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/10/15 14:18:28 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/10/15 14:18:28 | 000,000,197 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/15 14:13:40 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/15 14:13:39 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/04/22 04:24:22 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/22 04:24:20 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/22 04:23:50 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/22 04:23:40 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/14 10:55:49 | 000,034,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2009/01/14 10:21:40 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/08/29 19:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/08/16 16:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2007/04/04 22:47:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINSETUP.INI
[2006/10/02 18:14:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\asasrv.ini
[2006/09/27 15:46:36 | 000,025,300 | ---- | C] () -- C:\WINDOWS\System32\drivers\niffltr.sys
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/01/06 05:37:38 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/09/24 01:25:02 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IMGFX6MU.DLL
[2005/09/24 01:09:53 | 000,001,752 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/05 00:47:21 | 000,000,593 | ---- | C] () -- C:\WINDOWS\msg_mgr.ini
[2005/03/05 00:47:21 | 000,000,303 | ---- | C] () -- C:\WINDOWS\attwktop.ini
[2005/03/05 00:31:05 | 000,003,698 | ---- | C] () -- C:\WINDOWS\System32\iprint.ini
[2005/03/04 23:37:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2005/03/04 23:37:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2005/03/04 23:37:10 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2005/03/04 23:37:08 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2005/03/04 23:37:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2005/03/04 23:37:04 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2005/03/04 23:36:58 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2005/03/04 23:36:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2005/03/04 23:36:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2005/03/04 23:29:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/04 21:22:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/17 04:39:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
[2004/03/17 04:38:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll
[2002/04/17 15:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[1999/08/07 02:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 23:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 23:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 23:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 23:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/11/15 09:37:52 | 000,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\oracle\product\10.2.0\client_1\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTOR.SYS >
[2008/06/15 08:11:58 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\drivers\Chipset\Storage\IaStor.sys
[2008/06/15 09:11:58 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\drivers\Storage\onboard\IaStor.sys
[2008/06/15 08:11:58 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 23:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 23:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 23:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 23:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 23:41:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2010/05/04 13:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 13:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/04 13:20:36 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/03/04 18:51:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/04 18:51:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/04 18:51:02 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/16 11:33:19 | 000,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aic78xx.sys
[2010/07/14 00:16:48 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\cmco.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< End of report >


OTL Extras logfile created on: 7/23/2010 10:04:34 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\BDEAN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.86 Gb Total Space | 85.03 Gb Free Space | 57.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1054.04 Gb Total Space | 102.72 Gb Free Space | 9.75% Space Free | Partition Type: NWFS
Drive P: | 1404.78 Gb Total Space | 266.84 Gb Free Space | 19.00% Space Free | Partition Type: NWFS
Drive T: | 233.68 Gb Total Space | 82.43 Gb Free Space | 35.28% Space Free | Partition Type: NWFS
Drive V: | 20.00 Gb Total Space | 5.87 Gb Free Space | 29.33% Space Free | Partition Type: NTFS
Drive W: | 1057.28 Gb Total Space | 100.82 Gb Free Space | 9.54% Space Free | Partition Type: NWFS
Drive Z: | 233.68 Gb Total Space | 82.43 Gb Free Space | 35.28% Space Free | Partition Type: NWFS

Computer Name: CH-BDEAN-L1
Current User Name: BDEAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3542245194-2364831464-1968421150-1196\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Command Prompt Here] -- cmd.exe /k cd ""%1"" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Print_Directory_Listing] -- printdir.bat "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"4500:UDP" = 4500:UDP:*:Enabled:IPsec (IKE NAT-T)
"500:UDP" = 500:UDP:*:Enabled:IPsec (IKE)
"135:TCP" = 135:TCP:*:Enabled:RPC Endpoint Mapper and DCOM infrastructure

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe" = C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe:*:Enabled:Microsoft Visual Studio -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe" = C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe:*:Enabled:Lotus Notes -- (IBM)
"C:\WINDOWS\system32\dpmw32.exe" = C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener -- (Novell, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\DPMW32.EXE" = C:\WINDOWS\System32\DPMW32.EXE:*:Enabled:NDPS RPM & Notification Listener -- (Novell, Inc.)
"C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe" = C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe:*:Enabled:ZenRem32.exe -- (Novell, Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04D72A75-8133-4450-A3E9-559DBD6D89C5}" = ZENworks Desktop Management Agent
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2019AFFE-E71F-4BA3-9AC4-4BAC6641ED91}" = AT&T Global Network Client Managed VPN Edition
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{2513A1E3-4409-49BB-A437-11D7D78096CF}" = Camstar InSite
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{393611AC-7D4D-4F76-84F8-54673FBC7C7F}" = Infragistics NetAdvantage for Windows Forms 2006 Vol. 2 CLR 2.0
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{55c8fb47-e61e-4a1c-be9d-ab1db576b016}" = Infragistics NetAdvantage 2006 Vol. 2 CLR 2.0 HotFix - Build.1045
"{5be4ab41-2776-4eb6-8f5a-e1dd0e72e206}" = Infragistics NetAdvantage 2006 Vol. 2 CLR 2.0 HotFix - Build.1079
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5FE1E412-D114-46E8-A891-5BE087B256A5}" = MVision
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E21ADA2-1084-4BC2-8E05-6D108D464C24}" = Infragistics NetAdvantage for ASP.NET 2006 Vol. 2 CLR 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7B563F0E-C8E1-44B7-989A-127D3A0C95BF}" = Camstar InSite Hotfix 42303
"{7C983C8C-A622-4C84-A2A6-9AF3CE876AB3}" = Novell iFolder 2.1.8
"{836670E9-61EB-4D47-9EF8-CFE936C3FE32}" = Lotus Notes 8.5.1
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{94FB0978-D094-40C7-91D7-834D39220D4A}" = Crystal Reports XI Release 2
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9FA0AE10-D17F-4F66-9322-35AA145AAEE7}" = Infragistics NetAdvantage for .NET 2006 Vol. 2 CLR 2.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7CA6CC5-465B-41F8-96B5-F66BDF4482C7}" = VZAccess Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C18D2775-33F4-4CE9-B071-4ECC78DA5E11}" = ILMT-TAD4D Agent 7.2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D9FFE006-E043-4463-A3A0-D10B58A8314F}" = Password Power 8 Client
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E37E645E-4A0C-4D9E-B30A-7B19E797E743}" = BlackBerry USB Drivers
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)
"{FC58C04A-182C-4F21-9EC8-1B77D73DB68F}" = Cisco WebEx Meeting Center for Internet Explorer
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Avaya Message Manager" = Avaya Message Manager
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DiMAGE E500 Driver" = DiMAGE E500 Driver
"HTML Help Workshop" = HTML Help Workshop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2513A1E3-4409-49BB-A437-11D7D78096CF}" = Camstar InSite
"InstallShield_{7B563F0E-C8E1-44B7-989A-127D3A0C95BF}" = Camstar InSite Hotfix 42303
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{C18D2775-33F4-4CE9-B071-4ECC78DA5E11}" = ILMT-TAD4D Agent 7.2
"Java Web Start" = Java Web Start
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"Novell iPrint Client" = Novell iPrint Client v05.32.00
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"PDF-XChange 3 Pro_is1" = PDF-XChange 3.5 Pro
"Punch! Professional Home Design" = Punch! Professional Home Design
"SnagIt7" = SnagIt 7
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"stax-Pinnacle_is1" = SureThing Express Labeler
"Tweak UI 2.10" = Tweak UI
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3542245194-2364831464-1968421150-1196\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2010 10:34:55 PM | Computer Name = CH-BDEAN-L1 | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

Error - 7/21/2010 10:39:28 PM | Computer Name = CH-BDEAN-L1 | Source = SSO | ID = 258
Description = PistolStar PwdMgt Error psGetFullDN(), Unable to perform anonymous
LDAP bind - Error 81: Can't contact LDAP server.

Error - 7/21/2010 10:39:28 PM | Computer Name = CH-BDEAN-L1 | Source = SSO | ID = 258
Description = PistolStar PwdMgt Error processLogin(), Unable to get user's full
DN for bind.

Error - 7/21/2010 10:45:01 PM | Computer Name = CH-BDEAN-L1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/21/2010 10:45:02 PM | Computer Name = CH-BDEAN-L1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/21/2010 10:45:27 PM | Computer Name = CH-BDEAN-L1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/22/2010 8:23:22 AM | Computer Name = CH-BDEAN-L1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/22/2010 9:23:40 PM | Computer Name = CH-BDEAN-L1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 7/22/2010 9:23:40 PM | Computer Name = CH-BDEAN-L1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 7/23/2010 8:20:32 AM | Computer Name = CH-BDEAN-L1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 7/22/2010 10:00:21 PM | Computer Name = CH-BDEAN-L1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain USE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/22/2010 10:01:25 PM | Computer Name = CH-BDEAN-L1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'usentp01.wlgore.com'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/22/2010 10:01:25 PM | Computer Name = CH-BDEAN-L1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/22/2010 10:16:28 PM | Computer Name = CH-BDEAN-L1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'usentp01.wlgore.com'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/22/2010 10:16:28 PM | Computer Name = CH-BDEAN-L1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 7/22/2010 10:46:28 PM | Computer Name = CH-BDEAN-L1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'usentp01.wlgore.com'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/22/2010 10:46:28 PM | Computer Name = CH-BDEAN-L1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 7/22/2010 11:46:28 PM | Computer Name = CH-BDEAN-L1 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'usentp01.wlgore.com'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/22/2010 11:46:28 PM | Computer Name = CH-BDEAN-L1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 7/23/2010 8:20:27 AM | Computer Name = CH-BDEAN-L1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain USE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >





#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:39 PM

Posted 23 July 2010 - 04:46 PM

Hi,

the machine looks a lock like a business machine, is that the case?

You have a proxy set up and a couple of odd startup entries as well, before I take any action I would like to be sure that this is your PC.

Are you still experiencing redirects? Both in IE and Firefox?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 23 July 2010 - 04:52 PM

Yes...this is my computer that I use at work, so it does have some proxy settings when I am at work and there are some forced startup settings. The pop ups seem to have subsided. Does there appear to be anything that may be lurking.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:39 PM

Posted 23 July 2010 - 05:19 PM

Hi,

there seem to be some leftovers so I would like you to check some out:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\WINDOWS\system32\drivers\cmco.sys
C:\WINDOWS\System32\enstart.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 24 July 2010 - 09:54 AM

Filename: enstart.exe
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sat 24 Jul 2010 16:43:34 (CET) Permalink

This is the result of the cmco.sys scan, but it says the filename is ejidty.sys...it says no problem found, but strange that the name is different
Filename: ejidty.sys
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sun 18 Jul 2010 00:47:23 (CET) Permalink

Here is the results from the VirusTotal scan of this file:

File cmco.sys received on 2010.07.24 14:48:49 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 3/42 (7.15%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2010.07.24.01 2010.07.23 -
AntiVir 8.2.4.26 2010.07.23 -
Antiy-AVL 2.0.3.7 2010.07.23 -
Authentium 5.2.0.5 2010.07.24 -
Avast 4.8.1351.0 2010.07.24 -
Avast5 5.0.332.0 2010.07.24 -
AVG 9.0.0.851 2010.07.24 -
BitDefender 7.2 2010.07.24 -
CAT-QuickHeal 11.00 2010.07.24 -
ClamAV 0.96.0.3-git 2010.07.24 -
Comodo 5522 2010.07.23 -
DrWeb 5.0.2.03300 2010.07.24 -
Emsisoft 5.0.0.34 2010.07.24 Trojan.Win32.Agent!A2
eSafe 7.0.17.0 2010.07.22 Win32.TrojanHorse
eTrust-Vet 36.1.7734 2010.07.24 -
F-Prot 4.6.1.107 2010.07.24 -
F-Secure 9.0.15370.0 2010.07.24 -
Fortinet 4.1.143.0 2010.07.24 -
GData 21 2010.07.24 -
Ikarus T3.1.1.84.0 2010.07.24 -
Jiangmin 13.0.900 2010.07.24 -
Kaspersky 7.0.0.125 2010.07.24 -
McAfee 5.400.0.1158 2010.07.24 -
McAfee-GW-Edition 2010.1 2010.07.23 -
Microsoft 1.6004 2010.07.24 -
NOD32 5308 2010.07.24 -
Norman 6.05.11 2010.07.24 -
nProtect 2010-07-24.02 2010.07.24 -
Panda 10.0.2.7 2010.07.24 -
PCTools 7.0.3.5 2010.07.24 -
Prevx 3.0 2010.07.24 High Risk Cloaked Malware
Rising 22.57.03.08 2010.07.23 -
Sophos 4.55.0 2010.07.24 -
Sunbelt 6631 2010.07.24 -
SUPERAntiSpyware 4.40.0.1006 2010.07.24 -
Symantec 20101.1.1.7 2010.07.24 -
TheHacker 6.5.2.1.324 2010.07.23 -
TrendMicro 9.120.0.1004 2010.07.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.24 -
VBA32 3.12.12.6 2010.07.23 -
ViRobot 2010.7.23.3956 2010.07.24 -
VirusBuster 5.0.27.0 2010.07.23 -
Additional information
File size: 54016 bytes
MD5...: e6d35f3aa51a65eb35c1f2340154a25e
SHA1..: aabbd57e20d2e7041f9e7abce6cfd8a53c366537
SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516
ssdeep: 768:Bosx0q2ph6P2Jpz8ftoSUiJP7hYTCMrhwYKUzY4q:j076P2Jpz8ftBUMPaCM
rhwY

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc505
timedatestamp.....: 0x4a9ee5b5 (Wed Sep 02 21:37:57 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xbd9f 0xbe00 5.83 9474f39576a0e15bdbaa2ea3355f0a4a
.rdata 0xc280 0x126 0x180 3.78 375b710d9f213cfced30e9fdb29567e1
.data 0xc400 0xc0 0x100 0.33 786971ca2b109729eda604b44d6c72ad
INIT 0xc500 0x3c8 0x400 5.20 eea49a93a73afb6afc178455582133c6
.reloc 0xc900 0x9ec 0xa00 6.62 bddd5a40c508bfc84ec87de5f8e6a5d3

( 1 imports )
> ntoskrnl.exe: ZwWriteFile, RtlUpcaseUnicodeChar, ZwClose, ZwCreateFile, RtlInitUnicodeString, _wcsicmp, ZwQueryValueKey, ZwOpenKey, ZwDeleteKey, swprintf, ZwEnumerateKey, ExFreePoolWithTag, DbgPrint, ExAllocatePool, RtlPrefixUnicodeString, memcpy, RtlDeleteRegistryValue, ZwSetValueKey, RtlWriteRegistryValue, ZwEnumerateValueKey, ZwSetInformationFile, ZwQueryInformationFile, ZwQueryDirectoryFile, ZwOpenFile, KeTickCount, KeBugCheck, MmGetSystemRoutineAddress, ZwFlushKey, PsTerminateSystemThread, KeSetPriorityThread, KeGetCurrentThread, RtlCheckRegistryKey, KeDelayExecutionThread, ZwReadFile, PsCreateSystemThread, PsGetVersion, KeBugCheckEx

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CB99356A002065F7D3EC001ED8409400D9D04283' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=CB99356A002065F7D3EC001ED8409400D9D04283</a>


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:39 PM

Posted 24 July 2010 - 03:45 PM

Hi,

the different name usually poinst towards malware. We will remove the file and a couple more leftovers:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    [2010/07/14 00:16:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmco.sys
    [2010/07/14 00:01:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dregebevamik.dat
    [2010/07/14 00:01:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gnayohek.bin
    :files:
    C:\Windows\tasks\at*.job
    :commands
    [emtpytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Do you know what this file is:
C:\Documents and Settings\BDEAN\My Documents\spam001.exe

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 25 July 2010 - 11:23 AM

I have no clue what that spam001.exe file was...I saw it there yesterday and deleted it

========== OTL ==========
C:\WINDOWS\system32\drivers\cmco.sys moved successfully.
C:\WINDOWS\Dregebevamik.dat moved successfully.
C:\WINDOWS\Gnayohek.bin moved successfully.
Error: Unable to interpret <:files:> in the current context!
Error: Unable to interpret <C:\Windows\tasks\at*.job> in the current context!
========== COMMANDS ==========
Error: Unable to interpret <[emtpytemp]> in the current context!

OTL by OldTimer - Version 3.2.9.1 log created on 07252010_121301


OTL logfile created on: 7/25/2010 12:16:56 PM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\BDEAN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.86 Gb Total Space | 84.97 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CH-BDEAN-L1
Current User Name: BDEAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BDEAN\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - c:\WINDOWS\itlm\tlmagent.exe ()
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\iprntctl.exe (Novell, Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\AT&T Global Network Client\NetMsg.exe (AT&T)
PRC - C:\Program Files\AT&T Global Network Client\NetClient.exe (AT&T)
PRC - C:\Program Files\AT&T Global Network Client\netcfgsvr.exe (AT&T)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\Novell\xtagent.exe (Novell, Inc.)
PRC - C:\Program Files\Novell\iFolder\trayapp.exe (Novell, Inc.)
PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe (TechSmith Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\BDEAN\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (hpdj00) -- C:\DOCUME~1\BDEAN\LOCALS~1\Temp\hpdj00.exe File not found
SRV - (tlmagent) -- c:\windows\itlm\tlmagent.exe ()
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (enstart) -- C:\WINDOWS\System32\enstart.exe ()
SRV - (Multi-user Cleanup Service) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Diagnostics) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe (IDT, Inc.)
SRV - (netcfgsvr) -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe (AT&T)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (ZFDWM) -- C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\Novell\xtagent.exe (Novell, Inc.)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (NALNTSERVICE) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (vmxnet) -- C:\WINDOWS\System32\DRIVERS\vmxnet.sys File not found
DRV - (vmx_svga) -- C:\WINDOWS\System32\DRIVERS\vmx_svga.sys File not found
DRV - (vmmouse) -- C:\WINDOWS\System32\DRIVERS\vmmouse.sys File not found
DRV - (vmci) -- C:\WINDOWS\System32\DRIVERS\vmci.sys File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys File not found
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nipplpt2) -- C:\WINDOWS\system32\drivers\nipplpt.sys ()
DRV - (enstart_) -- C:\WINDOWS\system32\enstart_.sys (Guidance Software Inc.)
DRV - (CITMDRV) -- C:\WINDOWS\system32\drivers\CITMDRV.SYS ()
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (vmscsi) -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (agnwifi) -- C:\WINDOWS\system32\drivers\agnwifi.sys (AT&T)
DRV - (avpnnic) -- C:\WINDOWS\system32\drivers\avpnnic.sys (AT&T)
DRV - (agnfilt) -- C:\WINDOWS\system32\drivers\agnfilt.sys (AT&T)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (BCMWLNPF) -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS (CACE Technologies)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\System32\Drivers\Nicm.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH)
DRV - (NifFltr) -- C:\WINDOWS\System32\drivers\niffltr.sys ()
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (WNTHW) -- C:\WINDOWS\system32\drivers\WNTHW.SYS ()
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.wlgore.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 157.204.22.4:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/15 15:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/20 18:12:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9A160745-7A0E-4ABC-9E56-D7B7D819B638}: C:\Documents and Settings\BDEAN\Local Settings\Application Data\{9A160745-7A0E-4ABC-9E56-D7B7D819B638} [2010/07/16 09:21:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AGNS_Config] C:\WINDOWS\System32\nircmd.exe (NirSoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Pistolstar_SSO] C:\Program Files\Pistolstar\Password Power Client\APOSSO.exe (Pistolstar, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\BDEAN\Desktop\unlocker1.8.8-portable\UnlockerAssistant.exe File not found
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe (Novell, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\prox.cmd GPRUN"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2 = nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 3 = nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\ScreenSaver.cmd"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = IMPORTANT Notice:
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = Access to this system is restricted to authorized users only. This system contains information that is considered confidential and proprietary to W. L. Gore & Associates, Inc. By clicking OK, you agree to not disclose the information contained in this system to any third party or to use it for your own use or benefit, without the written permission of W. L. Gore & Associates, Inc.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} https://cpc.on.intercall.com/confmgr/instal...ICWMInstall.cab (ICWMInstallObj Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} http://download.microsoft.com/download/7/1...20/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1255663601550 (MUWebControl Class)
O16 - DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} http://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx (Novell User Group Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://128.255.26.210/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} http://e1.wlgore.com/jde/axctls/jdewebctlsU.cab (JDEWebRTFEditU Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://aprpt01.wlgore.com/viewer/activeXVi...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} http://chipsndip/CHipsNDip1/Activex/NWSess.ocx (Novell Session Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = use.wlgore.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGina.dll) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - C:\Documents and Settings\BDEAN\My Documents\My Pictures\lake-powell-sunset-portrait-photography.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\BDEAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BDEAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/04 19:09:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{090f970c-0442-11df-9c9a-0c60763fe040}\Shell - "" = AutoRun
O33 - MountPoints2\{090f970c-0442-11df-9c9a-0c60763fe040}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{090f970c-0442-11df-9c9a-0c60763fe040}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/25 12:13:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/23 10:35:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BDEAN\Desktop\OTL.exe
[2010/07/22 09:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\Deployment
[2010/07/21 09:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/07/16 15:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Desktop\gmer
[2010/07/16 15:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/16 15:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/16 15:28:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\BDEAN\Desktop\spybotsd162.exe
[2010/07/16 11:31:26 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\BDEAN\Desktop\tdsskiller.exe
[2010/07/16 11:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\My Documents\RegRun2
[2010/07/16 11:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/07/16 09:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\cujgfyntv
[2010/07/16 09:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 00:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/14 00:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\{9A160745-7A0E-4ABC-9E56-D7B7D819B638}
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/25 11:47:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/25 11:12:13 | 000,592,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/25 11:12:13 | 000,492,106 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/25 11:12:13 | 000,089,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/25 11:12:08 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\BDEAN\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Global Network Client.lnk
[2010/07/25 11:09:21 | 000,246,401 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/25 11:09:14 | 000,201,679 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/25 11:08:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 11:08:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/25 11:07:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/25 11:07:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 11:07:43 | 3745,406,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/24 15:33:08 | 000,049,559 | ---- | M] () -- C:\WINDOWS\System32\Odessa_Nat_Map_Proof.jpeg
[2010/07/24 09:59:14 | 000,246,401 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/23 10:56:52 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\BDEAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Crystal Reports XI Release 2.lnk
[2010/07/23 10:35:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BDEAN\Desktop\OTL.exe
[2010/07/23 10:20:24 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\BDEAN\NTUSER.DAT
[2010/07/23 09:41:08 | 000,000,593 | ---- | M] () -- C:\WINDOWS\msg_mgr.ini
[2010/07/23 09:41:07 | 000,000,303 | ---- | M] () -- C:\WINDOWS\attwktop.ini
[2010/07/22 10:19:18 | 000,085,288 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/22 10:00:12 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\BDEAN\ntuser.pol
[2010/07/21 08:46:49 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Enable-WSUS.$$$
[2010/07/21 08:46:42 | 000,000,004 | ---- | M] () -- C:\WINDOWS\DISABLE-GHOSTBACKUP.$$$
[2010/07/21 08:46:41 | 000,000,004 | ---- | M] () -- C:\WINDOWS\ENABLE-NALFORCERUN.$$$
[2010/07/21 08:46:39 | 000,000,004 | ---- | M] () -- C:\WINDOWS\ENABLE-FIREWALLON.$$$
[2010/07/21 08:46:35 | 000,000,004 | ---- | M] () -- C:\WINDOWS\ENABLE-SECBANNER.$$$
[2010/07/16 18:03:53 | 000,000,197 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/16 17:38:27 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\Spybot - Search & Destroy.lnk
[2010/07/16 15:36:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\gmer.zip
[2010/07/16 15:28:47 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\BDEAN\Desktop\spybotsd162.exe
[2010/07/16 15:21:25 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\dds.scr
[2010/07/16 11:31:32 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\BDEAN\Desktop\tdsskiller.exe
[2010/07/16 11:25:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/16 11:25:20 | 000,001,754 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/16 11:25:20 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/07/16 11:24:17 | 009,760,506 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\unhackme.zip
[2010/07/16 10:31:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\BDEAN\ntuser.ini
[2010/07/16 10:24:06 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/14 13:14:44 | 000,001,752 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/12 09:53:57 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\SupplierLot_Receipt_RMS743_RMS426_RMS443_RMS444_20100712.xls
[2010/07/09 11:42:11 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\RMS426_RMS443_RMS444_MaterialUsage_20100709.xls
[2010/07/09 08:17:14 | 003,720,958 | -H-- | M] () -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\IconCache.db
[2010/07/08 18:40:15 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\RMS652_SupplierDataNotCollected.xls
[2010/07/08 09:52:27 | 000,040,365 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric2.pdf
[2010/07/08 09:11:51 | 000,039,488 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric.pdf
[2010/07/06 13:42:33 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\Large Ext ParameterGroups not changed yet.xls
[2010/07/03 15:56:31 | 000,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/02 12:26:21 | 000,044,140 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\TC40001791.pdf
[2010/07/01 19:54:20 | 000,039,379 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\TC40004550.pdf
[2010/06/26 12:46:30 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\asasrv.ini
[2010/06/25 22:10:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/24 15:33:33 | 000,049,559 | ---- | C] () -- C:\WINDOWS\System32\Odessa_Nat_Map_Proof.jpeg
[2010/07/16 15:36:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\gmer.zip
[2010/07/16 15:30:07 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\Spybot - Search & Destroy.lnk
[2010/07/16 15:21:21 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\dds.scr
[2010/07/16 11:25:20 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/07/16 11:24:04 | 009,760,506 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\unhackme.zip
[2010/07/16 10:35:07 | 3745,406,976 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/16 10:24:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/12 09:53:57 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\SupplierLot_Receipt_RMS743_RMS426_RMS443_RMS444_20100712.xls
[2010/07/09 11:42:11 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\RMS426_RMS443_RMS444_MaterialUsage_20100709.xls
[2010/07/08 18:40:15 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\RMS652_SupplierDataNotCollected.xls
[2010/07/08 09:46:07 | 000,040,365 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric2.pdf
[2010/07/08 09:11:40 | 000,039,488 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric.pdf
[2010/07/06 13:42:33 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\Large Ext ParameterGroups not changed yet.xls
[2010/07/02 11:24:25 | 000,044,140 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\TC40001791.pdf
[2010/07/01 19:54:20 | 000,039,379 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\TC40004550.pdf
[2010/05/19 16:33:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2010/05/19 16:33:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2010/05/19 16:33:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2010/04/07 08:19:56 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\npnipp.dll
[2010/03/31 02:11:25 | 000,004,001 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2010/03/24 10:26:18 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\CITMDRV.SYS
[2010/03/24 10:26:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\swdis.ini
[2010/03/15 12:54:03 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2010/03/15 12:54:01 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2009/11/24 19:48:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/10/19 19:34:09 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/19 09:32:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/10/19 09:32:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/10/19 09:31:58 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/10/19 09:31:58 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/10/19 09:31:57 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/10/15 14:18:28 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/10/15 14:18:28 | 000,000,197 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/15 14:13:40 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/15 14:13:39 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/04/22 04:24:22 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/22 04:24:20 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/22 04:23:50 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/22 04:23:40 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/14 10:55:49 | 000,034,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2009/01/14 10:21:40 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/08/29 19:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/08/16 16:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2007/04/04 22:47:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINSETUP.INI
[2006/10/02 18:14:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\asasrv.ini
[2006/09/27 15:46:36 | 000,025,300 | ---- | C] () -- C:\WINDOWS\System32\drivers\niffltr.sys
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/01/06 05:37:38 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/09/24 01:25:02 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IMGFX6MU.DLL
[2005/09/24 01:09:53 | 000,001,752 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/05 00:47:21 | 000,000,593 | ---- | C] () -- C:\WINDOWS\msg_mgr.ini
[2005/03/05 00:47:21 | 000,000,303 | ---- | C] () -- C:\WINDOWS\attwktop.ini
[2005/03/05 00:31:05 | 000,003,698 | ---- | C] () -- C:\WINDOWS\System32\iprint.ini
[2005/03/04 23:37:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2005/03/04 23:37:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2005/03/04 23:37:10 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2005/03/04 23:37:08 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2005/03/04 23:37:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2005/03/04 23:37:04 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2005/03/04 23:36:58 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2005/03/04 23:36:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2005/03/04 23:36:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2005/03/04 23:29:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/04 21:22:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/17 04:39:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
[2004/03/17 04:38:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll
[2002/04/17 15:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[1999/08/07 02:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
< End of report >


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:39 PM

Posted 25 July 2010 - 01:28 PM

Hi,

This is looking good. The google redirects have ceased as well?
please run the following script:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    SRV - (hpdj00) -- C:\DOCUME~1\BDEAN\LOCALS~1\Temp\hpdj00.exe File not found
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 25 July 2010 - 02:29 PM

Yes...I think things are looking good...haven't had a redirect or a popup in a while

All processes killed
========== OTL ==========
Service hpdj00 stopped successfully!
Service hpdj00 deleted successfully!
File C:\DOCUME~1\BDEAN\LOCALS~1\Temp\hpdj00.exe File not found not found.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 102185619 bytes
->Temporary Internet Files folder emptied: 151786 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: BDEAN
->Temp folder emptied: 18925481 bytes
->Temporary Internet Files folder emptied: 28901789 bytes
->Java cache emptied: 153690464 bytes
->Flash cache emptied: 2196149 bytes

User: CH-BDEAN-L1

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57257 bytes
->Java cache emptied: 13690439 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 878976 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1458578 bytes
->Flash cache emptied: 8982 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 276724 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 48945928 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 354.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07252010_151311

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temp\Temporary Internet Files\Content.IE5\PF2O3N5D\homepage;net=ns;u=,ns-53484805_1279293247,119ff3d9f78ac59,Miscellaneous,;;kw=;dcopt=ist;tile=1;ord1=643241;sz=728x90;ppos=atf;contx=Miscellaneous;btg=;ord=%20310829818130074[1] not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temp\Temporary Internet Files\Content.IE5\PF2O3N5D\topics;net=ns;u=,ns-62383986_1279293614,119ff3d9f78ac59,Miscellaneous,;;kw=;tile=1;ord1=730528;sz=300x250,336x280;ppos=btf;contx=Miscellaneous;btg=;ord=1081743460647059[1] not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temp\Temporary Internet Files\Content.IE5\PF2O3N5D\topics_bottom;net=ns;u=,ns-64685852_1279293615,119ff3d9f78ac59,Miscellaneous,;;kw=;tile=2;ord1=241362;sz=300x250,336x280;ppos=btf;contx=Miscellaneous;btg=;ord=1081743460647059[1] not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temp\Temporary Internet Files\Content.IE5\LUWTVG0K\page_bottom;net=ns;u=,ns-9704652_1279293253,119ff3d9f78ac59,Miscellaneous,;;kw=;dcopt=ist;tile=1;ord1=777832;sz=728x90;ppos=btf;contx=Miscellaneous;btg=;ord=%20310829818130074[1] not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temp\Temporary Internet Files\Content.IE5\FNIESKMY\homepage;net=ns;u=,ns-34341200_1279293250,119ff3d9f78ac59,Miscellaneous,;;kw=;tile=3;ord1=866782;sz=120x600,160x600;ppos=btf;contx=Miscellaneous;btg=;ord=310829818130074[1] not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temp\Temporary Internet Files\Content.IE5\FNIESKMY\spyware;net=ns;u=,ns-30120831_1279287611,119ff3d9f78ac59,csofantiv,;;kw=;tile=2;ord1=636690;sz=300x250,336x280;ppos=btf;contx=csofantiv;btg=;ord=4025639774699185[1] not found!
C:\Documents and Settings\BDEAN\Local Settings\Temp\VGX1B.tmp moved successfully.
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\32497837474578416a426341444c6831[3].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\de[1].html not found!
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\iframe[1].html moved successfully.
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\ifr[1].html moved successfully.
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\im[2].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\local[1].html not found!
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\map[3].html moved successfully.
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\navbarCAQABC1W.html moved successfully.
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\p-01-0VIaSjnOLg[2].gif not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\T2VUI0IS\ToastMini[2].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\default[2].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\iframe3[1].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\iframe[1].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\InboxLight[1].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\jsframe[1].html not found!
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\navbarCA5MEJZO.html moved successfully.
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\news-personal-finance[1].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\p-01-0VIaSjnOLg[3].gif not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\pf_front;!category=;;;mc=b2pfreezone;tile=2;sz=377x140;ord=1289128912891289;[1].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\pf_front;u=;!category=;;;mc=b2pfreezone;tile=1;sz=377x50;ord=1289128912891289;[1].html not found!
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\Recordings[1].html moved successfully.
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\tf[1].html moved successfully.
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\topic332303[1].html moved successfully.
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\QQOMAPPA\us_subscriber;!category=;;;mc=b2pfreezone;pos=1;tile=3;sz=170x67;ord=1289128912891289;[1].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\GAF1Y0J3\Aviemore_At_Odessa_National_9761720070924[1].html not found!
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\GAF1Y0J3\buildingaryanhome_blogspot_com[1].html moved successfully.
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\GAF1Y0J3\buildingwithryan_blogspot_com[1].html moved successfully.
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\GAF1Y0J3\getAds[2].html not found!
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\GAF1Y0J3\navbarCA0M81A2.html moved successfully.
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\GAF1Y0J3\sellmovebuild_blogspot_com[1].html moved successfully.
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\GAF1Y0J3\she-is-as-dangerous-as-she-looks[1].html moved successfully.
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\BuddyList[2].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\getAds[2].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\iframe[1].html not found!
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\ifr[1].html moved successfully.
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\ifr[2].html moved successfully.
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\ifr[3].html moved successfully.
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\Map[1].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\p-01-0VIaSjnOLg[3].gif not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\PixelTracking[1].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\ToastFull[3].html not found!
File\Folder C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\Content.IE5\0M9OO9AY\us_subscriber;!category=;;;mc=b2pfreezone;pos=2;tile=4;sz=170x67;ord=1289128912891289;[1].html not found!
C:\Documents and Settings\BDEAN\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...



OTL logfile created on: 7/25/2010 3:24:32 PM - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\BDEAN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.86 Gb Total Space | 85.28 Gb Free Space | 57.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CH-BDEAN-L1
Current User Name: BDEAN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BDEAN\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - c:\WINDOWS\itlm\tlmagent.exe ()
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\iprntctl.exe (Novell, Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\AT&T Global Network Client\netcfgsvr.exe (AT&T)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\WINDOWS\system32\Novell\xtagent.exe (Novell, Inc.)
PRC - C:\Program Files\Novell\iFolder\trayapp.exe (Novell, Inc.)
PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe (TechSmith Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\BDEAN\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (tlmagent) -- c:\windows\itlm\tlmagent.exe ()
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (enstart) -- C:\WINDOWS\System32\enstart.exe ()
SRV - (Multi-user Cleanup Service) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Diagnostics) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (STacSV) -- c:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe (IDT, Inc.)
SRV - (netcfgsvr) -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe (AT&T)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (ZFDWM) -- C:\Program Files\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\Novell\xtagent.exe (Novell, Inc.)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (NALNTSERVICE) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (vmxnet) -- C:\WINDOWS\System32\DRIVERS\vmxnet.sys File not found
DRV - (vmx_svga) -- C:\WINDOWS\System32\DRIVERS\vmx_svga.sys File not found
DRV - (vmmouse) -- C:\WINDOWS\System32\DRIVERS\vmmouse.sys File not found
DRV - (vmci) -- C:\WINDOWS\System32\DRIVERS\vmci.sys File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys File not found
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nipplpt2) -- C:\WINDOWS\system32\drivers\nipplpt.sys ()
DRV - (enstart_) -- C:\WINDOWS\system32\enstart_.sys (Guidance Software Inc.)
DRV - (CITMDRV) -- C:\WINDOWS\system32\drivers\CITMDRV.SYS ()
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (vmscsi) -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (agnwifi) -- C:\WINDOWS\system32\drivers\agnwifi.sys (AT&T)
DRV - (avpnnic) -- C:\WINDOWS\system32\drivers\avpnnic.sys (AT&T)
DRV - (agnfilt) -- C:\WINDOWS\system32\drivers\agnfilt.sys (AT&T)
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (BCMWLNPF) -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS (CACE Technologies)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\System32\Drivers\Nicm.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH)
DRV - (NifFltr) -- C:\WINDOWS\System32\drivers\niffltr.sys ()
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (WNTHW) -- C:\WINDOWS\system32\drivers\WNTHW.SYS ()
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.wlgore.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsndip;32.85.*;192.168.*;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 157.204.22.4:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/15 15:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/20 18:12:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9A160745-7A0E-4ABC-9E56-D7B7D819B638}: C:\Documents and Settings\BDEAN\Local Settings\Application Data\{9A160745-7A0E-4ABC-9E56-D7B7D819B638} [2010/07/16 09:21:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AGNS_Config] C:\WINDOWS\System32\nircmd.exe (NirSoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Pistolstar_SSO] C:\Program Files\Pistolstar\Password Power Client\APOSSO.exe (Pistolstar, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Documents and Settings\BDEAN\Desktop\unlocker1.8.8-portable\UnlockerAssistant.exe File not found
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Global Network Client\NetSP.exe (AT&T)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe (Novell, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\prox.cmd GPRUN"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 2 = nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\Radio_Adhoc.cmd"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 3 = nircmd execmd "%windir%\system32\GroupPolicy.WKSCache\User\ScreenSaver.cmd"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = IMPORTANT Notice:
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = Access to this system is restricted to authorized users only. This system contains information that is considered confidential and proprietary to W. L. Gore & Associates, Inc. By clicking OK, you agree to not disclose the information contained in this system to any third party or to use it for your own use or benefit, without the written permission of W. L. Gore & Associates, Inc.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} https://cpc.on.intercall.com/confmgr/instal...ICWMInstall.cab (ICWMInstallObj Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} http://download.microsoft.com/download/7/1...20/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1255663601550 (MUWebControl Class)
O16 - DPF: {8650EBA6-6CBB-11D2-A9E0-00E02C0159F9} http://chipsndip/CHipsNDip1/Activex/NWUsrGrp.ocx (Novell User Group Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://128.255.26.210/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} http://e1.wlgore.com/jde/axctls/jdewebctlsU.cab (JDEWebRTFEditU Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://aprpt01.wlgore.com/viewer/activeXVi...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EC747AE4-8EF6-11D0-B375-0000E20315E2} http://chipsndip/CHipsNDip1/Activex/NWSess.ocx (Novell Session Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = use.wlgore.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGina.dll) - C:\WINDOWS\System32\NWGINA.DLL (Novell, Inc.)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - C:\Documents and Settings\BDEAN\My Documents\My Pictures\lake-powell-sunset-portrait-photography.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\BDEAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BDEAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/04 19:09:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{090f970c-0442-11df-9c9a-0c60763fe040}\Shell - "" = AutoRun
O33 - MountPoints2\{090f970c-0442-11df-9c9a-0c60763fe040}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{090f970c-0442-11df-9c9a-0c60763fe040}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/25 12:13:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/23 10:35:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BDEAN\Desktop\OTL.exe
[2010/07/22 09:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\Deployment
[2010/07/21 09:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/07/16 15:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Desktop\gmer
[2010/07/16 15:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/16 15:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/16 15:28:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\BDEAN\Desktop\spybotsd162.exe
[2010/07/16 11:31:26 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\BDEAN\Desktop\tdsskiller.exe
[2010/07/16 11:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\My Documents\RegRun2
[2010/07/16 11:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/07/16 09:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\cujgfyntv
[2010/07/16 09:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 00:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/14 00:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\{9A160745-7A0E-4ABC-9E56-D7B7D819B638}

========== Files - Modified Within 30 Days ==========

[2010/07/25 15:21:28 | 000,592,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/25 15:21:28 | 000,492,106 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/25 15:21:28 | 000,089,316 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/25 15:19:21 | 000,246,401 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/25 15:19:21 | 000,201,679 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/25 15:17:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 15:17:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/25 15:17:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/25 15:17:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 15:16:56 | 3745,406,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/25 15:16:30 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\BDEAN\NTUSER.DAT
[2010/07/25 14:47:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/25 11:12:08 | 000,002,317 | ---- | M] () -- C:\Documents and Settings\BDEAN\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Global Network Client.lnk
[2010/07/24 15:33:08 | 000,049,559 | ---- | M] () -- C:\WINDOWS\System32\Odessa_Nat_Map_Proof.jpeg
[2010/07/24 09:59:14 | 000,246,401 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/07/23 10:56:52 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\BDEAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Crystal Reports XI Release 2.lnk
[2010/07/23 10:35:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BDEAN\Desktop\OTL.exe
[2010/07/23 09:41:08 | 000,000,593 | ---- | M] () -- C:\WINDOWS\msg_mgr.ini
[2010/07/23 09:41:07 | 000,000,303 | ---- | M] () -- C:\WINDOWS\attwktop.ini
[2010/07/22 10:19:18 | 000,085,288 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/07/22 10:00:12 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\BDEAN\ntuser.pol
[2010/07/21 08:46:49 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Enable-WSUS.$$$
[2010/07/21 08:46:42 | 000,000,004 | ---- | M] () -- C:\WINDOWS\DISABLE-GHOSTBACKUP.$$$
[2010/07/21 08:46:41 | 000,000,004 | ---- | M] () -- C:\WINDOWS\ENABLE-NALFORCERUN.$$$
[2010/07/21 08:46:39 | 000,000,004 | ---- | M] () -- C:\WINDOWS\ENABLE-FIREWALLON.$$$
[2010/07/21 08:46:35 | 000,000,004 | ---- | M] () -- C:\WINDOWS\ENABLE-SECBANNER.$$$
[2010/07/16 18:03:53 | 000,000,197 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/16 17:38:27 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\Spybot - Search & Destroy.lnk
[2010/07/16 15:36:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\gmer.zip
[2010/07/16 15:28:47 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\BDEAN\Desktop\spybotsd162.exe
[2010/07/16 15:21:25 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\dds.scr
[2010/07/16 11:31:32 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\BDEAN\Desktop\tdsskiller.exe
[2010/07/16 11:25:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/16 11:25:20 | 000,001,754 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/16 11:25:20 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/07/16 11:24:17 | 009,760,506 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\unhackme.zip
[2010/07/16 10:31:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\BDEAN\ntuser.ini
[2010/07/16 10:24:06 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/14 13:14:44 | 000,001,752 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/12 09:53:57 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\SupplierLot_Receipt_RMS743_RMS426_RMS443_RMS444_20100712.xls
[2010/07/09 11:42:11 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\RMS426_RMS443_RMS444_MaterialUsage_20100709.xls
[2010/07/09 08:17:14 | 003,720,958 | -H-- | M] () -- C:\Documents and Settings\BDEAN\Local Settings\Application Data\IconCache.db
[2010/07/08 18:40:15 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\RMS652_SupplierDataNotCollected.xls
[2010/07/08 09:52:27 | 000,040,365 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric2.pdf
[2010/07/08 09:11:51 | 000,039,488 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric.pdf
[2010/07/06 13:42:33 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\BDEAN\My Documents\Large Ext ParameterGroups not changed yet.xls
[2010/07/03 15:56:31 | 000,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/02 12:26:21 | 000,044,140 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\TC40001791.pdf
[2010/07/01 19:54:20 | 000,039,379 | ---- | M] () -- C:\Documents and Settings\BDEAN\Desktop\TC40004550.pdf
[2010/06/26 12:46:30 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\asasrv.ini
[2010/06/25 22:10:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/07/24 15:33:33 | 000,049,559 | ---- | C] () -- C:\WINDOWS\System32\Odessa_Nat_Map_Proof.jpeg
[2010/07/16 15:36:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\gmer.zip
[2010/07/16 15:30:07 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\Spybot - Search & Destroy.lnk
[2010/07/16 15:21:21 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\dds.scr
[2010/07/16 11:25:20 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/07/16 11:24:04 | 009,760,506 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\unhackme.zip
[2010/07/16 10:35:07 | 3745,406,976 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/16 10:24:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/12 09:53:57 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\SupplierLot_Receipt_RMS743_RMS426_RMS443_RMS444_20100712.xls
[2010/07/09 11:42:11 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\RMS426_RMS443_RMS444_MaterialUsage_20100709.xls
[2010/07/08 18:40:15 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\RMS652_SupplierDataNotCollected.xls
[2010/07/08 09:46:07 | 000,040,365 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric2.pdf
[2010/07/08 09:11:40 | 000,039,488 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\nemomeddispogeneric.pdf
[2010/07/06 13:42:33 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\BDEAN\My Documents\Large Ext ParameterGroups not changed yet.xls
[2010/07/02 11:24:25 | 000,044,140 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\TC40001791.pdf
[2010/07/01 19:54:20 | 000,039,379 | ---- | C] () -- C:\Documents and Settings\BDEAN\Desktop\TC40004550.pdf
[2010/05/19 16:33:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2010/05/19 16:33:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2010/05/19 16:33:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2010/04/07 08:19:56 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\npnipp.dll
[2010/03/31 02:11:25 | 000,004,001 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2010/03/24 10:26:18 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\CITMDRV.SYS
[2010/03/24 10:26:03 | 000,000,404 | ---- | C] () -- C:\WINDOWS\swdis.ini
[2010/03/15 12:54:03 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2010/03/15 12:54:01 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2009/11/24 19:48:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/10/19 19:34:09 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/10/19 09:32:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/10/19 09:32:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/10/19 09:31:58 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/10/19 09:31:58 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/10/19 09:31:57 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/10/15 14:18:28 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/10/15 14:18:28 | 000,000,197 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/15 14:13:40 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/15 14:13:39 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/04/22 04:24:22 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/22 04:24:20 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/22 04:23:50 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/22 04:23:40 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/14 10:55:49 | 000,034,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2009/01/14 10:21:40 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/08/29 19:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/08/16 16:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2007/04/04 22:47:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WINSETUP.INI
[2006/10/02 18:14:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\asasrv.ini
[2006/09/27 15:46:36 | 000,025,300 | ---- | C] () -- C:\WINDOWS\System32\drivers\niffltr.sys
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/01/06 05:37:38 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/09/24 01:25:02 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IMGFX6MU.DLL
[2005/09/24 01:09:53 | 000,001,752 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/05 00:47:21 | 000,000,593 | ---- | C] () -- C:\WINDOWS\msg_mgr.ini
[2005/03/05 00:47:21 | 000,000,303 | ---- | C] () -- C:\WINDOWS\attwktop.ini
[2005/03/05 00:31:05 | 000,003,698 | ---- | C] () -- C:\WINDOWS\System32\iprint.ini
[2005/03/04 23:37:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2005/03/04 23:37:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2005/03/04 23:37:10 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2005/03/04 23:37:08 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2005/03/04 23:37:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2005/03/04 23:37:04 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2005/03/04 23:36:58 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2005/03/04 23:36:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2005/03/04 23:36:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2005/03/04 23:29:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/03/04 21:22:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/17 04:39:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
[2004/03/17 04:38:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll
[2002/04/17 15:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[1999/08/07 02:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
< End of report >



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:39 PM

Posted 25 July 2010 - 02:42 PM

Hi,

happy to hear that!

To make sure everything is clean please run an online scan with Eset:
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 25 July 2010 - 07:34 PM

C:\Documents and Settings\BDEAN\Local Settings\Application Data\{9A160745-7A0E-4ABC-9E56-D7B7D819B638}\chrome\content\overlay.xul probably a variant of Win32/Agent trojan cleaned by deleting - quarantined


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:39 PM

Posted 26 July 2010 - 03:21 AM

Hi,

Eset targetted an addon in Firefox. Do you notice any change and can you check the addons in Firefox and let me know if you find one you don't remember installing.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 bdeandel

bdeandel
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 26 July 2010 - 09:24 AM

I don't use Firefox and I don't believe I have it installed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users