Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strat->Programs Empty, Windows can't find C:\Drive,


  • This topic is locked This topic is locked
9 replies to this topic

#1 AeroPat

AeroPat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 26 May 2011 - 02:45 PM

Windows appears to be unable to see the C:\ drive. In explorer, there is no content. MalwareBytes found and quaranteened several trojans, but systems still comes up with no C:\ drive.

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:35 AM

Posted 31 May 2011 - 05:34 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 AeroPat

AeroPat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 31 May 2011 - 06:57 PM

Hi ST,

Thanks for the reply. I ran "unhide.exe" and can get to my stuff. As I stated in my first post, I had already run MalwareBytes prior to seeking help for the forum. It did find six instances of a trojan.

Here are the out put files from RKU and OTL.

Pat

RKU

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #8
==============================================
>Drivers
==============================================
0xB5328000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10539008 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 257.29 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6303744 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 257.29 )
0xB500A000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2699264 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xB48DF000 C:\WINDOWS\system32\DRIVERS\fw.sys 2236416 bytes (Check Point Software Technologies, -)
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAA4D3000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 1789952 bytes
0xB864B000 iaStor.sys 1789952 bytes (Intel Corporation, Intel Rapid Storage Technology driver - x86)
0xAF6AC000 C:\WINDOWS\system32\drivers\sthda.sys 1597440 bytes (IDT, Inc., IDT PC Audio)
0xA7F44000 C:\WINDOWS\System32\drivers\vpn.sys 671744 bytes (Check Point Software Technologies, -)
0xB8555000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB4F2E000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xAF4AF000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB4796000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAF604000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA78F7000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB8403000 mfehidk.sys 335872 bytes (McAfee, Inc., McAfee Link Driver)
0xA7091000 C:\WINDOWS\system32\DRIVERS\mvfs50.sys 323584 bytes (IBM Corporation, -)
0xBD615000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB4F9F000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 274432 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xA64AA000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB47F4000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA7DC4000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB8528000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB52C1000 C:\WINDOWS\system32\DRIVERS\e1k5132.sys 176128 bytes (Intel Corporation, Intel® Gigabit Adapter NDIS 5.x driver)
0xA53CD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAF51F000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB52EC000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAF56C000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAF5DE000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA7B7F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB529D000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB4B01000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAF54A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAF5BC000 C:\WINDOWS\system32\Drivers\FireTDI.sys 139264 bytes (McAfee, Inc., McAfee HIP Application Firewall Driver)
0xAF852000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB85E2000 FirePM.sys 131072 bytes (McAfee, Inc., McAfee HIP Policy Manager)
0xB862B000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xAF690000 C:\WINDOWS\system32\drivers\AESTAud.sys 114688 bytes (Andrea Electronics Corporation, Andrea Audio Driver)
0xB4824000 C:\WINDOWS\system32\DRIVERS\vnasc.sys 110592 bytes (Check Point Software Technologies, -)
0xB8455000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA7C6B000 C:\WINDOWS\system32\drivers\HIPK.sys 102400 bytes (McAfee, Inc., HIPS Content Driver)
0xB850F000 SafeBoot.sys 102400 bytes
0xF74A2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB8602000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB4850000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA6A48000 C:\WINDOWS\system32\drivers\mfeavfk.sys 86016 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xA7E67000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB4FE2000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB4FF6000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB5314000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAF65D000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB8619000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA6A5D000 C:\WINDOWS\system32\drivers\mfeapfk.sys 69632 bytes (McAfee, Inc., Access Protection Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB483F000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAA6C4000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB61B4000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB849F000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7667000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB1835000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB20AD000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7657000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB5DB5000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB0CC2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB18A5000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7677000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB1875000 C:\WINDOWS\system32\drivers\mfetdik.sys 57344 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xB61D4000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF7647000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7587000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB20BD000 C:\WINDOWS\system32\drivers\nvhda32.sys 53248 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0xB5D55000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xAA6E4000 C:\WINDOWS\System32\Drivers\cvusbdrv.sys 49152 bytes (Broadcom Corporation, Broadcom Credential Vault USB Driver)
0xB5D35000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAA6D4000 C:\WINDOWS\system32\DRIVERS\usbccid.sys 49152 bytes (Microsoft Corporation, USB CCID Driver)
0xF7687000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xB1815000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB61C4000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB5D45000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7627000 SBAlg.sys 45056 bytes (SafeBoot N.V., SafeBoot FIPS AES Algorithm (256 bit))
0xB5D85000 C:\WINDOWS\system32\DRIVERS\Accelern.sys 40960 bytes (ST Microelectronics, Accelerometer Port I/O)
0xB5D65000 C:\WINDOWS\system32\DRIVERS\firehk.sys 40960 bytes (McAfee, Inc., McAfee HIP Firewall NDIS Driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB20CD000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7567000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAAE78000 C:\WINDOWS\system32\drivers\bcmwlnpf.sys 36864 bytes (CACE Technologies, npf)
0xA5902000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7637000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAA6F4000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB5D75000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\ldblank.sys 36864 bytes (Avocent Corporation, LANDesk Screen Blanking Driver)
0xF7577000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB1855000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAAEC8000 C:\WINDOWS\System32\drivers\omdrv.sys 36864 bytes (Check Point Software Technologies, -)
0xB1825000 C:\WINDOWS\System32\Drivers\SbFlop.SYS 36864 bytes (SafeBoot International, SafeBoot Floppy Disk Access Control Driver)
0xB1865000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB4867000 C:\WINDOWS\system32\drivers\HIPPSK.sys 32768 bytes (McAfee, Inc., Process Start Monitor Driver)
0xF77B7000 C:\WINDOWS\system32\DRIVERS\mirrorflt.sys 32768 bytes (Avocent Corporation, Filter Driver for the Windows 2000 Mirror Driver Stack)
0xB2D80000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB209B000 C:\WINDOWS\System32\Drivers\RsvLock.SYS 32768 bytes (SafeBoot International, SafeBoot Reserved Files Lock Driver)
0xAF8DC000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB7334000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB2D98000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xAD288000 C:\WINDOWS\system32\drivers\HIPQK.sys 28672 bytes (McAfee, Inc., HipsCore Query interface)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\ldmirror.sys 28672 bytes (Avocent Corporation, Mirror Miniport Driver)
0xF7707000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77F7000 C:\WINDOWS\system32\drivers\firelm01.sys 24576 bytes (McAfee, Inc., McAfee HIP Firewall Content Driver)
0xB732C000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB7324000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB2D90000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xAAAB5000 C:\WINDOWS\system32\DRIVERS\iPassP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xB2D88000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77BF000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77C7000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77A7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAF8C4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789F000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB75EE000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB8387000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xADC22000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB836F000 C:\WINDOWS\System32\Drivers\SbPrcCtl.SYS 16384 bytes (SafeBoot International, SafeBoot Process Control)
0xB0BBE000 C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xF78A3000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAF598000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB48C7000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB2680000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB75DE000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB0BBA000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF78A7000 stdcfltn.sys 12288 bytes (ST Microelectronics, Disk Class Filter Driver for Accelerometer)
0xB75EA000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF79AD000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79AB000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79AF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79B1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF798D000 SbFsLock.sys 8192 bytes (SafeBoot International, SafeBoot FS Locker)
0xF79DD000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF79D5000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF799F000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A82000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB27D4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xAFB04000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A50000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7A4F000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\SafeBoot.sys]

OTL

OTL logfile created on: 5/31/2011 4:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Documents and Settings\e181530\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.52% Memory free
7.08 Gb Paging File | 6.42 Gb Available in Paging File | 90.65% Paging File free
Paging file location(s): C:\pagefile.sys 4976 4976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.49 Gb Total Space | 45.71 Gb Free Space | 51.65% Space Free | Partition Type: NTFS
Drive D: | 144.38 Gb Total Space | 127.85 Gb Free Space | 88.55% Space Free | Partition Type: NTFS
Drive V: | 78.13 Gb Total Space | 48.83 Gb Free Space | 62.50% Space Free | Partition Type: MVFS

Computer Name: WA05LTC3LR0P1 | User Name: e181530 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/31 16:34:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\e181530\Desktop\OTL.exe
PRC - [2011/05/23 02:45:06 | 000,376,280 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/01/12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2010/09/22 19:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/09/08 16:30:20 | 000,472,432 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/08/24 13:46:50 | 000,378,224 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
PRC - [2010/07/06 18:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/06/15 12:50:54 | 000,979,104 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
PRC - [2010/06/15 12:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2010/05/30 19:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/05/20 13:25:08 | 000,385,024 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2010/05/18 18:42:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/05/18 18:42:02 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010/04/30 07:52:54 | 003,795,560 | ---- | M] () -- c:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2010/03/30 06:15:54 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2010/03/25 14:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2010/03/22 05:34:08 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2010/03/16 05:32:38 | 000,409,088 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2010/03/16 05:32:30 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2010/03/11 06:29:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2010/03/02 08:02:50 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2010/02/16 20:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/01/26 19:01:38 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/26 18:57:22 | 000,035,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/11/10 13:32:50 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/07/06 21:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/11/17 03:53:47 | 000,372,796 | ---- | M] (SafeBoot International) -- C:\Program Files\SafeBoot\SbClientManager.exe
PRC - [2008/06/02 07:18:24 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 08:40:30 | 000,135,168 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2007/10/25 08:40:30 | 000,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2007/04/27 08:15:32 | 000,028,740 | ---- | M] (IBM Corporation) -- C:\Rational\ClearCase\bin\lockmgr.exe
PRC - [2007/03/30 17:11:08 | 000,028,220 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\cccredmgr.exe
PRC - [2005/09/08 15:27:08 | 002,687,078 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
PRC - [2005/09/08 15:27:08 | 000,036,971 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2005/09/08 15:27:06 | 000,106,602 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe


========== Modules (SafeList) ==========

MOD - [2011/05/31 16:34:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\e181530\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Honeywell IT Support Service v6.4.1)
SRV - [2011/05/16 05:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/01/05 14:46:53 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/24 13:46:50 | 000,378,224 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2010/06/15 12:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2010/05/20 13:25:08 | 000,385,024 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2010/05/18 18:42:02 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/04/30 07:52:54 | 003,795,560 | ---- | M] () [Auto | Running] -- c:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2010/03/30 06:15:54 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2010/03/25 14:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2010/03/22 05:34:08 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2010/03/16 05:32:38 | 000,409,088 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2010/03/11 06:29:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2010/01/26 19:01:38 | 000,069,192 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/26 18:57:22 | 000,035,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe -- (hips)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- c:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/11/10 13:32:50 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2008/11/17 03:53:47 | 000,372,796 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\SafeBoot\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2007/10/25 11:30:58 | 001,396,736 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2007/10/25 08:40:30 | 000,135,168 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2007/10/25 08:40:30 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2007/05/15 22:43:22 | 000,073,795 | ---- | M] (IBM Corporation) [Auto | Stopped] -- C:\Rational\ClearQuest\mailservice.exe -- (MailService)
SRV - [2007/04/27 08:15:32 | 000,028,740 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Rational\ClearCase\bin\lockmgr.exe -- (LockMgr)
SRV - [2007/03/30 17:11:08 | 000,028,220 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\cccredmgr.exe -- (cccredmgr)
SRV - [2007/03/30 15:38:30 | 000,176,186 | ---- | M] (IBM Corporation) [Auto | Stopped] -- C:\Rational\ClearCase\bin\albd_server.exe -- (Albd)
SRV - [2005/09/08 15:27:08 | 000,036,971 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe -- (SR_WatchDog)
SRV - [2005/09/08 15:27:06 | 000,106,602 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2002/04/26 19:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- D:\Oracle92\bin\ONRSD.EXE -- (OracleOracle92ClientCache)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 16:09:04 | 000,019,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Documents and Settings\All Users\Application Data\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys -- (Mandiant_Tools)
DRV - [2011/04/01 00:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/01 00:22:01 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/05 16:04:52 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2010/08/29 23:26:34 | 000,257,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/07/09 11:41:42 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/07/09 11:41:34 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stdcfltn.sys -- (stdcfltn)
DRV - [2010/06/15 12:49:08 | 000,030,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\firelm01.sys -- (firelm01)
DRV - [2010/06/15 12:49:02 | 000,145,616 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FireTDI.sys -- (FireTDI)
DRV - [2010/06/15 12:48:58 | 000,137,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\FirePM.sys -- (FirePM)
DRV - [2010/05/18 18:42:02 | 001,660,691 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/04/06 00:35:56 | 000,168,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2010/03/02 06:18:30 | 000,014,336 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2010/03/02 06:18:30 | 000,006,144 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2010/03/02 06:18:30 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2010/02/02 16:47:36 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/02/02 16:47:18 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
DRV - [2010/01/28 07:25:06 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/01/26 19:00:58 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/26 18:59:38 | 000,344,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/26 18:58:42 | 000,075,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/26 18:57:02 | 000,035,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIPQK.sys -- (HIPQK)
DRV - [2010/01/26 18:56:48 | 000,038,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIPPSK.sys -- (HIPPSK)
DRV - [2010/01/26 18:56:32 | 000,107,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIPK.sys -- (HIPK)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/10/30 14:51:14 | 000,033,832 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/04/21 17:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/04/15 15:49:48 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/12/10 14:34:17 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SBAlg)
DRV - [2008/11/20 09:08:08 | 000,103,424 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/10/17 16:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\firehk.sys -- (FirehkMP)
DRV - [2008/10/17 16:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\firehk.sys -- (Firehk)
DRV - [2008/09/12 02:12:25 | 000,015,184 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SbPrcCtl.sys -- (SbPrcCtl)
DRV - [2008/09/12 02:11:31 | 000,013,152 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/09/12 02:11:20 | 000,033,264 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\RsvLock.sys -- (RsvLock)
DRV - [2008/09/12 02:11:07 | 000,034,416 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SbFlop.sys -- (SbFlop)
DRV - [2007/05/24 18:15:22 | 000,330,544 | ---- | M] (IBM Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mvfs50.sys -- (Mvfs)
DRV - [2005/09/08 15:27:12 | 000,671,408 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2005/09/08 15:27:12 | 000,109,072 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnasc.sys -- (VNASC)
DRV - [2005/09/08 15:27:12 | 000,036,400 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2005/09/08 15:27:10 | 002,234,320 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2003/05/21 19:47:12 | 000,175,360 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2140148428-718608452-937769972-54937\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig [binary data]
IE - HKU\S-1-5-21-2140148428-718608452-937769972-54937\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-2140148428-718608452-937769972-54937\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2140148428-718608452-937769972-54937\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52242

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52242
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2011/05/18 14:16:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\meetinglauncher@iconf.net: C:\Program Files\Meeting Center\Modules\Firefox [2011/01/26 09:27:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/23 07:17:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/12 10:12:11 | 000,000,000 | ---D | M]

[2011/05/23 07:18:43 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\e181530\Application Data\Mozilla\Extensions
[2011/05/23 07:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/28 12:21:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/31 12:45:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/28 12:21:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/26 09:27:08 | 000,000,000 | ---D | M] (Meeting Center) -- C:\PROGRAM FILES\MEETING CENTER\MODULES\FIREFOX
[2009/09/15 11:06:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/31 14:38:15 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2140148428-718608452-937769972-54937\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ABGI] d:\ABGI\serialnum.vbs ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IDTSysTrayApp] File not found
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\.DEFAULT..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2140148428-718608452-937769972-54937..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = \\az18dc0003.global.ds.honeywell.com\SYSVOL\global.ds.honeywell.com\Policies\{2037079B-D0B4-4E4C-84AE-EC8F4A576F8D}\Machine\Scripts\GTS-GPOAdminSecWeb2.0.7.vbe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 300
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-2140148428-718608452-937769972-54937\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2140148428-718608452-937769972-54937\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-2140148428-718608452-937769972-54937\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-2140148428-718608452-937769972-54937\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKLM\..Trusted Domains: honeywell.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: kenexa.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: taleo.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2140148428-718608452-937769972-54937\..Trusted Domains: honeywell.com ([]* in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266947590549 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266947582657 (MUWebControl Class)
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} https://pki.honeywell.com/pki/VSApps/vspta3.cab (VSPTA Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} http://usldcoaz1803/common/ENUrcviewer.cab (ExecuteViewer2 Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.ds.honeywell.com
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - d:\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - d:\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Program Files\SafeBoot\SBGINA.DLL) - C:\Program Files\SafeBoot\SbGina.dll (SafeBoot International)
O20 - HKU\S-1-5-21-2140148428-718608452-937769972-54937 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ccnotify: DllName - ccnotify.dll - C:\WINDOWS\System32\ccnotify.dll (IBM Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/11 14:44:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.000 -- [ NTFS ]
O32 - AutoRun File - [2011/05/23 09:42:28 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{714cc4a2-f915-11db-8ea4-0008749fbd9c}\Shell - "" = AutoRun
O33 - MountPoints2\{714cc4a2-f915-11db-8ea4-0008749fbd9c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{714cc4a2-f915-11db-8ea4-0008749fbd9c}\Shell\AutoRun\command - "" = F:\SecureDrive_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2140148428-718608452-937769972-54937\...exe [@ = exefile] -- Reg Error: Value error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 16:34:22 | 000,580,096 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\e181530\Desktop\OTL.exe
[2011/05/31 10:18:09 | 000,040,328 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\HIPIS0e011b5.dll
[2011/05/31 08:42:43 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\e181530\Recent
[2011/05/29 18:00:28 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2011/05/29 18:00:28 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismp.sys
[2011/05/29 18:00:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\e181530\Downloads
[2011/05/29 18:00:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\e181530\Local Settings\Application Data\TomTom
[2011/05/29 17:59:06 | 000,000,000 | ---D | C] -- D:\Documents and Settings\e181530\Start Menu\Programs\TomTom
[2011/05/29 17:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2011/05/29 17:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\MyTomTom 3
[2011/05/26 11:30:22 | 000,606,738 | R--- | C] (Swearware) -- D:\Documents and Settings\e181530\Desktop\dds.scr
[2011/05/26 06:06:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\e181530\My Documents\Downloads
[2011/05/26 05:40:07 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\e181530\IECompatCache
[2011/05/14 05:31:18 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/06 18:05:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\e181530\Application Data\Mozilla
[2011/05/06 18:04:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\e181530\My Documents\The Lord of the Rings Online
[2011/05/06 17:33:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Turbine
[2011/05/06 16:30:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\e181530\My Documents\Lotro Hi Res Install
[2011/05/06 14:16:48 | 000,000,000 | R--D | C] -- D:\Documents and Settings\e181530\My Documents\My Music
[2011/05/06 12:16:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[1996/11/12 22:25:44 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 D:\Documents and Settings\e181530\My Documents\*.tmp files -> D:\Documents and Settings\e181530\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/31 16:34:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\e181530\Desktop\OTL.exe
[2011/05/31 16:29:30 | 000,139,264 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\RKUnhookerLE.EXE
[2011/05/31 16:28:00 | 000,469,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/31 16:28:00 | 000,081,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/31 16:26:06 | 008,294,454 | ---- | M] () -- C:\WINDOWS\BGInfo.bmp
[2011/05/31 16:24:27 | 000,242,303 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/31 16:24:22 | 000,119,789 | ---- | M] () -- C:\WINDOWS\System32\api_hook_list.dat
[2011/05/31 16:24:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/31 16:24:04 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/31 16:23:17 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/31 16:23:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/05/31 16:22:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/31 14:38:15 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/31 14:06:04 | 000,005,656 | RHS- | M] () -- D:\Documents and Settings\e181530\ntuser.pol
[2011/05/31 14:02:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/31 13:38:21 | 000,085,383 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2011/05/31 10:43:08 | 000,000,746 | ---- | M] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\WINWORD.lnk
[2011/05/31 10:42:56 | 000,000,734 | ---- | M] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\EXCEL.lnk
[2011/05/31 10:42:54 | 000,000,753 | ---- | M] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\POWERPNT.lnk
[2011/05/31 10:20:01 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/05/31 10:19:28 | 000,242,303 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/31 06:47:52 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/31 06:47:52 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/27 13:29:13 | 000,000,592 | ---- | M] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/05/27 13:29:07 | 000,000,104 | ---- | M] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/27 13:28:58 | 000,000,746 | ---- | M] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\OUTLOOK.lnk
[2011/05/26 16:44:06 | 000,606,104 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\unhide.exe
[2011/05/26 11:30:22 | 000,606,738 | R--- | M] (Swearware) -- D:\Documents and Settings\e181530\Desktop\dds.scr
[2011/05/26 11:29:17 | 000,050,477 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\Defogger.exe
[2011/05/26 11:17:56 | 000,293,775 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\gmer.zip
[2011/05/26 11:11:16 | 001,546,851 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\ProcessExplorer.zip
[2011/05/26 10:55:02 | 000,029,683 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\mortise chisels.jpg
[2011/05/26 10:08:35 | 001,301,452 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\tdsskiller.zip
[2011/05/26 09:45:22 | 000,000,592 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/23 10:16:57 | 000,033,629 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\ULOA.pdf
[2011/05/23 09:57:28 | 000,001,000 | ---- | M] () -- C:\WINDOWS\ISLV.INI
[2011/05/23 09:42:28 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/20 13:55:31 | 000,046,411 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\Telecommuting.pdf
[2011/05/20 13:48:00 | 000,281,718 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\Telecommuting Agreement B Kilty.pdf
[2011/05/17 09:30:04 | 002,499,802 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\Sword in the stars Word.odt
[2011/05/16 21:17:00 | 000,000,162 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\~$ord in the stars Word.odt
[2011/05/14 05:31:18 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/08 22:36:08 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\KevlarSigs.dll
[2011/05/06 17:33:49 | 000,001,708 | ---- | M] () -- D:\Documents and Settings\e181530\Desktop\The Lord of the Rings Online.lnk
[2011/05/06 16:20:46 | 000,000,426 | ---- | M] () -- D:\Documents and Settings\All Users\Documents\ESDscript.bat
[2011/05/05 18:32:54 | 000,014,741 | ---- | M] () -- D:\Documents and Settings\e181530\My Documents\SeatCoverReceipt.pdf
[2011/05/05 14:29:23 | 000,001,359 | ---- | M] () -- C:\WINDOWS\PVCSTRK.INI
[2011/05/05 08:27:28 | 000,012,800 | ---- | M] () -- D:\Documents and Settings\e181530\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 D:\Documents and Settings\e181530\My Documents\*.tmp files -> D:\Documents and Settings\e181530\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/31 16:29:28 | 000,139,264 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\RKUnhookerLE.EXE
[2011/05/31 16:24:15 | 000,119,789 | ---- | C] () -- C:\WINDOWS\System32\api_hook_list.dat
[2011/05/31 10:43:08 | 000,000,746 | ---- | C] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\WINWORD.lnk
[2011/05/31 10:42:56 | 000,000,734 | ---- | C] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\EXCEL.lnk
[2011/05/31 10:42:54 | 000,000,753 | ---- | C] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\POWERPNT.lnk
[2011/05/27 13:29:13 | 000,000,592 | ---- | C] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/05/27 13:29:07 | 000,000,104 | ---- | C] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/27 13:28:58 | 000,000,746 | ---- | C] () -- D:\Documents and Settings\e181530\Application Data\Microsoft\Internet Explorer\Quick Launch\OUTLOOK.lnk
[2011/05/26 16:44:05 | 000,606,104 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\unhide.exe
[2011/05/26 11:29:22 | 000,050,477 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\Defogger.exe
[2011/05/26 11:17:56 | 000,293,775 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\gmer.zip
[2011/05/26 11:11:15 | 001,546,851 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\ProcessExplorer.zip
[2011/05/26 10:55:36 | 000,029,683 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\mortise chisels.jpg
[2011/05/26 10:08:27 | 001,301,452 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\tdsskiller.zip
[2011/05/26 09:44:09 | 000,000,592 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/23 10:16:57 | 000,033,629 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\ULOA.pdf
[2011/05/23 09:42:26 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.000
[2011/05/20 13:55:31 | 000,046,411 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\Telecommuting.pdf
[2011/05/20 13:48:00 | 000,281,718 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\Telecommuting Agreement B Kilty.pdf
[2011/05/16 21:16:01 | 000,000,162 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\~$ord in the stars Word.odt
[2011/05/15 18:16:53 | 002,499,802 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\Sword in the stars Word.odt
[2011/05/06 17:33:49 | 000,001,708 | ---- | C] () -- D:\Documents and Settings\e181530\Desktop\The Lord of the Rings Online.lnk
[2011/05/05 18:32:54 | 000,014,741 | ---- | C] () -- D:\Documents and Settings\e181530\My Documents\SeatCoverReceipt.pdf
[2011/05/05 08:14:13 | 000,012,800 | ---- | C] () -- D:\Documents and Settings\e181530\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/14 17:21:27 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/14 17:21:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/12 23:57:35 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/11 03:42:56 | 000,009,606 | -HS- | C] () -- D:\Documents and Settings\e181530\Local Settings\Application Data\hqv735g8i6r22vof61673nryg
[2011/04/11 03:42:56 | 000,009,606 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\hqv735g8i6r22vof61673nryg
[2011/03/16 13:34:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ivwnsck.dll
[2011/03/16 13:34:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ivnwlink.dll
[2011/03/16 13:34:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ivmsnmp.dll
[2011/03/16 13:26:01 | 000,001,359 | ---- | C] () -- C:\WINDOWS\PVCSTRK.INI
[2011/03/16 13:25:53 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\TKTRN13.DLL
[2011/03/16 13:23:33 | 000,001,000 | ---- | C] () -- C:\WINDOWS\ISLV.INI
[2011/02/06 13:09:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/30 12:27:32 | 000,149,175 | ---- | C] () -- C:\WINDOWS\hpwins05.dat
[2011/01/07 23:51:27 | 000,000,130 | ---- | C] () -- D:\Documents and Settings\e181530\Local Settings\Application Data\fusioncache.dat
[2011/01/07 13:16:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/05 16:07:38 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin
[2011/01/05 16:07:38 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin
[2011/01/05 16:07:16 | 000,106,600 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2011/01/05 16:07:10 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2011/01/05 16:04:51 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\iPassI5Installer.exe
[2010/12/04 18:59:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/12/04 18:53:21 | 000,012,288 | ---- | C] () -- C:\WINDOWS\EvtMessage.dll
[2010/12/04 18:52:21 | 000,242,303 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/12/04 18:49:23 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/12/04 18:49:22 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/12/04 18:49:21 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/12/04 18:46:25 | 000,216,952 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/04 18:46:23 | 000,216,952 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/04 18:46:23 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/04 18:31:58 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/23 12:56:39 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2010/02/23 12:56:39 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2010/02/23 12:56:39 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2010/02/23 12:56:38 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2010/02/23 12:56:38 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/20 09:08:08 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2008/07/07 16:37:37 | 000,000,064 | ---- | C] () -- C:\WINDOWS\minitab.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/15 13:37:13 | 000,000,074 | ---- | C] () -- C:\WINDOWS\SAPMSG.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/28 12:00:18 | 000,016,007 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat
[2007/05/28 11:58:30 | 000,004,785 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat
[2007/04/30 20:15:16 | 000,004,773 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2007/04/30 20:15:16 | 000,003,791 | ---- | C] () -- C:\WINDOWS\System32\saplogon.ini.preESD851
[2007/04/30 18:32:06 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2007/04/10 11:19:51 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2005/01/31 09:47:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\instsrv.exe
[2005/01/31 09:45:54 | 000,222,208 | ---- | C] () -- C:\WINDOWS\subinacl.exe
[2005/01/14 13:44:18 | 000,001,132 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/14 13:13:25 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2005/01/13 10:51:17 | 000,000,963 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/12 13:53:37 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/11 14:47:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/11 14:42:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/11 06:37:43 | 000,005,549 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/11 06:29:00 | 000,291,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1979/12/31 17:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1979/12/31 17:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1979/12/31 17:00:00 | 000,469,390 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1979/12/31 17:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1979/12/31 17:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1979/12/31 17:00:00 | 000,081,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1979/12/31 17:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1979/12/31 17:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1979/12/31 17:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1979/12/31 17:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1979/12/31 17:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\WXR Terrain Database Refresh Plans.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\WJ.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Winter bulges.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\WindFarmReport.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\WaterlineWithBlueFromAirbus.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\WASHINGTON2009Flood.pps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\WADU_edge_protection_111009.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\WADU_A400M_edge_protection_111009.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\VitamineCtABLE.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\UnemplymentUnderDems.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Trophy Engraving Order 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Troop186SongBook.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\TimeSiteUsersManual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Ticket Number.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ThirdGradeSoccerSchedule.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ThirdGradeGirlsSoccerSchedule9_16_09.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\The Black Hole.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\TeamMeeting%May_12_2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\StJoesThirdGradeGirlsSoccerSchedule9_17_09.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\StJoesThirdGradeGirlsSoccerSchedule25-Sept-09.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Steering Committee-Performance Limitation Update Oct 2009.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Steering Committee-HI-2 Apr 09.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\steering Agenda with Yellow..doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\StaffMeeting.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Staff MeetingSept 22, 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\staff meeting 12--2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Staff 2009-Oct-20.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\staff 10-Nov-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SPI.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\spendulousWA.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSubsOctober-9-2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSubsOctober-3-2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSubsOctober-31-2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSubsOctober-24-2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSubsGame2.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSubsbLANK.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSubs26-Sept-2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSubs.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSchedule2008.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SoccerSchedule.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Soccer Practice.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\sirduke.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\sipline.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Shoulder stability.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SEUController.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SemiWeeklyCallFeb10_2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\sears order confirm.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Scout Store.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\SamGiftList.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\RTU0E7SOFReply.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Role_Request.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Response to MRA ECM 82 83_Draft.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Response to ECM MaritimeModeStandard.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Requirements Std.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\requestEnrollmentGuide.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Req Std Rev_PKG.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\RE RDR-4000 Equipped Aircraft.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\RD1 Summary by Key Code_2008_Eng List.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Radar Horizon.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PWDTropheyOrder.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\pswrds.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ProgramWaterlineFeb_26_2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Program Aids January 2009.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Prayer.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\poem.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Pocketknife.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PnEvolutionFFAR.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PMR (Mar 09).ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PMR (Mar 09) Pt II.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\plywood bench.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PlayLikeAChampionRegistration.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Planning20090911151420.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PKICertInfo.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PE093002a.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PE093001a.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PBKM-PBKD-Install.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PaulAniversary.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Pat's Staff 2009-Oct-27.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\passwords.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Parking Layout1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PackMeeting_January_2009_Final.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\PackMeeting_January_2009(1).xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Pack200Pine16Cars.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Pack200Pine14Cars.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\OT Policy Change.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Olympia Field Trip Updates[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\OctTwoWayCommunication.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\No RGBM processing below 40nm.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\New requirements.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\NavUpdate.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MSO_TBD_Fabrice.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MSO INTLTBD - INTERNATIONAL PLINV -ADP adapter Cables to France (2).xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MS-MSY-MSZA09-17_Install_SG79Y952H01-ENGLISH_6-13-07.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA_Schedule_Actions.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA_2008_Incomplete (2).xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Talking points for Allison.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Reductions.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Project Review Mar 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Project Review Jun 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Project Review Jun 2009 No Mat.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Project Review Feb 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Project 117979 ReviewNov 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Project 117979 Review Octt 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Project 117979 Review Oct 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA Project 117979 Review Nov 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA EPR and L2_2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MRA DCR_2-4 - attached file.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\mountainbeavercontrol.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Mon_1615_Prototype_Aperture_Synthetic_Radar-Democko_and_Gills.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Military Radar FFAR Concl 04-Mar-09v2.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\mil_hdbk_217f.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Message to Rockwell Employees.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\May2008_Dec2008MRAStaffing.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\May 6 - EADS Phone Call.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MaritimModeL2.2OrDCR2-4.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\MaritimModeL2 2OrDCR2-4Updated.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Marine radar 3D buffer.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Mag Effect.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\LetterSchool 2009 Sam.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\LetterSchool 2009 Faith.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\LeadersGuideUpd7-27.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\L21_performance.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\L2_2_Radar_Tasks.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\L2.B_L2.2_Software Delivery Content_7 Oct 09.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\L2.B_L2.2_Software Delivery Content 12 Mar 09.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\KuttlerOrg.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Ken'staff 16-Novemeber-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Kens Staff September 14.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Kens Staff October 5, 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Ken's Staff Nov 30 2010.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Kens Staff 9-November-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Ken's Staff 2-Nov-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Ken's Staff 2009-Oct-19.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Ken's Staff 12-Oct-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Ken Staff Sept 28 - 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\June2009BB.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\July 28.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\IVEField[2].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\It Ain't gonna rain no more.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ISU RF Susceptibility.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\IOM L2_2 SCRs 10_June.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\IntuitiveApproachforCepPerformanceModelValidation.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\IntuitiveApproachfoCepPerformanceModelValidation.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Honeywell PL License Agree - micrium.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\HMR.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\HIPAC Match - DN# 64734.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\HI_L2 B_L2 2_Software Delivery Content 4 Feb 09+AI points.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Hero Pictures.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\HeadInjury-SJS[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Hazard Display Results 2009 w exec.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\hayward_green_vg.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Gulfstream Mag Effects Deviation SEM 20652.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\group meeting.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\GlazeOrg.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\GlazeFamilyTree.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Glaze09xls(1).xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\FourLaneRacePlan.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\FourLAne.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\foaminsulation.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Flag Ceremony2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\FishCabinWebeloList.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\FFAR_FFR_Rail_Mandatory.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\FaithBirhdayInvitees.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\evacuatedtubes.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EOPS_ProposedChanges_HPRO_080625.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Engraving.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Engraving Order.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EM_Labor_Rate_Tables1.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EducationReimb.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ECR-EADS-Hl-A400M MRA-078A_SysPR_SP_range_calibration.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ECR-EADS-Hl-A400M MRA-070_scan_rate_antenna[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ECR-EADS-Hl-A400M MRA-051A_CONVAIR_covariance.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ECR%20HI-EADS-A400M%20MRA-047B_DCR2_4_Airbus_Questions[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ECR HI-EADS-A400M MRA-0xx Robustness Improvements Pat.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ECR HI-EADS-A400M MRA-039B MRA SER_37-2 EPU computation_2[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ecm-mmrp-32bitcrc_pat.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ECM on Inrush Current.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ECM HI-AI-A400M-MRA-xxx Response to MRA Action Item 616.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EADS Call Todo 01 July 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EADS Call Sept 23, 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EADS Call 7-Oct-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EADS Call 5-Aug-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EADS Call 20-May-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EADS Call 16 Sept 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\EADS Call 14 Oct 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\duradekTechTalk126.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\DuradekDetails.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\DO160ELabel.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\DDP 993-6006-308_Rev -(v0).doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\DCR2-4 scratchpad.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\DCR2_4_Story[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\DCR 2-4.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\DCR 2-4 Estimate White paper.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\dccc-struck.pps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Czars.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Current BOE's.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Cubs On-line Advancement.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\CubAdvance.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Cub Scout Prayer.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Cub Scout Prayer January_22_2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\cub meeting nights.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\CP_Make_Buy.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\courtPapers02-359.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Copy of Radar Engineering HW Activities 20090206.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Copy of CoastBB(1).xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Copy of CNS Master Data.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Copy of A400M_MRA_MilestoneSource2.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\COMAC919 Avionics RFP JA Rev -.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\CNS Top Programs June 8 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\CNS MRA Project Review-19028-Mar 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ChristmasCarols.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\CharterNames.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\CatholicSchoolTuition.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\CascadeInvoicePendingInvoiceAEWA-E181530-20091012-0140.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\carcut_9.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\carcut_12.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\CampBrinkleyDirections.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\C919 Scratch.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\C919 IOM estimation guide.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\C29_RCS.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Bywood Bench.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Bunch-Howell Relation.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\bufferStuff.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\BOEvsEAC_2006-5_2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\boeing_747_operations_manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\BOE - spend.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\BLDG2-operation daylight emergency packet.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\BAMS-scratchpad.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\BAMS_AARSS_SPEC[1].txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\BAB.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\AVIC 607 SOW rev 2 - WG 081609.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Aug 11 2009 staff.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\April_14_2009TeamMeeting.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Antenna Size Comparison.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\AltitudeDependantSTCBug.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\AltitudeDependantGainBug.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\AirbusCall02-July-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\AirbusCall 10 Sept 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Airbus call Sept 24, 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Airbus Call 3 Sept 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Airbus Call 27 Aug 2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\Airbus Call 2009-Oct-15.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\AccidentInsuranceBrochure.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\AccidentInsuranceBrochure.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\AcceptableFoodsPhase1_0818.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ABD0100.1.2_E.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\A400M WBS July 2009.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\A400M WBS July 2009 plus notes.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\A400M WBS July 2009 Hester.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\A400M Shipset MLB.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\A400M planning update.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\A400M Dates.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\A400M - CRI F-31 issue 2 - closed.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\A350AlertPrioritization-GD115091.PPT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\8-June-2009 Ken Staff.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\4-27-2009 Ken Staff.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\2010 Team Goals.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\2009ThirdGradeSoccerRoster.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\2009 November Toolkit for Two-Way Communication.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\19-May-2009 staff.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\18-inch antenna considerations.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\18 Inch Considerations.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\16-Mar-2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\15-June-2009 Ken Staff.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\11-June-09 Airbus.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\e181530\My Documents\ ISS ICD T20 in draft version.txt:Roxio EMC Stream

< End of report >

OTL Extras logfile created on: 5/31/2011 4:40:40 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Documents and Settings\e181530\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.52% Memory free
7.08 Gb Paging File | 6.42 Gb Available in Paging File | 90.65% Paging File free
Paging file location(s): C:\pagefile.sys 4976 4976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.49 Gb Total Space | 45.71 Gb Free Space | 51.65% Space Free | Partition Type: NTFS
Drive D: | 144.38 Gb Total Space | 127.85 Gb Free Space | 88.55% Space Free | Partition Type: NTFS
Drive V: | 78.13 Gb Total Space | 48.83 Gb Free Space | 62.50% Space Free | Partition Type: MVFS

Computer Name: WA05LTC3LR0P1 | User Name: e181530 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2140148428-718608452-937769972-54937\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"C:\LDClient\LDISCN32.EXE:*:enabled:LDISCN32" = C:\LDClient\LDISCN32.EXE:*:enabled:LDISCN32
"C:\LDclient\SDCLIENT.EXE:*:enabled:SDCLIENT" = C:\LDclient\SDCLIENT.EXE:*:enabled:SDCLIENT
"C:\LDclient\TMCSVC.EXE:*:enabled:TMCSVC" = C:\LDclient\TMCSVC.EXE:*:enabled:TMCSVC
"C:\LDClient\wuser32.EXE:*:enabled:WUSER32" = C:\LDClient\wuser32.EXE:*:enabled:WUSER32
"C:\Program Files\ePO Agent\epoagent.exe:*:enabled:EPO" = C:\Program Files\ePO Agent\epoagent.exe:*:enabled:EPO
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:enabled:FWORK" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:enabled:FWORK
"C:\Program Files\Nortel Networks\Extranet.exe:*:enabled:HGR" = C:\Program Files\Nortel Networks\Extranet.exe:*:enabled:HGR

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"137:UDP:*:Enabled:LDPort6" = 137:UDP:*:Enabled:LDPort6
"138:UDP:*:Enabled:LDPort7" = 138:UDP:*:Enabled:LDPort7
"139:TCP:*:Enabled:LDPort4" = 139:TCP:*:Enabled:LDPort4
"38292:TCP:*:Enabled:LDPort3" = 38292:TCP:*:Enabled:LDPort3
"38293:UDP:*:Enabled:LDPort2" = 38293:UDP:*:Enabled:LDPort2
"4445:TCP:*:Enabled:Port1" = 4445:TCP:*:Enabled:Port1
"445:TCP:*:Enabled:LDPort5" = 445:TCP:*:Enabled:LDPort5
"9594:TCP:*:Enabled:LDPort1" = 9594:TCP:*:Enabled:LDPort1
"4444:UDP:*:Enabled:Media Player Multicast" = 4444:UDP:*:Enabled:Media Player Multicast

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 1
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 1
"AllowOutboundTimeExceeded" = 1
"AllowOutboundParameterProblem" = 1
"AllowInboundTimestampRequest" = 1
"AllowInboundMaskRequest" = 1
"AllowOutboundPacketTooBig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"C:\LDClient\LDISCN32.EXE:*:enabled:LDISCN32" = C:\LDClient\LDISCN32.EXE:*:enabled:LDISCN32
"C:\LDClient\SDCLIENT.EXE:*:enabled:SDCLIENT" = C:\LDClient\SDCLIENT.EXE:*:enabled:SDCLIENT
"C:\LDClient\TMCSVC.EXE:*:enabled:TMCSVC" = C:\LDClient\TMCSVC.EXE:*:enabled:TMCSVC
"C:\LDClient\wuser32.EXE:*:enabled:WUSER32" = C:\LDClient\wuser32.EXE:*:enabled:WUSER32
"C:\Program Files\ePO Agent\epoagent.exe:*:enabled:EPO" = C:\Program Files\ePO Agent\epoagent.exe:*:enabled:EPO
"C:\Program Files\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:enabled:Communicator -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe:*:enabled:Conf" = C:\Program Files\NetMeeting\conf.exe:*:enabled:Conf -- (Microsoft Corporation)
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:enabled:FWORK" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:enabled:FWORK
"C:\Program Files\Nortel Networks\Extranet.exe:*:enabled:HGR" = C:\Program Files\Nortel Networks\Extranet.exe:*:enabled:HGR
"C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe:*:enabled:SAP" = C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe:*:enabled:SAP

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"137:UDP:*:Enabled:LDPort6" = 137:UDP:*:Enabled:LDPort6
"138:UDP:*:Enabled:LDPort7" = 138:UDP:*:Enabled:LDPort7
"139:TCP:*:Enabled:LDPort4" = 139:TCP:*:Enabled:LDPort4
"38292:TCP:*:Enabled:LDPort3" = 38292:TCP:*:Enabled:LDPort3
"38293:UDP:*:Enabled:LDPort2" = 38293:UDP:*:Enabled:LDPort2
"4445:TCP:*:Enabled:Port1" = 4445:TCP:*:Enabled:Port1
"445:TCP:*:Enabled:LDPort5" = 445:TCP:*:Enabled:LDPort5
"9594:TCP:*:Enabled:LDPort1" = 9594:TCP:*:Enabled:LDPort1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 1
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 1
"AllowOutboundTimeExceeded" = 1
"AllowOutboundParameterProblem" = 1
"AllowInboundTimestampRequest" = 1
"AllowInboundMaskRequest" = 1
"AllowOutboundPacketTooBig" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:enabled:@xpsp2res.dll,-22005
"67:TCP" = 67:TCP:*:enabled:LANDesk® PXE TCP Port
"67:UDP" = 67:UDP:*:enabled:LANDesk® PXE UDP Port
"9535:TCP" = 9535:TCP:*:enabled:LANDesk® Remote Control Agent TCP Port
"9535:UDP" = 9535:UDP:*:enabled:LANDesk® Remote Control Agent UDP Port
"4445:TCP" = 4445:TCP:*:Enabled:AntiVirus
"5556:TCP" = 5556:TCP:*:Enabled:Safeboot
"59087:TCP" = 59087:TCP:*:Enabled:Pando Media Booster
"59087:UDP" = 59087:UDP:*:Enabled:Pando Media Booster
"56831:TCP" = 56831:TCP:*:Enabled:Pando Media Booster
"56831:UDP" = 56831:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"137:UDP" = 137:UDP:*:enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:enabled:@xpsp2res.dll,-22005
"67:TCP" = 67:TCP:*:enabled:LANDesk® PXE TCP Port
"67:UDP" = 67:UDP:*:enabled:LANDesk® PXE UDP Port
"9535:TCP" = 9535:TCP:*:enabled:LANDesk® Remote Control Agent TCP Port
"9535:UDP" = 9535:UDP:*:enabled:LANDesk® Remote Control Agent UDP Port
"4444:UDP" = 4444:UDP:*:Enabled:Media Player Multicast Feed
"59087:TCP" = 59087:TCP:*:Enabled:Pando Media Booster
"59087:UDP" = 59087:UDP:*:Enabled:Pando Media Booster
"56831:TCP" = 56831:TCP:*:Enabled:Pando Media Booster
"56831:UDP" = 56831:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
"C:\Program Files\LANDesk\LDClient\wuser32.exe" = C:\Program Files\LANDesk\LDClient\wuser32.exe:*:enabled:Remote Control Agent
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\CBA\pds.exe:*:enabled:LANDesk® Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent -- (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:enabled:LANDesk® Targeted Multicast Client -- (LANDesk Software, Ltd.)
"%windir%\system32\msgsys.exe" = %windir%\system32\msgsys.exe:*:enabled:LANDesk® CBA Message System -- (LANDesk Software Ltd.)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2005 -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\SCANOST.EXE" = C:\Program Files\Microsoft Office\Office12\SCANOST.EXE:*:Enabled:Microsoft Office Outlook OST Integrity Check -- ()
"C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe" = C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe:*:Enabled:HONSupport -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\CBA\pds.exe:*:enabled:LANDesk® Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:REMOTE_CONTROL_DISPLAY_NAME -- (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:enabled:LANDesk® Targeted Multicast Client -- (LANDesk Software, Ltd.)
"\system32\msgsys.exe" = \system32\msgsys.exe:*:enabled:LANDesk® CBA Message System -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\wuser32.exe" = C:\Program Files\LANDesk\LDClient\wuser32.exe:*:enabled:Remote Control Agent
"%windir%\system32\msgsys.exe" = %windir%\system32\msgsys.exe:*:enabled:LANDesk® CBA Message System -- (LANDesk Software Ltd.)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe" = C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"E:\setup\HPZNUI01.EXE" = E:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe" = C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe:*:Enabled:HONSupport -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{4DBD586D-7BC1-49A2-8709-9372E438B811}" = OL 2007 HKCU Registry Settings
"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{A0FE116E-9A8A-466F-AEE0-625CB7C207E3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.02.05.8032
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MyTomTom" = MyTomTom 3.0.2.344
"PVCS Version Manager 6.0.10" = PVCS Version Manager 6.0.10

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:35 AM

Posted 31 May 2011 - 07:19 PM

Pat,

Is this a company/business owned machine?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 AeroPat

AeroPat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 01 June 2011 - 12:07 PM

ST,

Astute questions. This IS a company machine, hence the (very irritating) safeboot installation and useless Macfee installation. I am basically on my own to fix any issues.

Pat

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:35 AM

Posted 01 June 2011 - 05:12 PM

Pat,

I am basically on my own to fix any issues.

So there is no IT support at the company?

I don't mean to be difficult, I ask because some companies have there own IT department and have there own procedures for how to handle an infected work computer.

Cheers,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 AeroPat

AeroPat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 01 June 2011 - 06:12 PM

ST,

I understand the reasons for your question. There is no internal IT support. All support is outsourced on a as needed basis. The support is very ad hoc and the resources poorly trained.

Pat

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:35 AM

Posted 01 June 2011 - 06:22 PM

Hi Pat!

Thanks for the clarification.

Glad to hear that unhide.exe brought back your items.

Do you happen to recognize this file?

d:\ABGI\serialnum.vbs

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    IE - HKU\S-1-5-21-2140148428-718608452-937769972-54937\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52242
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 52242
    FF - prefs.js..network.proxy.type: 0
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [IDTSysTrayApp] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{714cc4a2-f915-11db-8ea4-0008749fbd9c}\Shell - "" = AutoRun
    O33 - MountPoints2\{714cc4a2-f915-11db-8ea4-0008749fbd9c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{714cc4a2-f915-11db-8ea4-0008749fbd9c}\Shell\AutoRun\command - "" = F:\SecureDrive_Launcher.exe
    O37 - HKU\S-1-5-21-2140148428-718608452-937769972-54937\...exe [@ = exefile] -- Reg Error: Value error. File not found
    [2011/04/11 03:42:56 | 000,009,606 | -HS- | C] () -- D:\Documents and Settings\e181530\Local Settings\Application Data\hqv735g8i6r22vof61673nryg
    [2011/04/11 03:42:56 | 000,009,606 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\hqv735g8i6r22vof61673nryg
    
    :Reg
    
    :Files
    type "d:\ABGI\serialnum.vbs" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:35 AM

Posted 04 June 2011 - 09:14 AM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:35 AM

Posted 06 June 2011 - 11:08 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users