Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Downadup.b/Conficker Worm


  • This topic is locked This topic is locked
67 replies to this topic

#1 stx_latino

stx_latino

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 29 September 2011 - 12:07 PM

I have already used malware bytes to try and remove the infection. Funny thing is that when i scan the computer with any software it picks up not one virus, however i'm still getting at1 jobs added to task scheduler automatically says it's coming from "rundll32.exe ervft.wmm,oxfca" that was created by "NetScheduleJobAdd" Norton catches and removes the following file from the system32 folder ervft.wmm says it's infected with downadup.b and removes it. over a short period of time the process manager fills up with rundll32.exe processes. I've use every know anti-virus and removal tool and they all fail to locate anything and have run out of options as to why the task scheduler is adding these tasks and why rundll32.exe process are running more then 20 to 30 at one time. I have reached a stopping point and have not been able to find out what i need to do to correct this.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by julie.myers at 8:47:10 on 2011-09-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1326 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton business suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton business suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton business suite\engine\4.3.0.5\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NortonUpdateAgent] c:\documents and settings\all users\application data\norton\NUA.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
StartupFolder: c:\docume~1\julie~1.mye\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\panaso~1.lnk - c:\program files\panasonic\panasonic-dms\port controller\Mfpscdl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: halliburton.com\hsn
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://72.20.135.183/SysCamInst.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262021773562
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292350620403
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://globalshopsolutions.webex.com/client/T27LC/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E876D003-BCDE-11D3-9131-000094B61529} - hxxps://ecollaborate.bakerhughes.com/eroomsetup/client.cab
TCP: DhcpNameServer = 10.1.1.3
TCP: Interfaces\{89D923A7-A90B-4F7D-9F29-63003302A798} : DhcpNameServer = 10.1.1.3
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\documents and settings\all users\application data\fileopen\services\FileOpenManagerSvc32.exe [2011-3-9 212352]
R2 N360;Norton Business Suite;c:\program files\norton business suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110928.030\IDSXpx86.sys [2011-9-28 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110928.032\NAVENG.SYS [2011-9-29 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110928.032\NAVEX15.SYS [2011-9-29 1576312]
R4 KAPFA;KAPFA;\??\c:\windows\system32\drivers\kapfa.sys --> c:\windows\system32\drivers\KAPFA.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-28 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 TrufosAlt;TrufosAlt;c:\windows\system32\drivers\TrufosAlt.sys [2011-9-21 306320]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown KaseyaAgent;KaseyaAgent; [x]
.
=============== Created Last 30 ================
.
2011-09-29 12:44:04 -------- d-----w- c:\windows\system32\NtmsData
2011-09-27 18:40:11 -------- d-----w- c:\program files\FileOpen
2011-09-27 18:40:11 -------- d-----w- c:\documents and settings\all users\application data\FileOpen
2011-09-26 21:21:21 -------- d-----w- c:\program files\ESET
2011-09-26 21:08:21 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-26 20:14:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-26 20:14:23 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-23 21:48:00 -------- d-----w- c:\documents and settings\julie.myers\local settings\application data\NPE
2011-09-21 21:13:18 306320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-09-21 21:05:07 -------- d-----w- c:\documents and settings\julie.myers\application data\Malwarebytes
2011-09-21 13:19:52 -------- d-----w- c:\program files\common files\Windows Live
2011-09-21 13:09:17 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-09-20 20:08:08 -------- d-----w- c:\documents and settings\all users\application data\GroupPolicy
2011-09-20 18:29:10 -------- d-----w- c:\windows\system32\winrm
2011-09-20 18:28:59 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-09-20 18:15:44 -------- d-----w- c:\documents and settings\julie.myers\application data\Windows Desktop Search
2011-09-20 18:12:59 -------- d-----w- c:\program files\Windows Media Connect 2
2011-09-20 18:10:32 -------- d-----w- C:\ae8c7d68aa9b422fc741b491f1d169
2011-09-20 18:10:16 -------- d-----w- c:\windows\system32\LogFiles
2011-09-20 17:47:00 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-09-20 17:46:40 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-09-20 17:45:57 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-09-20 17:45:56 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-09-20 17:45:56 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-09-20 17:44:15 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-20 17:44:00 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-09-20 17:40:17 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-20 17:39:36 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-09-20 16:33:50 -------- d-----w- c:\windows\system32\scripting
2011-09-20 16:33:50 -------- d-----w- c:\windows\l2schemas
2011-09-20 16:33:48 -------- d-----w- c:\windows\system32\en
2011-09-20 16:33:48 -------- d-----w- c:\windows\system32\bits
2011-09-20 16:01:51 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2011-09-20 16:01:43 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2011-09-20 16:01:43 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2011-09-20 16:01:43 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2011-09-20 08:11:38 -------- d-----w- c:\windows\ServicePackFiles
2011-09-19 17:49:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-19 17:47:18 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-09-19 17:47:17 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-09-09 09:12:13 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 8:47:36.79 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 04 October 2011 - 12:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421091 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 stx_latino

stx_latino
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 04 October 2011 - 12:28 PM

I have already used malware bytes to try and remove the infection. Funny thing is that when i scan the computer with any software it picks up not one virus, however i'm still getting at1 jobs added to task scheduler automatically says it's coming from "rundll32.exe ervft.wmm,oxfca" that was created by "NetScheduleJobAdd" Norton catches and removes the following file from the system32 folder ervft.wmm says it's infected with downadup.b and removes it. over a short period of time the process manager fills up with rundll32.exe processes. I've use every know anti-virus and removal tool and they all fail to locate anything and have run out of options as to why the task scheduler is adding these tasks and why rundll32.exe process are running more then 20 to 30 at one time. I have reached a stopping point and have not been able to find out what i need to do to correct this.


Running Windows XP Service Pack 3 32-Bit System
Original OS CD not available

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by julie.myers at 12:14:11 on 2011-10-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1073 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenBroker32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\JULIE~1.MYE\LOCALS~1\Temp\GSS\GSSMenu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\rdpclip.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer provided by Sunbelt Machine Works
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton business suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton business suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton business suite\engine\4.3.0.5\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NortonUpdateAgent] c:\documents and settings\all users\application data\norton\NUA.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Kaseya Agent Service Helper] "c:\program files\kaseya\agent\KaUsrTsk.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\panaso~1.lnk - c:\program files\panasonic\panasonic-dms\port controller\Mfpscdl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: halliburton.com\hsn
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://72.20.135.183/SysCamInst.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262021773562
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292350620403
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://globalshopsolutions.webex.com/client/T27LC/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E876D003-BCDE-11D3-9131-000094B61529} - hxxps://ecollaborate.bakerhughes.com/eroomsetup/client.cab
TCP: DhcpNameServer = 10.1.1.3
TCP: Interfaces\{89D923A7-A90B-4F7D-9F29-63003302A798} : DhcpNameServer = 10.1.1.3
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 12:15:13.20 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 AM

Posted 05 October 2011 - 04:47 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Gmer says that there may be a rootkit going along with the worm, Conficker.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 stx_latino

stx_latino
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 05 October 2011 - 05:00 PM

Ran the aswMBR utility and posted it's contents below...


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-05 16:56:38
-----------------------------
16:56:38.859 OS Version: Windows 5.1.2600 Service Pack 3
16:56:38.859 Number of processors: 2 586 0x409
16:56:38.859 ComputerName: JULIE-XP UserName:
16:56:40.047 Initialize success
16:56:50.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
16:56:50.642 Disk 0 Vendor: HDS728080PLA380 PF2OA63A Size: 76293MB BusType: 3
16:56:52.674 Disk 0 MBR read successfully
16:56:52.674 Disk 0 MBR scan
16:56:52.674 Disk 0 unknown MBR code
16:56:52.674 Disk 0 scanning sectors +156232125
16:56:52.767 Disk 0 scanning C:\WINDOWS\system32\drivers
16:57:11.520 Service scanning
16:57:12.677 Modules scanning
16:57:23.366 Disk 0 trace - called modules:
16:57:23.382 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:57:23.397 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a706ab8]
16:57:23.397 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a739b00]
16:57:23.397 Scan finished successfully
16:57:32.867 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\julie.myers\Desktop\MBR.dat"
16:57:32.867 The log file has been saved successfully to "C:\Documents and Settings\julie.myers\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 AM

Posted 05 October 2011 - 05:14 PM

Hmm, unknown MBR.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 stx_latino

stx_latino
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 05 October 2011 - 05:17 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000c08d

Kernel Drivers (total 157):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AE000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9E95000 SYMDS.SYS
0xB9E68000 SYMEFA.SYS
0xB9E53000 drvmcdb.sys
0xBA338000 PxHelp20.sys
0xB9E3C000 KSecDD.sys
0xB9DAF000 Ntfs.sys
0xB9D82000 NDIS.sys
0xB9D68000 Mup.sys
0xBA258000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB95F4000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB95E0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB95B8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9594000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA268000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xB9571000 \SystemRoot\system32\DRIVERS\ks.sys
0xB944A000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xB93B5000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xBA3F8000 \SystemRoot\System32\Drivers\Modem.SYS
0xB938F000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xBA400000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA278000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA600000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA288000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA298000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA408000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA730000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9378000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA410000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9367000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA418000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA420000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9337000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA430000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xBA602000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB92D9000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D23000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA308000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA554000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xA9090000 \SystemRoot\system32\drivers\sthda.sys
0xA906C000 \SystemRoot\system32\drivers\portcls.sys
0xBA138000 \SystemRoot\system32\drivers\drmk.sys
0xB9755000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA606000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB98A0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA8FED000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0xA8FCE000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9898000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9735000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9894000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB9890000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB9725000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0xA8E29000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xBA630000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA70D000 \SystemRoot\System32\Drivers\Null.SYS
0xBA632000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA488000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA490000 \SystemRoot\System32\drivers\vga.sys
0xBA634000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA636000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA498000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA584000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8DE2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8D89000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8D0A000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS
0xA8CE4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA168000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8C61000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8C3F000 \SystemRoot\System32\drivers\afd.sys
0xBA188000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8C14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8BA4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8B46000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA8B28000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA8AA9000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0xBA1E8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA899E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA66A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8D7D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3C0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA734000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBA178000 \SystemRoot\system32\drivers\drvnddm.sys
0xBA7D7000 \SystemRoot\system32\dla\tfsndres.sys
0xA8848000 \SystemRoot\system32\dla\tfsnifs.sys
0xA88DE000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA650000 \SystemRoot\system32\dla\tfsnpool.sys
0xBA368000 \SystemRoot\system32\dla\tfsnboio.sys
0xBA198000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA7EE000 \SystemRoot\system32\dla\tfsndrct.sys
0xA882F000 \SystemRoot\system32\dla\tfsnudf.sys
0xA8816000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA887A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBF157000 \SystemRoot\System32\ATMFD.DLL
0xA85B9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5D4000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xBA3B0000 \??\C:\Documents and Settings\All Users\Application Data\FileOpen\Services\fowp32.sys
0xA8359000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA398000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA80DE000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA7FDE000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7F9A000 \??\C:\WINDOWS\system32\drivers\KAPFA.SYS
0xA7BA3000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7702000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7067000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8706000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA6329000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110929.001\BHDrvx86.sys
0xBA3A8000 \??\C:\DOCUME~1\JULIE~1.MYE\LOCALS~1\Temp\mbr.sys
0xA5EA1000 \??\C:\DOCUME~1\JULIE~1.MYE\LOCALS~1\Temp\ugryypog.sys
0xA571E000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111005.002\NAVEX15.SYS
0xA570A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111005.002\NAVENG.SYS
0xA5547000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111005.031\IDSxpx86.sys
0xBFF60000 \SystemRoot\System32\RDPDD.dll
0xA5FEA000 \??\C:\DOCUME~1\JULIE~1.MYE\LOCALS~1\Temp\aswMBR.sys
0xBA5F6000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 95):
0 System Idle Process
4 System
876 C:\WINDOWS\system32\smss.exe
924 csrss.exe
956 C:\WINDOWS\system32\winlogon.exe
1000 C:\WINDOWS\system32\services.exe
1012 C:\WINDOWS\system32\lsass.exe
1212 C:\WINDOWS\system32\svchost.exe
1304 svchost.exe
1428 C:\WINDOWS\system32\svchost.exe
1528 svchost.exe
1704 svchost.exe
1848 C:\WINDOWS\system32\spoolsv.exe
1956 svchost.exe
172 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
308 C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
364 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
708 C:\Program Files\Java\jre6\bin\jqs.exe
844 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
860 C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccsvchst.exe
1344 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1372 C:\WINDOWS\system32\svchost.exe
1628 C:\WINDOWS\system32\searchindexer.exe
3672 alg.exe
2324 C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccsvchst.exe
4020 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
4052 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
336 C:\WINDOWS\system32\hkcmd.exe
196 C:\WINDOWS\system32\igfxpers.exe
472 C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
548 C:\WINDOWS\system32\ctfmon.exe
1820 C:\Program Files\DellSupport\DSAgnt.exe
3124 C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe
672 C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
3168 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
2816 C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
1388 C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenBroker32.exe
3112 C:\WINDOWS\explorer.exe
280 C:\WINDOWS\system32\igfxsrvc.exe
1808 C:\DOCUME~1\JULIE~1.MYE\LOCALS~1\Temp\GSS\GSSMenu.exe
5144 C:\WINDOWS\system32\rundll32.exe
4108 C:\WINDOWS\system32\rundll32.exe
2596 C:\WINDOWS\system32\rundll32.exe
2380 C:\WINDOWS\system32\rundll32.exe
3268 C:\WINDOWS\system32\rundll32.exe
5940 C:\WINDOWS\system32\rundll32.exe
4780 C:\WINDOWS\system32\rundll32.exe
5764 C:\WINDOWS\system32\rundll32.exe
3756 C:\WINDOWS\system32\rundll32.exe
4712 C:\WINDOWS\system32\rundll32.exe
4816 C:\WINDOWS\system32\rundll32.exe
5224 C:\WINDOWS\system32\rundll32.exe
5428 C:\WINDOWS\system32\rundll32.exe
2160 C:\WINDOWS\system32\rundll32.exe
3604 C:\WINDOWS\system32\rundll32.exe
5312 C:\WINDOWS\system32\rundll32.exe
2036 C:\WINDOWS\system32\rundll32.exe
4004 C:\WINDOWS\system32\rundll32.exe
908 C:\WINDOWS\system32\rundll32.exe
2112 C:\WINDOWS\system32\rundll32.exe
3772 C:\WINDOWS\system32\rundll32.exe
888 C:\WINDOWS\system32\rundll32.exe
2984 C:\WINDOWS\system32\rundll32.exe
3804 C:\WINDOWS\system32\rundll32.exe
4412 C:\WINDOWS\system32\rundll32.exe
6008 C:\WINDOWS\system32\rundll32.exe
2276 C:\WINDOWS\system32\rundll32.exe
4852 C:\WINDOWS\system32\rundll32.exe
4444 C:\WINDOWS\system32\rundll32.exe
5276 C:\WINDOWS\system32\rundll32.exe
5760 C:\WINDOWS\system32\rundll32.exe
3308 C:\WINDOWS\system32\rundll32.exe
3260 C:\WINDOWS\system32\rundll32.exe
5928 C:\WINDOWS\system32\rundll32.exe
4536 C:\WINDOWS\system32\rundll32.exe
4272 C:\WINDOWS\system32\rundll32.exe
3784 C:\WINDOWS\system32\rundll32.exe
4692 C:\WINDOWS\system32\rundll32.exe
4280 C:\WINDOWS\system32\rundll32.exe
2240 C:\WINDOWS\system32\rundll32.exe
828 C:\WINDOWS\system32\rundll32.exe
1460 C:\WINDOWS\system32\rundll32.exe
5732 C:\WINDOWS\system32\rundll32.exe
3248 C:\WINDOWS\system32\rundll32.exe
2228 C:\WINDOWS\system32\rundll32.exe
5524 C:\WINDOWS\system32\rundll32.exe
1484 C:\WINDOWS\system32\rundll32.exe
896 csrss.exe
4392 C:\WINDOWS\system32\winlogon.exe
5332 C:\WINDOWS\system32\rdpclip.exe
992 C:\Documents and Settings\julie.myers\Desktop\aswMBR.exe
4332 C:\WINDOWS\system32\logon.scr
2096 C:\Documents and Settings\julie.myers\Desktop\MBRCheck.exe
5412 C:\WINDOWS\system32\searchprotocolhost.exe
5564 searchfilterhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)

PhysicalDrive0 Model Number: HDS728080PLA380, Rev: PF2OA63A

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


Done!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 AM

Posted 05 October 2011 - 05:34 PM

Dell. Everything's okay there then.

Please run TDSSKiller next

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now run OTL, this should find any At*.job files (connected to TDSS)

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#9 stx_latino

stx_latino
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 06 October 2011 - 06:33 AM

06:31:01.0910 5364 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
06:31:02.0676 5364 ============================================================
06:31:02.0676 5364 Current date / time: 2011/10/06 06:31:02.0676
06:31:02.0676 5364 SystemInfo:
06:31:02.0676 5364
06:31:02.0676 5364 OS Version: 5.1.2600 ServicePack: 3.0
06:31:02.0676 5364 Product type: Workstation
06:31:02.0676 5364 ComputerName: JULIE-XP
06:31:02.0676 5364 UserName: julie.myers
06:31:02.0676 5364 Windows directory: C:\WINDOWS
06:31:02.0676 5364 System windows directory: C:\WINDOWS
06:31:02.0676 5364 Processor architecture: Intel x86
06:31:02.0676 5364 Number of processors: 2
06:31:02.0676 5364 Page size: 0x1000
06:31:02.0676 5364 Boot type: Normal boot
06:31:02.0676 5364 ============================================================
06:31:05.0020 5364 Initialize success
06:31:17.0600 0296 ============================================================
06:31:17.0600 0296 Scan started
06:31:17.0600 0296 Mode: Manual;
06:31:17.0600 0296 ============================================================
06:31:17.0991 0296 Abiosdsk - ok
06:31:18.0053 0296 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:31:18.0069 0296 abp480n5 - ok
06:31:18.0131 0296 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:31:18.0131 0296 ACPI - ok
06:31:18.0178 0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:31:18.0194 0296 ACPIEC - ok
06:31:18.0241 0296 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:31:18.0256 0296 adpu160m - ok
06:31:18.0460 0296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:31:18.0475 0296 aec - ok
06:31:18.0522 0296 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
06:31:18.0522 0296 AFD - ok
06:31:18.0569 0296 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:31:18.0569 0296 agp440 - ok
06:31:18.0585 0296 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:31:18.0600 0296 agpCPQ - ok
06:31:18.0710 0296 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:31:18.0741 0296 Aha154x - ok
06:31:18.0772 0296 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:31:18.0788 0296 aic78u2 - ok
06:31:18.0819 0296 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:31:18.0819 0296 aic78xx - ok
06:31:18.0850 0296 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:31:18.0850 0296 AliIde - ok
06:31:18.0882 0296 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:31:18.0897 0296 alim1541 - ok
06:31:18.0913 0296 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:31:18.0928 0296 amdagp - ok
06:31:19.0038 0296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:31:19.0069 0296 amsint - ok
06:31:19.0116 0296 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:31:19.0116 0296 asc - ok
06:31:19.0132 0296 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:31:19.0132 0296 asc3350p - ok
06:31:19.0147 0296 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:31:19.0163 0296 asc3550 - ok
06:31:19.0210 0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:31:19.0210 0296 AsyncMac - ok
06:31:19.0241 0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:31:19.0241 0296 atapi - ok
06:31:19.0257 0296 Atdisk - ok
06:31:19.0303 0296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:31:19.0303 0296 Atmarpc - ok
06:31:19.0475 0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:31:19.0475 0296 audstub - ok
06:31:19.0522 0296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:31:19.0538 0296 Beep - ok
06:31:19.0788 0296 BHDrvx86 (163340a63f197c91d65ca9ce4b5811f7) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110929.001\BHDrvx86.sys
06:31:19.0819 0296 BHDrvx86 - ok
06:31:19.0960 0296 bvrp_pci - ok
06:31:20.0007 0296 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:31:20.0038 0296 cbidf - ok
06:31:20.0054 0296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:31:20.0054 0296 cbidf2k - ok
06:31:20.0132 0296 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys
06:31:20.0147 0296 ccHP - ok
06:31:20.0194 0296 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:31:20.0194 0296 cd20xrnt - ok
06:31:20.0288 0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:31:20.0304 0296 Cdaudio - ok
06:31:20.0335 0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:31:20.0335 0296 Cdfs - ok
06:31:20.0382 0296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:31:20.0382 0296 Cdrom - ok
06:31:20.0397 0296 Changer - ok
06:31:20.0460 0296 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:31:20.0460 0296 CmdIde - ok
06:31:20.0491 0296 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:31:20.0507 0296 Cpqarray - ok
06:31:20.0554 0296 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:31:20.0554 0296 dac2w2k - ok
06:31:20.0647 0296 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:31:20.0679 0296 dac960nt - ok
06:31:20.0741 0296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:31:20.0741 0296 Disk - ok
06:31:20.0804 0296 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:31:20.0819 0296 dmboot - ok
06:31:20.0851 0296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:31:20.0866 0296 dmio - ok
06:31:20.0866 0296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:31:20.0882 0296 dmload - ok
06:31:20.0913 0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:31:20.0929 0296 DMusic - ok
06:31:21.0054 0296 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:31:21.0069 0296 dpti2o - ok
06:31:21.0116 0296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:31:21.0132 0296 drmkaud - ok
06:31:21.0179 0296 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
06:31:21.0179 0296 drvmcdb - ok
06:31:21.0194 0296 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
06:31:21.0210 0296 drvnddm - ok
06:31:21.0335 0296 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
06:31:21.0335 0296 DSproct - ok
06:31:21.0476 0296 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
06:31:21.0507 0296 dsunidrv - ok
06:31:21.0538 0296 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
06:31:21.0538 0296 E100B - ok
06:31:21.0663 0296 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
06:31:21.0694 0296 eeCtrl - ok
06:31:21.0788 0296 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:31:21.0819 0296 EraserUtilRebootDrv - ok
06:31:22.0023 0296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:31:22.0023 0296 Fastfat - ok
06:31:22.0070 0296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:31:22.0070 0296 Fdc - ok
06:31:22.0085 0296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:31:22.0101 0296 Fips - ok
06:31:22.0116 0296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:31:22.0132 0296 Flpydisk - ok
06:31:22.0179 0296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:31:22.0179 0296 FltMgr - ok
06:31:22.0226 0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:31:22.0241 0296 Fs_Rec - ok
06:31:22.0413 0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:31:22.0413 0296 Ftdisk - ok
06:31:22.0460 0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
06:31:22.0476 0296 GEARAspiWDM - ok
06:31:22.0507 0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:31:22.0523 0296 Gpc - ok
06:31:22.0570 0296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:31:22.0570 0296 HDAudBus - ok
06:31:22.0601 0296 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:31:22.0632 0296 HidUsb - ok
06:31:22.0788 0296 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:31:22.0788 0296 hpn - ok
06:31:22.0835 0296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:31:22.0851 0296 HTTP - ok
06:31:22.0898 0296 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:31:22.0898 0296 i2omgmt - ok
06:31:22.0929 0296 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:31:22.0960 0296 i2omp - ok
06:31:22.0992 0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:31:22.0992 0296 i8042prt - ok
06:31:23.0195 0296 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
06:31:23.0226 0296 ialm - ok
06:31:23.0523 0296 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111005.031\IDSxpx86.sys
06:31:23.0538 0296 IDSxpx86 - ok
06:31:23.0695 0296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:31:23.0710 0296 Imapi - ok
06:31:23.0757 0296 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:31:23.0773 0296 ini910u - ok
06:31:23.0835 0296 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
06:31:23.0867 0296 IntelC51 - ok
06:31:23.0914 0296 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
06:31:23.0929 0296 IntelC52 - ok
06:31:23.0945 0296 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
06:31:23.0945 0296 IntelC53 - ok
06:31:24.0117 0296 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:31:24.0117 0296 IntelIde - ok
06:31:24.0148 0296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:31:24.0164 0296 intelppm - ok
06:31:24.0210 0296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:31:24.0226 0296 Ip6Fw - ok
06:31:24.0257 0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:31:24.0257 0296 IpFilterDriver - ok
06:31:24.0289 0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:31:24.0304 0296 IpInIp - ok
06:31:24.0335 0296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:31:24.0351 0296 IpNat - ok
06:31:24.0539 0296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:31:24.0554 0296 IPSec - ok
06:31:24.0586 0296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:31:24.0601 0296 IRENUM - ok
06:31:24.0648 0296 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:31:24.0648 0296 isapnp - ok
06:31:24.0757 0296 KAPFA (d4c8c5525e478335cca41b30045dec01) C:\WINDOWS\system32\drivers\KAPFA.SYS
06:31:24.0789 0296 KAPFA - ok
06:31:24.0836 0296 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:31:24.0851 0296 Kbdclass - ok
06:31:24.0961 0296 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:31:24.0976 0296 kbdhid - ok
06:31:25.0007 0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:31:25.0023 0296 kmixer - ok
06:31:25.0054 0296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:31:25.0070 0296 KSecDD - ok
06:31:25.0101 0296 lbrtfdc - ok
06:31:25.0164 0296 MBAMSwissArmy - ok
06:31:25.0226 0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:31:25.0226 0296 mnmdd - ok
06:31:25.0273 0296 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:31:25.0273 0296 Modem - ok
06:31:25.0289 0296 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
06:31:25.0289 0296 MODEMCSA - ok
06:31:25.0304 0296 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
06:31:25.0304 0296 mohfilt - ok
06:31:25.0320 0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:31:25.0320 0296 Mouclass - ok
06:31:25.0383 0296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:31:25.0383 0296 mouhid - ok
06:31:25.0414 0296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:31:25.0429 0296 MountMgr - ok
06:31:25.0461 0296 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:31:25.0461 0296 mraid35x - ok
06:31:25.0492 0296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:31:25.0492 0296 MRxDAV - ok
06:31:25.0648 0296 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:31:25.0664 0296 MRxSmb - ok
06:31:25.0726 0296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:31:25.0726 0296 Msfs - ok
06:31:25.0836 0296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:31:25.0851 0296 MSKSSRV - ok
06:31:25.0898 0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:31:25.0898 0296 MSPCLOCK - ok
06:31:25.0929 0296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:31:25.0945 0296 MSPQM - ok
06:31:25.0992 0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:31:25.0992 0296 mssmbios - ok
06:31:26.0054 0296 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:31:26.0070 0296 Mup - ok
06:31:26.0351 0296 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111005.033\NAVENG.SYS
06:31:26.0367 0296 NAVENG - ok
06:31:26.0476 0296 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111005.033\NAVEX15.SYS
06:31:26.0492 0296 NAVEX15 - ok
06:31:26.0633 0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:31:26.0633 0296 NDIS - ok
06:31:26.0726 0296 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:31:26.0726 0296 NdisTapi - ok
06:31:26.0789 0296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:31:26.0805 0296 Ndisuio - ok
06:31:26.0820 0296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:31:26.0820 0296 NdisWan - ok
06:31:26.0867 0296 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:31:26.0867 0296 NDProxy - ok
06:31:26.0898 0296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:31:26.0898 0296 NetBIOS - ok
06:31:26.0930 0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:31:26.0945 0296 NetBT - ok
06:31:27.0070 0296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:31:27.0070 0296 Npfs - ok
06:31:27.0133 0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:31:27.0133 0296 Ntfs - ok
06:31:27.0180 0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:31:27.0180 0296 Null - ok
06:31:27.0336 0296 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:31:27.0383 0296 nv - ok
06:31:27.0430 0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:31:27.0430 0296 NwlnkFlt - ok
06:31:27.0586 0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:31:27.0586 0296 NwlnkFwd - ok
06:31:27.0633 0296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:31:27.0633 0296 Parport - ok
06:31:27.0695 0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:31:27.0695 0296 PartMgr - ok
06:31:27.0742 0296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:31:27.0742 0296 ParVdm - ok
06:31:27.0758 0296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:31:27.0758 0296 PCI - ok
06:31:27.0774 0296 PCIDump - ok
06:31:27.0789 0296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:31:27.0805 0296 PCIIde - ok
06:31:27.0836 0296 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:31:27.0867 0296 Pcmcia - ok
06:31:27.0883 0296 PDCOMP - ok
06:31:27.0899 0296 PDFRAME - ok
06:31:27.0914 0296 PDRELI - ok
06:31:27.0930 0296 PDRFRAME - ok
06:31:27.0961 0296 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:31:27.0977 0296 perc2 - ok
06:31:28.0055 0296 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:31:28.0055 0296 perc2hib - ok
06:31:28.0133 0296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:31:28.0149 0296 PptpMiniport - ok
06:31:28.0180 0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:31:28.0195 0296 PSched - ok
06:31:28.0211 0296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:31:28.0211 0296 Ptilink - ok
06:31:28.0258 0296 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:31:28.0258 0296 PxHelp20 - ok
06:31:28.0274 0296 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:31:28.0305 0296 ql1080 - ok
06:31:28.0320 0296 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:31:28.0320 0296 Ql10wnt - ok
06:31:28.0352 0296 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:31:28.0352 0296 ql12160 - ok
06:31:28.0414 0296 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:31:28.0414 0296 ql1240 - ok
06:31:28.0508 0296 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:31:28.0508 0296 ql1280 - ok
06:31:28.0539 0296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:31:28.0539 0296 RasAcd - ok
06:31:28.0602 0296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:31:28.0602 0296 Rasl2tp - ok
06:31:28.0633 0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:31:28.0633 0296 RasPppoe - ok
06:31:28.0649 0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:31:28.0649 0296 Raspti - ok
06:31:28.0711 0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:31:28.0711 0296 Rdbss - ok
06:31:28.0727 0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:31:28.0758 0296 RDPCDD - ok
06:31:28.0805 0296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:31:28.0805 0296 rdpdr - ok
06:31:28.0852 0296 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
06:31:28.0867 0296 RDPWD - ok
06:31:29.0008 0296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:31:29.0024 0296 redbook - ok
06:31:29.0149 0296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:31:29.0164 0296 Secdrv - ok
06:31:29.0211 0296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:31:29.0227 0296 serenum - ok
06:31:29.0258 0296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:31:29.0258 0296 Serial - ok
06:31:29.0352 0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:31:29.0352 0296 Sfloppy - ok
06:31:29.0367 0296 Simbad - ok
06:31:29.0430 0296 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:31:29.0446 0296 sisagp - ok
06:31:29.0555 0296 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:31:29.0586 0296 Sparrow - ok
06:31:29.0618 0296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:31:29.0618 0296 splitter - ok
06:31:29.0664 0296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:31:29.0680 0296 sr - ok
06:31:29.0774 0296 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS
06:31:29.0789 0296 SRTSP - ok
06:31:29.0914 0296 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS
06:31:29.0930 0296 SRTSPX - ok
06:31:30.0008 0296 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:31:30.0008 0296 Srv - ok
06:31:30.0071 0296 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
06:31:30.0071 0296 sscdbhk5 - ok
06:31:30.0086 0296 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
06:31:30.0086 0296 ssrtln - ok
06:31:30.0164 0296 STHDA (26eb7acf476a3461b85f5bce9a677a4a) C:\WINDOWS\system32\drivers\sthda.sys
06:31:30.0196 0296 STHDA - ok
06:31:30.0321 0296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:31:30.0352 0296 swenum - ok
06:31:30.0415 0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:31:30.0415 0296 swmidi - ok
06:31:30.0446 0296 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:31:30.0446 0296 symc810 - ok
06:31:30.0461 0296 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:31:30.0477 0296 symc8xx - ok
06:31:30.0555 0296 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS
06:31:30.0571 0296 SymDS - ok
06:31:30.0727 0296 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS
06:31:30.0774 0296 SymEFA - ok
06:31:30.0868 0296 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
06:31:30.0868 0296 SymEvent - ok
06:31:30.0961 0296 SymIM (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
06:31:30.0977 0296 SymIM - ok
06:31:30.0993 0296 SymIMMP (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
06:31:30.0993 0296 SymIMMP - ok
06:31:31.0165 0296 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS
06:31:31.0196 0296 SymIRON - ok
06:31:31.0243 0296 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS
06:31:31.0274 0296 SYMTDI - ok
06:31:31.0305 0296 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:31:31.0305 0296 sym_hi - ok
06:31:31.0368 0296 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:31:31.0368 0296 sym_u3 - ok
06:31:31.0415 0296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:31:31.0430 0296 sysaudio - ok
06:31:31.0555 0296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:31:31.0602 0296 Tcpip - ok
06:31:31.0633 0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:31:31.0649 0296 TDPIPE - ok
06:31:31.0680 0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:31:31.0696 0296 TDTCP - ok
06:31:31.0743 0296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:31:31.0758 0296 TermDD - ok
06:31:31.0899 0296 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
06:31:31.0915 0296 tfsnboio - ok
06:31:31.0930 0296 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
06:31:31.0930 0296 tfsncofs - ok
06:31:31.0946 0296 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
06:31:31.0946 0296 tfsndrct - ok
06:31:31.0962 0296 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
06:31:31.0962 0296 tfsndres - ok
06:31:31.0977 0296 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
06:31:31.0977 0296 tfsnifs - ok
06:31:31.0993 0296 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
06:31:32.0009 0296 tfsnopio - ok
06:31:32.0024 0296 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
06:31:32.0024 0296 tfsnpool - ok
06:31:32.0055 0296 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
06:31:32.0055 0296 tfsnudf - ok
06:31:32.0071 0296 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
06:31:32.0071 0296 tfsnudfa - ok
06:31:32.0165 0296 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:31:32.0196 0296 TosIde - ok
06:31:32.0290 0296 TrufosAlt (afd6f6d6e34444b5fe9a82445f30436b) C:\WINDOWS\system32\DRIVERS\TrufosAlt.sys
06:31:32.0305 0296 TrufosAlt - ok
06:31:32.0477 0296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:31:32.0477 0296 Udfs - ok
06:31:32.0571 0296 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:31:32.0602 0296 ultra - ok
06:31:32.0665 0296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:31:32.0681 0296 Update - ok
06:31:32.0852 0296 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
06:31:32.0868 0296 USBAAPL - ok
06:31:32.0899 0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:31:32.0915 0296 usbccgp - ok
06:31:32.0977 0296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:31:33.0009 0296 usbehci - ok
06:31:33.0056 0296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:31:33.0071 0296 usbhub - ok
06:31:33.0102 0296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:31:33.0134 0296 usbscan - ok
06:31:33.0227 0296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:31:33.0227 0296 USBSTOR - ok
06:31:33.0259 0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:31:33.0259 0296 usbuhci - ok
06:31:33.0306 0296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:31:33.0321 0296 VgaSave - ok
06:31:33.0352 0296 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:31:33.0368 0296 viaagp - ok
06:31:33.0415 0296 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:31:33.0415 0296 ViaIde - ok
06:31:33.0462 0296 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:31:33.0462 0296 VolSnap - ok
06:31:33.0556 0296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:31:33.0556 0296 Wanarp - ok
06:31:33.0634 0296 wanatw - ok
06:31:33.0649 0296 WDICA - ok
06:31:33.0681 0296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:31:33.0696 0296 wdmaud - ok
06:31:33.0868 0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:31:33.0884 0296 WudfPf - ok
06:31:33.0915 0296 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:31:33.0946 0296 WudfRd - ok
06:31:33.0993 0296 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
06:31:33.0993 0296 \Device\Harddisk0\DR0 - ok
06:31:34.0009 0296 Boot (0x1200) (cd2e1ac6181a2baf95a8b733b2da305e) \Device\Harddisk0\DR0\Partition0
06:31:34.0009 0296 \Device\Harddisk0\DR0\Partition0 - ok
06:31:34.0009 0296 ============================================================
06:31:34.0009 0296 Scan finished
06:31:34.0009 0296 ============================================================
06:31:34.0040 5772 Detected object count: 0
06:31:34.0040 5772 Actual detected object count: 0
06:31:51.0887 1292 Deinitialize success

#10 stx_latino

stx_latino
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 06 October 2011 - 06:44 AM

Contents of OTL are below, ran TDSKiller and it found 0 infected files log posted to previous post.


OTL logfile created on: 10/6/2011 6:34:28 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\julie.myers\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.59% Memory free
2.58 Gb Paging File | 1.48 Gb Available in Paging File | 57.50% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.25 Gb Total Space | 34.38 Gb Free Space | 48.25% Space Free | Partition Type: NTFS
Drive H: | 794.18 Gb Total Space | 558.92 Gb Free Space | 70.38% Space Free | Partition Type: NTFS
Drive O: | 794.18 Gb Total Space | 558.92 Gb Free Space | 70.38% Space Free | Partition Type: NTFS
Drive P: | 794.18 Gb Total Space | 558.92 Gb Free Space | 70.38% Space Free | Partition Type: NTFS

Computer Name: JULIE-XP | User Name: julie.myers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\julie.myers\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe (Symantec Corporation)
PRC - C:\Documents and Settings\julie.myers\Local Settings\Temp\GSS\GSSMenu.exe (Global Shop Solutions)
PRC - C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe (FileOpen Systems Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\system32\logon.scr (Microsoft Corporation)
PRC - C:\WINDOWS\system32\rdpclip.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe (Panasonic Communications Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MfpAdReg.dll ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\PDFMAKE.DLL ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MfpLpd.dll ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MFPPROC.DLL ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MFPSEQ.dll ()


========== Win32 Services (SafeList) ==========

SRV - (FileOpenManagerSvc) -- C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe (FileOpen Systems Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (N360) -- C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (KaseyaAgent) -- C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110929.001\BHDrvx86.sys (Symantec Corporation)
DRV - (TrufosAlt) -- C:\WINDOWS\system32\drivers\TrufosAlt.sys (BitDefender S.R.L.)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111005.031\IDSXpx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111005.033\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111005.033\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)
DRV - (KAPFA) -- C:\WINDOWS\system32\drivers\KaPFA.sys (Kaseya)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://xfinity.comcast.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\julie.myers\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\julie.myers\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/21 11:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/09/30 08:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/09/20 03:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/01 09:35:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\julie.myers\Application Data\Move Networks [2010/07/29 12:17:34 | 000,000,000 | ---D | M]

[2008/01/03 19:19:06 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/05/10 23:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

========== Chrome ==========


O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe (Symantec Corporation)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe (Panasonic Communications Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: halliburton.com ([hsn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://72.20.135.183/SysCamInst.cab (Panasonic Network Camera)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262021773562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292350620403 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://globalshopsolutions.webex.com/client/T27LC/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} https://ecollaborate.bakerhughes.com/eroomsetup/client.cab (ERPageAddin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = network.sunbeltmachineworks.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D923A7-A90B-4F7D-9F29-63003302A798}: DhcpNameServer = 10.1.1.3
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\julie.myers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\julie.myers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/06 06:29:13 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\julie.myers\Desktop\OTL.exe
[2011/10/05 20:53:52 | 001,548,592 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\julie.myers\Desktop\TDSSKiller.exe
[2011/10/03 03:00:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/09/30 08:32:42 | 000,000,000 | ---D | C] -- C:\kworking
[2011/09/29 12:15:33 | 000,135,168 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\kaseyasp.dll
[2011/09/29 12:15:33 | 000,020,792 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\drivers\KaPFA.sys
[2011/09/29 12:15:33 | 000,013,240 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\drivers\KaseyaHA.sys
[2011/09/29 12:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaseya
[2011/09/29 07:44:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/09/27 13:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\FileOpen
[2011/09/27 13:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2011/09/26 16:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/26 16:08:21 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/26 15:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/26 15:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/23 16:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\julie.myers\Local Settings\Application Data\NPE
[2011/09/21 16:13:18 | 000,306,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/09/21 16:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\julie.myers\Application Data\Malwarebytes
[2011/09/21 08:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/09/21 08:09:17 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/09/21 07:27:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/20 15:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2011/09/20 13:29:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/09/20 13:29:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/09/20 13:28:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/09/20 13:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\julie.myers\Application Data\Windows Desktop Search
[2011/09/20 13:13:28 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/09/20 13:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/09/20 13:10:32 | 000,000,000 | ---D | C] -- C:\ae8c7d68aa9b422fc741b491f1d169
[2011/09/20 13:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/09/20 13:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/09/20 12:47:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/09/20 12:46:40 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/09/20 12:45:57 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/09/20 12:45:56 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/09/20 12:45:56 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/09/20 12:44:15 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/09/20 12:44:00 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/09/20 12:40:17 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/09/20 12:39:36 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/09/20 12:00:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/09/20 11:33:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/09/20 11:33:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/09/20 11:33:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/09/20 11:33:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/09/20 11:16:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/09/20 11:02:12 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/09/20 11:02:12 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/09/20 11:02:12 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/09/20 11:02:12 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/09/20 11:02:12 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/09/20 11:02:12 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/09/20 11:02:06 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/09/20 11:02:06 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/09/20 11:02:06 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/09/20 11:02:06 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/09/20 11:02:05 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/09/20 11:02:04 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/09/20 11:02:02 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/09/20 11:02:00 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/09/20 11:02:00 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/09/20 11:02:00 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/09/20 10:58:35 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/09/20 10:58:35 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/09/20 10:58:35 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/09/20 10:58:35 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/09/20 10:58:35 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/09/20 10:58:35 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/09/20 10:58:35 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/09/20 10:58:34 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/09/20 10:58:34 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/09/20 10:58:34 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/09/20 10:58:34 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/09/20 10:58:34 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/09/20 10:58:34 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/09/20 10:58:34 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/09/20 10:58:34 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/09/20 10:58:34 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/09/20 10:58:34 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/09/20 10:58:33 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/09/20 10:58:33 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/09/20 10:58:33 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/09/20 10:58:33 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/09/20 10:58:33 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/09/20 03:11:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/09/19 12:49:20 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/09/19 12:47:18 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/09/19 12:47:17 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/09/09 04:12:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/06 06:29:41 | 001,548,592 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\julie.myers\Desktop\TDSSKiller.exe
[2011/10/06 06:25:48 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2011/10/06 06:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/06 06:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2011/10/06 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2011/10/06 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2011/10/06 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2011/10/06 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2011/10/06 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2011/10/06 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2011/10/06 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2011/10/06 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2011/10/06 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2011/10/06 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2011/10/06 03:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2011/10/06 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2011/10/06 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2011/10/06 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2011/10/06 01:13:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/06 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2011/10/06 01:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2011/10/06 00:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2011/10/06 00:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2011/10/05 23:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2011/10/05 23:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2011/10/05 23:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2011/10/05 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2011/10/05 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2011/10/05 22:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2011/10/05 21:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2011/10/05 21:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2011/10/05 21:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2011/10/05 20:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2011/10/05 20:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2011/10/05 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2011/10/05 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2011/10/05 19:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2011/10/05 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2011/10/05 18:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2011/10/05 18:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2011/10/05 17:39:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\julie.myers\Desktop\OTL.exe
[2011/10/05 17:38:59 | 001,529,675 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\tdsskiller.zip
[2011/10/05 17:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2011/10/05 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2011/10/05 16:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2011/10/05 15:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2011/10/05 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2011/10/05 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2011/10/05 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2011/10/05 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2011/10/05 13:00:05 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2011/10/05 13:00:05 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2011/10/05 13:00:05 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2011/10/05 12:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2011/10/05 12:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2011/10/05 11:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2011/10/05 11:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2011/10/05 10:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/10/05 10:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/10/05 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/10/05 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/10/05 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/10/05 08:56:11 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\julie.myers\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/10/05 08:43:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/10/05 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/10/05 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/10/05 08:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/10/05 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/10/05 07:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/10/05 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/10/05 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/10/05 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/10/05 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/10/05 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/10/05 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/10/05 04:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/10/05 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/10/05 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/10/05 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/10/05 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/10/05 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/10/05 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/10/05 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/10/05 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/10/05 00:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/10/05 00:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/10/05 00:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/10/04 23:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/10/04 23:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/10/04 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/10/04 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/10/04 22:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/10/04 21:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/10/04 21:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/10/04 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/10/04 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/10/04 20:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/10/04 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/10/04 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/10/04 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/10/04 18:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/10/04 18:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/10/04 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/10/04 17:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/10/04 17:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/10/04 16:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/10/04 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/10/03 10:30:09 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\julie.myers\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/03 10:30:08 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\Windows Media Player.lnk
[2011/10/03 10:29:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/30 17:07:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/30 08:42:30 | 000,000,031 | ---- | M] () -- C:\dev.ini
[2011/09/30 08:41:11 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/09/30 08:36:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/30 08:36:07 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/29 08:29:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\julie.myers\defogger_reenable
[2011/09/27 07:37:59 | 000,000,388 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\Shortcut to julie.myers.lnk
[2011/09/27 07:15:27 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\startme.bat
[2011/09/26 16:08:20 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/26 16:07:51 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\Shortcut to Removal Tool.lnk
[2011/09/23 17:21:42 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/23 17:17:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/09/23 16:54:39 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/22 10:29:17 | 000,042,326 | ---- | M] () -- C:\Documents and Settings\julie.myers\My Documents\justme54s_jersey-m54.zip
[2011/09/21 16:13:21 | 000,306,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/09/21 08:36:01 | 000,506,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/21 08:36:01 | 000,088,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/21 08:19:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/20 15:05:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/20 15:05:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/20 13:51:49 | 002,002,999 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2011/09/20 13:14:59 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/09/20 13:10:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/09/20 12:02:56 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/09/20 11:22:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/20 08:54:51 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\julie.myers\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/09/20 04:17:51 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/09/16 13:46:34 | 000,235,453 | ---- | M] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807a.pdf
[2011/09/16 09:07:58 | 000,235,451 | ---- | M] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807.pdf
[2011/09/16 09:07:02 | 000,266,315 | ---- | M] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807.png
[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/06 06:28:47 | 001,529,675 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\tdsskiller.zip
[2011/10/06 06:25:48 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2011/10/06 05:58:13 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2011/10/06 05:36:58 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2011/10/06 05:24:43 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2011/10/06 04:46:17 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2011/10/06 04:30:32 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2011/10/06 04:24:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2011/10/06 03:34:18 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2011/10/06 03:23:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2011/10/06 03:23:30 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2011/10/06 02:22:40 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2011/10/06 02:22:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2011/10/06 02:17:06 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2011/10/06 01:22:03 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2011/10/06 01:10:26 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2011/10/06 01:10:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2011/10/06 00:21:13 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2011/10/06 00:03:36 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2011/10/05 23:58:10 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2011/10/05 23:20:30 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2011/10/05 22:56:08 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2011/10/05 22:39:18 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2011/10/05 22:19:11 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2011/10/05 21:48:54 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2011/10/05 21:20:17 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2011/10/05 21:18:01 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2011/10/05 20:41:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2011/10/05 20:16:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2011/10/05 20:01:29 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2011/10/05 19:34:31 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2011/10/05 19:15:24 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2011/10/05 18:35:41 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2011/10/05 18:24:52 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2011/10/05 18:11:37 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2011/10/05 17:14:11 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2011/10/05 17:06:39 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2011/10/05 17:02:01 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2011/10/05 16:00:31 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2011/10/05 16:00:12 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2011/10/05 15:20:33 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2011/10/05 14:54:16 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2011/10/05 14:47:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2011/10/05 13:49:34 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2011/10/05 13:45:26 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2011/10/05 13:35:48 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2011/10/05 12:44:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2011/10/05 12:23:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2011/10/05 12:04:16 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2011/10/05 11:36:47 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2011/10/05 11:08:38 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2011/10/05 10:30:54 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2011/10/05 10:27:21 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2011/10/05 09:57:30 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/10/05 09:26:55 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/10/05 08:56:09 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/10/05 08:48:24 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/10/05 08:24:30 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/10/05 07:36:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/10/05 07:27:52 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/10/05 07:19:07 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/10/05 06:25:17 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/10/05 06:14:44 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/10/05 05:59:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/10/05 05:15:20 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/10/05 05:13:05 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/10/05 04:44:28 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/10/05 04:10:15 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/10/05 04:06:09 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/10/05 03:23:48 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/10/05 03:07:36 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/10/05 02:55:58 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/10/05 02:03:59 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/10/05 02:02:44 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/10/05 01:45:47 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/10/05 01:00:39 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/10/05 00:41:39 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/10/05 00:35:53 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/10/04 23:57:09 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/10/04 23:26:07 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/10/04 23:20:28 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/10/04 22:53:52 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/10/04 22:16:16 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/10/04 21:59:20 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/10/04 21:50:39 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/10/04 21:06:24 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/10/04 20:47:01 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/10/04 20:38:00 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/10/04 19:56:07 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/10/04 19:43:01 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/10/04 19:16:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/10/04 18:45:56 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/10/04 18:39:41 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/10/04 17:49:17 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/10/04 17:34:29 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/10/04 17:33:20 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/10/04 16:28:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/10/04 16:20:33 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/10/04 16:06:59 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/10/04 15:21:48 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/10/04 15:05:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/09/29 08:29:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\julie.myers\defogger_reenable
[2011/09/26 16:07:51 | 000,000,380 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\Shortcut to Removal Tool.lnk
[2011/09/24 01:08:12 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/24 01:08:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 10:28:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/22 10:29:13 | 000,042,326 | ---- | C] () -- C:\Documents and Settings\julie.myers\My Documents\justme54s_jersey-m54.zip
[2011/09/21 17:37:45 | 2137,149,440 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/20 13:14:58 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/09/20 13:14:58 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/09/20 13:13:14 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\Windows Media Player.lnk
[2011/09/20 13:10:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/09/20 13:04:20 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/09/20 11:02:01 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/09/20 11:01:34 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/09/20 10:58:35 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/09/19 12:43:45 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/09/19 12:34:37 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\startme.bat
[2011/09/16 13:46:34 | 000,235,453 | ---- | C] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807a.pdf
[2011/09/16 09:07:58 | 000,235,451 | ---- | C] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807.pdf
[2011/09/16 09:07:00 | 000,266,315 | ---- | C] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807.png
[2011/06/07 13:28:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 16:23:06 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\julie.myers\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/05/12 10:07:38 | 000,000,196 | ---- | C] () -- C:\WINDOWS\is3encap.ini
[2009/12/10 10:53:49 | 000,039,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/12 10:23:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\bba.INI
[2009/01/13 14:02:02 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/23 09:24:03 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2007/03/09 15:50:59 | 000,038,481 | ---- | C] () -- C:\Documents and Settings\julie.myers\Application Data\Comma Separated Values (Windows).ADR
[2006/10/10 14:41:53 | 000,451,638 | ---- | C] () -- C:\Documents and Settings\julie.myers\Application Data\ZBWallpaper_1.bmp
[2006/10/10 14:41:28 | 000,451,638 | ---- | C] () -- C:\Documents and Settings\julie.myers\Application Data\ZBWallpaper.bmp
[2006/06/15 15:46:29 | 000,000,076 | ---- | C] () -- C:\WINDOWS\SWCEDIT.INI
[2006/03/02 13:56:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2006/02/17 16:29:31 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/25 16:14:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/25 15:53:52 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\MGCSInst.dll
[2006/01/25 15:53:52 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\InstProc.dll
[2006/01/17 12:13:33 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/17 12:13:33 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\28B071669C.sys
[2006/01/16 14:39:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\julie.myers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/13 17:13:08 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2006/01/13 17:13:08 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/01/13 17:13:08 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2006/01/13 16:47:42 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Licence.ini
[2006/01/13 16:45:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\usqlcs32.dll
[2006/01/13 16:45:34 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\CCmove32.dll
[2006/01/13 16:45:34 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\CCCHNG32.dll
[2006/01/13 16:39:21 | 000,260,531 | ---- | C] () -- C:\WINDOWS\pdfcvt.dat
[2006/01/03 16:29:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/03 16:19:25 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/01/03 16:16:51 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/03 16:13:54 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/03 16:11:42 | 000,001,224 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/03 15:48:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/01/03 15:48:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,848 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,192,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,506,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,088,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/06/11 18:39:12 | 006,270,976 | ---- | C] () -- C:\WINDOWS\System32\cricu19.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/03/04 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2010/09/01 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2011/09/27 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2011/09/20 15:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2006/10/27 08:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/07/01 08:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/01/03 16:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/17 11:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/01 10:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/10 10:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/10/10 14:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Canon
[2010/04/30 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2006/08/21 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\eRoom
[2011/09/27 13:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\FileOpen
[2006/06/08 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Leadertech
[2006/01/16 09:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\MSNInstaller
[2006/06/01 14:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\SAEPublishing
[2009/06/23 09:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Viewpoint
[2010/09/28 13:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\WebPublisher
[2011/09/20 13:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Windows Desktop Search
[2010/06/01 09:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Windows Search
[2011/10/04 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/10/04 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/10/06 06:25:48 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2011/10/04 20:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/10/04 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/10/04 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/10/04 21:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/10/04 21:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/10/04 22:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/10/04 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/10/04 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/10/04 23:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/10/04 16:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/10/04 23:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/10/05 00:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/10/05 00:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/10/05 00:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/10/05 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/10/05 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/10/05 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/10/05 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/10/05 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/10/05 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/10/04 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/10/05 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/10/05 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/10/05 04:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/10/05 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/10/05 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/10/05 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/10/05 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/10/05 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/10/05 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/10/05 07:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/10/04 17:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/10/05 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/10/05 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/10/05 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/10/05 08:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/10/05 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/10/05 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/10/05 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/10/05 10:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/10/05 10:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/10/05 11:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2011/10/04 17:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/10/05 11:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2011/10/05 12:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2011/10/05 12:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2011/10/05 13:00:05 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2011/10/05 13:00:05 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2011/10/05 13:00:05 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2011/10/05 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2011/10/05 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2011/10/05 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2011/10/05 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2011/10/04 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/10/05 15:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2011/10/05 16:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2011/10/05 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2011/10/05 17:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2011/10/05 18:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2011/10/05 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2011/10/05 18:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2011/10/05 19:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2011/10/05 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011/10/05 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2011/10/04 18:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/10/05 20:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2011/10/05 20:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2011/10/05 21:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2011/10/05 21:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2011/10/05 21:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2011/10/05 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2011/10/05 22:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2011/10/05 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2011/10/05 23:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2011/10/05 23:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2011/10/04 18:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/10/05 23:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2011/10/06 00:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2011/10/06 00:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2011/10/06 01:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2011/10/06 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2011/10/06 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2011/10/06 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2011/10/06 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2011/10/06 03:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2011/10/06 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2011/10/04 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/10/06 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2011/10/06 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2011/10/06 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2011/10/06 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2011/10/06 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2011/10/06 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2011/10/06 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2011/10/06 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2011/10/06 06:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2011/10/06 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 10/6/2011 6:34:28 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\julie.myers\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.59% Memory free
2.58 Gb Paging File | 1.48 Gb Available in Paging File | 57.50% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.25 Gb Total Space | 34.38 Gb Free Space | 48.25% Space Free | Partition Type: NTFS
Drive H: | 794.18 Gb Total Space | 558.92 Gb Free Space | 70.38% Space Free | Partition Type: NTFS
Drive O: | 794.18 Gb Total Space | 558.92 Gb Free Space | 70.38% Space Free | Partition Type: NTFS
Drive P: | 794.18 Gb Total Space | 558.92 Gb Free Space | 70.38% Space Free | Partition Type: NTFS

Computer Name: JULIE-XP | User Name: julie.myers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1050:TCP" = 1050:TCP:*:Enabled:eyartec
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe" = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe:*:Enabled:MFPSCDL -- (Panasonic Communications Co., Ltd.)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{055193C9-9A9C-4956-A71E-4BBE5167ADCA}" = Panasonic-DMS
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{2B8D280F-F06E-4F2A-BD39-E14FEEC61384}" = Global_Shop_BI_Installer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48C76121-4F90-11D5-9884-0050BA85A903}" = Kaseya Agent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{60336D26-23C8-45A0-AAB9-B9586C73D7BD}" = Panasonic-DMS Read Me DP-2330-3030
"{66392B7C-C522-450D-97B7-B3E41E170C3B}" = imagePROGRAF Status Monitor
"{68D923E0-1244-0F60-6108-2B154B0462D0}" = Comcast Access
"{6C1C10CB-10EE-46E4-B946-4CB662B9C660}" = iPF710 Media Configuration Tool
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75480068-162F-4D6B-B38E-76606A4E5320}_is1" = Dolphin Futures XPS Viewer version 1.1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOK_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOK_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOK_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901977EB-C5F5-4289-A70B-31A753CD0A62}" = Canon iPF710 User Manual
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96165A0E-F058-4303-B701-A91C219E3967}" = TurboTax 2010 wtniper
"{A0DB4D2C-E85B-4C23-A4F2-F1B95D3C3BE8}" = Crystal Reports 10
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABC082A6-A587-493C-83C1-5F2C60A8BAA8}" = FileOpen Client
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{BB0CBC71-5791-4D45-828C-893B28A25CD6}" = Panasonic-DMS Version
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16A1202-2BC5-4BB9-BEBA-D2FD14C8A1CE}" = Communication Utility
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F0122B9E-649B-439C-96CF-BBBD2D325BD5}" = iPF710 Printer Driver Extra Kit
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any DWG to PDF Converter_is1" = Any DWG to PDF Converter 2005.5.1
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell_HostCD" = Dell Printer Software Uninstall
"eRoom 6" = eRoom 6
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"N360" = Norton Business Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OutlineArt" = OutlineArt
"OUTLOOK" = Microsoft Office Outlook 2007
"Pervasive System Analyzer" = Pervasive System Analyzer
"Pervasive.SQL Client" = Pervasive.SQL Client v8.70
"PROSet" = Intel® PRO Network Connections Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Snapshot Viewer" = Snapshot Viewer
"ST6UNST #1" = Unified Plugin Installation
"ST6UNST #2" = Unified Plugin Installation (C:\Program Files\PluginInstall\)
"ST6UNST #3" = Unified Plugin Installation (C:\Program Files\PluginInstall\) #3
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The QI Macros for Excel" = The QI Macros for Excel
"TrialPDF-file v3.0" = TrialPDF-file v3.0
"TurboTax 2010" = TurboTax 2010
"U/SQL Client (Rev3.20)" = U/SQL Client (3.20)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.4
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2011 5:48:23 PM | Computer Name = JULIE-XP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 9/24/2011 1:47:59 AM | Computer Name = JULIE-XP | Source = LiveUpdate | ID = 2752571
Description = 6004: Internal authentication failed for the C:\Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate\Downloads\Updt144\1316128148jtun_nav2k8enn12m25.m25.full.zip
file. Run LiveUpdate again as the cause may have been a transmission error. If
the error persists, contact your network administrator or LiveUpdate provider.

Error - 9/26/2011 9:52:39 AM | Computer Name = JULIE-XP | Source = Userenv | ID = 1006
Description = Windows cannot bind to network.sunbeltmachineworks.com domain. (Local
Error). Group Policy processing aborted.

Error - 9/26/2011 9:52:39 AM | Computer Name = JULIE-XP | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 9/28/2011 12:40:44 PM | Computer Name = JULIE-XP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

Error - 9/29/2011 1:15:12 PM | Computer Name = JULIE-XP | Source = Group Policy Services | ID = 100737026
Description = The client-side extension could not remove computer policy settings
for 'Default Domain Policy {31B2F340-016D-11D2-945F-00C04FB984F9}' because it failed
with error code '0x80070005 Access is denied.'%100790275

Error - 9/29/2011 1:15:14 PM | Computer Name = JULIE-XP | Source = Userenv | ID = 1085
Description = The Group Policy client-side extension Group Policy Services failed
to execute. Please look for any errors reported earlier by that extension.

Error - 9/30/2011 10:43:51 AM | Computer Name = JULIE-XP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

Error - 9/30/2011 10:45:17 AM | Computer Name = JULIE-XP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

Error - 9/30/2011 10:45:39 AM | Computer Name = JULIE-XP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
valid source could be found for product Microsoft Office 2000 SR-1 Professional.
The Windows installer cannot continue.

[ OSession Events ]
Error - 3/9/2011 12:55:20 PM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 265
seconds with 120 seconds of active time. This session ended with a crash.

Error - 4/15/2011 10:14:01 AM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 952160
seconds with 21600 seconds of active time. This session ended with a crash.

Error - 5/2/2011 9:48:34 AM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 508242
seconds with 5160 seconds of active time. This session ended with a crash.

Error - 5/26/2011 9:36:12 AM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 1109234
seconds with 15840 seconds of active time. This session ended with a crash.

Error - 6/8/2011 10:12:56 AM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 63
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/13/2011 10:06:12 AM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 172916
seconds with 5220 seconds of active time. This session ended with a crash.

Error - 7/28/2011 2:07:37 PM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 514948
seconds with 9840 seconds of active time. This session ended with a crash.

Error - 7/29/2011 1:38:55 PM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 84668
seconds with 360 seconds of active time. This session ended with a crash.

Error - 8/26/2011 10:11:37 AM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 156449
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 9/19/2011 11:00:32 AM | Computer Name = JULIE-XP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 1720904
seconds with 27240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/4/2011 1:17:04 PM | Computer Name = JULIE-XP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 10/5/2011 5:55:39 PM | Computer Name = JULIE-XP | Source = TermServDevices | ID = 1111
Description = Driver HP LaserJet 1022n required for printer HP LaserJet 1022n is
unknown. Contact the administrator to install the driver before you log in again.

Error - 10/5/2011 5:55:56 PM | Computer Name = JULIE-XP | Source = TermServDevices | ID = 1111
Description = Driver Panasonic Document Manager required for printer Panasonic Document
Manager is unknown. Contact the administrator to install the driver before you
log in again.

Error - 10/5/2011 5:57:15 PM | Computer Name = JULIE-XP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 10/5/2011 6:13:58 PM | Computer Name = JULIE-XP | Source = TermServDevices | ID = 1111
Description = Driver HP LaserJet 1022n required for printer HP LaserJet 1022n is
unknown. Contact the administrator to install the driver before you log in again.

Error - 10/5/2011 6:14:15 PM | Computer Name = JULIE-XP | Source = TermServDevices | ID = 1111
Description = Driver Panasonic Document Manager required for printer Panasonic Document
Manager is unknown. Contact the administrator to install the driver before you
log in again.

Error - 10/5/2011 6:16:30 PM | Computer Name = JULIE-XP | Source = TermServDevices | ID = 1111
Description = Driver HP LaserJet 1022n required for printer HP LaserJet 1022n is
unknown. Contact the administrator to install the driver before you log in again.

Error - 10/5/2011 6:16:45 PM | Computer Name = JULIE-XP | Source = TermServDevices | ID = 1111
Description = Driver Panasonic Document Manager required for printer Panasonic Document
Manager is unknown. Contact the administrator to install the driver before you
log in again.

Error - 10/6/2011 7:28:22 AM | Computer Name = JULIE-XP | Source = TermServDevices | ID = 1111
Description = Driver HP LaserJet 1022n required for printer HP LaserJet 1022n is
unknown. Contact the administrator to install the driver before you log in again.

Error - 10/6/2011 7:28:38 AM | Computer Name = JULIE-XP | Source = TermServDevices | ID = 1111
Description = Driver Panasonic Document Manager required for printer Panasonic Document
Manager is unknown. Contact the administrator to install the driver before you
log in again.


< End of report >

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 AM

Posted 06 October 2011 - 06:04 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:files
C:\WINDOWS\tasks\At*.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please run OTL as a scan and post the new log.
Posted Image
m0le is a proud member of UNITE

#12 stx_latino

stx_latino
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 07 October 2011 - 08:16 AM

Here is the log for the RunFix


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.29.1 log created on 10072011_081423

#13 stx_latino

stx_latino
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 07 October 2011 - 08:26 AM

Here is the OTL Log File output after running the RunFix, by the way thanks for all your help it is greatly appreciated...



OTL logfile created on: 10/7/2011 8:17:22 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\julie.myers\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.51% Memory free
2.58 Gb Paging File | 1.47 Gb Available in Paging File | 57.03% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.25 Gb Total Space | 34.00 Gb Free Space | 47.72% Space Free | Partition Type: NTFS
Drive H: | 794.18 Gb Total Space | 558.38 Gb Free Space | 70.31% Space Free | Partition Type: NTFS
Drive O: | 794.18 Gb Total Space | 558.38 Gb Free Space | 70.31% Space Free | Partition Type: NTFS
Drive P: | 794.18 Gb Total Space | 558.38 Gb Free Space | 70.31% Space Free | Partition Type: NTFS

Computer Name: JULIE-XP | User Name: julie.myers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\julie.myers\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe (Symantec Corporation)
PRC - C:\Documents and Settings\julie.myers\Local Settings\Temp\GSS\GSSMenu.exe (Global Shop Solutions)
PRC - C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe (FileOpen Systems Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\system32\rdpclip.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe (Panasonic Communications Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MfpAdReg.dll ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\PDFMAKE.DLL ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MfpLpd.dll ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MFPPROC.DLL ()
MOD - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MFPSEQ.dll ()


========== Win32 Services (SafeList) ==========

SRV - (FileOpenManagerSvc) -- C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe (FileOpen Systems Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (N360) -- C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (KaseyaAgent) -- C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110929.001\BHDrvx86.sys (Symantec Corporation)
DRV - (TrufosAlt) -- C:\WINDOWS\system32\drivers\TrufosAlt.sys (BitDefender S.R.L.)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111006.030\IDSXpx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111006.032\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20111006.032\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)
DRV - (KAPFA) -- C:\WINDOWS\system32\drivers\KaPFA.sys (Kaseya)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://xfinity.comcast.net/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\julie.myers\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\julie.myers\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/21 11:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/09/30 08:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/09/20 03:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/01 09:35:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\julie.myers\Application Data\Move Networks [2010/07/29 12:17:34 | 000,000,000 | ---D | M]

[2008/01/03 19:19:06 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2007/05/10 23:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/17 11:15:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

========== Chrome ==========


O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Business Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe (Symantec Corporation)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe (Panasonic Communications Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: halliburton.com ([hsn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://72.20.135.183/SysCamInst.cab (Panasonic Network Camera)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262021773562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292350620403 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://globalshopsolutions.webex.com/client/T27LC/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} https://ecollaborate.bakerhughes.com/eroomsetup/client.cab (ERPageAddin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = network.sunbeltmachineworks.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D923A7-A90B-4F7D-9F29-63003302A798}: DhcpNameServer = 10.1.1.3
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\julie.myers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\julie.myers\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/07 08:14:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/07 08:13:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\julie.myers\Desktop\OTL.exe
[2011/10/03 03:00:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/09/30 08:32:42 | 000,000,000 | ---D | C] -- C:\kworking
[2011/09/29 12:15:33 | 000,135,168 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\kaseyasp.dll
[2011/09/29 12:15:33 | 000,020,792 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\drivers\KaPFA.sys
[2011/09/29 12:15:33 | 000,013,240 | ---- | C] (Kaseya) -- C:\WINDOWS\System32\drivers\KaseyaHA.sys
[2011/09/29 12:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaseya
[2011/09/29 07:44:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/09/27 13:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\FileOpen
[2011/09/27 13:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2011/09/26 16:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/26 16:08:21 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/26 15:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/26 15:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/23 16:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\julie.myers\Local Settings\Application Data\NPE
[2011/09/21 16:13:18 | 000,306,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/09/21 16:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\julie.myers\Application Data\Malwarebytes
[2011/09/21 08:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/09/21 08:09:17 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/09/21 07:27:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/20 15:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2011/09/20 13:29:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/09/20 13:29:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/09/20 13:28:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/09/20 13:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\julie.myers\Application Data\Windows Desktop Search
[2011/09/20 13:13:28 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/09/20 13:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/09/20 13:10:32 | 000,000,000 | ---D | C] -- C:\ae8c7d68aa9b422fc741b491f1d169
[2011/09/20 13:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/09/20 13:10:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/09/20 12:47:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/09/20 12:46:40 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/09/20 12:45:57 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/09/20 12:45:56 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/09/20 12:45:56 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/09/20 12:44:15 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/09/20 12:44:00 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/09/20 12:40:17 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/09/20 12:39:36 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/09/20 12:00:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/09/20 11:33:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/09/20 11:33:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/09/20 11:33:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/09/20 11:33:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/09/20 11:16:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/09/20 11:02:12 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/09/20 11:02:12 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/09/20 11:02:12 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/09/20 11:02:12 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/09/20 11:02:12 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/09/20 11:02:12 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/09/20 11:02:06 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/09/20 11:02:06 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/09/20 11:02:06 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/09/20 11:02:06 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/09/20 11:02:05 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/09/20 11:02:04 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/09/20 11:02:02 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/09/20 11:02:00 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/09/20 11:02:00 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/09/20 11:02:00 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/09/20 10:58:35 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/09/20 10:58:35 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/09/20 10:58:35 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/09/20 10:58:35 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/09/20 10:58:35 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/09/20 10:58:35 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/09/20 10:58:35 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/09/20 10:58:34 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/09/20 10:58:34 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/09/20 10:58:34 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/09/20 10:58:34 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/09/20 10:58:34 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/09/20 10:58:34 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/09/20 10:58:34 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/09/20 10:58:34 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/09/20 10:58:34 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/09/20 10:58:34 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/09/20 10:58:33 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/09/20 10:58:33 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/09/20 10:58:33 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/09/20 10:58:33 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/09/20 10:58:33 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/09/20 03:11:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/09/19 12:49:20 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/09/19 12:47:18 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/09/19 12:47:17 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/09/09 04:12:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/07 08:19:25 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/10/07 08:13:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/07 01:13:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/06 13:49:00 | 000,307,081 | ---- | M] () -- C:\Documents and Settings\julie.myers\My Documents\S-266898NUM AM.pdf
[2011/10/06 10:17:48 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\julie.myers\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/10/06 09:40:58 | 111,335,964 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\Game3vsHurricanes.zip
[2011/10/06 09:39:29 | 017,405,049 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\Game4vsRedskins.zip
[2011/10/06 09:31:12 | 020,119,685 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\Game5vsSaints.zip
[2011/10/06 08:44:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/10/05 17:39:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\julie.myers\Desktop\OTL.exe
[2011/10/03 10:30:09 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\julie.myers\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/03 10:30:08 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\Windows Media Player.lnk
[2011/10/03 10:29:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/30 17:07:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/30 08:42:30 | 000,000,031 | ---- | M] () -- C:\dev.ini
[2011/09/30 08:41:11 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/09/30 08:36:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/30 08:36:07 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/29 08:29:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\julie.myers\defogger_reenable
[2011/09/27 07:37:59 | 000,000,388 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\Shortcut to julie.myers.lnk
[2011/09/27 07:15:27 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\startme.bat
[2011/09/26 16:08:20 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/26 16:07:51 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\julie.myers\Desktop\Shortcut to Removal Tool.lnk
[2011/09/23 17:21:42 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/23 17:17:41 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/09/23 16:54:39 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/22 10:29:17 | 000,042,326 | ---- | M] () -- C:\Documents and Settings\julie.myers\My Documents\justme54s_jersey-m54.zip
[2011/09/21 16:13:21 | 000,306,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/09/21 08:36:01 | 000,506,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/21 08:36:01 | 000,088,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/21 08:19:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/20 15:05:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/20 15:05:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/20 13:51:49 | 002,002,999 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2011/09/20 13:14:59 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/09/20 13:10:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/09/20 12:02:56 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/09/20 11:22:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/20 08:54:51 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\julie.myers\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/09/20 04:17:51 | 000,002,412 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/09/16 13:46:34 | 000,235,453 | ---- | M] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807a.pdf
[2011/09/16 09:07:58 | 000,235,451 | ---- | M] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807.pdf
[2011/09/16 09:07:02 | 000,266,315 | ---- | M] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807.png
[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/07 08:19:24 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/10/06 13:49:00 | 000,307,081 | ---- | C] () -- C:\Documents and Settings\julie.myers\My Documents\S-266898NUM AM.pdf
[2011/10/06 09:40:52 | 111,335,964 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\Game3vsHurricanes.zip
[2011/10/06 09:39:12 | 017,405,049 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\Game4vsRedskins.zip
[2011/10/06 09:31:10 | 020,119,685 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\Game5vsSaints.zip
[2011/09/29 08:29:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\julie.myers\defogger_reenable
[2011/09/26 16:07:51 | 000,000,380 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\Shortcut to Removal Tool.lnk
[2011/09/24 01:08:12 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/24 01:08:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/23 10:28:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/22 10:29:13 | 000,042,326 | ---- | C] () -- C:\Documents and Settings\julie.myers\My Documents\justme54s_jersey-m54.zip
[2011/09/21 17:37:45 | 2137,149,440 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/20 13:14:58 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/09/20 13:14:58 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/09/20 13:13:14 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\Windows Media Player.lnk
[2011/09/20 13:10:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/09/20 13:04:20 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/09/20 11:02:01 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/09/20 11:01:34 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/09/20 10:58:35 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/09/19 12:43:45 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/09/19 12:34:37 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\julie.myers\Desktop\startme.bat
[2011/09/16 13:46:34 | 000,235,453 | ---- | C] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807a.pdf
[2011/09/16 09:07:58 | 000,235,451 | ---- | C] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807.pdf
[2011/09/16 09:07:00 | 000,266,315 | ---- | C] () -- C:\Documents and Settings\julie.myers\My Documents\WSE092011-807.png
[2011/06/07 13:28:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 16:23:06 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\julie.myers\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/05/12 10:07:38 | 000,000,196 | ---- | C] () -- C:\WINDOWS\is3encap.ini
[2009/12/10 10:53:49 | 000,039,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/03/12 10:23:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\bba.INI
[2009/01/13 14:02:02 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/23 09:24:03 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2007/03/09 15:50:59 | 000,038,481 | ---- | C] () -- C:\Documents and Settings\julie.myers\Application Data\Comma Separated Values (Windows).ADR
[2006/10/10 14:41:53 | 000,451,638 | ---- | C] () -- C:\Documents and Settings\julie.myers\Application Data\ZBWallpaper_1.bmp
[2006/10/10 14:41:28 | 000,451,638 | ---- | C] () -- C:\Documents and Settings\julie.myers\Application Data\ZBWallpaper.bmp
[2006/06/15 15:46:29 | 000,000,076 | ---- | C] () -- C:\WINDOWS\SWCEDIT.INI
[2006/03/02 13:56:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2006/02/17 16:29:31 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/25 16:14:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/25 15:53:52 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\MGCSInst.dll
[2006/01/25 15:53:52 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\InstProc.dll
[2006/01/17 12:13:33 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/17 12:13:33 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\28B071669C.sys
[2006/01/16 14:39:07 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\julie.myers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/13 17:13:08 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2006/01/13 17:13:08 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2006/01/13 17:13:08 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2006/01/13 16:47:42 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Licence.ini
[2006/01/13 16:45:34 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\usqlcs32.dll
[2006/01/13 16:45:34 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\CCmove32.dll
[2006/01/13 16:45:34 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\CCCHNG32.dll
[2006/01/13 16:39:21 | 000,260,531 | ---- | C] () -- C:\WINDOWS\pdfcvt.dat
[2006/01/03 16:29:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/03 16:19:25 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/01/03 16:16:51 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/03 16:13:54 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/03 16:11:42 | 000,001,224 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/03 15:48:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/01/03 15:48:02 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,848 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,192,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,506,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,088,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/06/11 18:39:12 | 006,270,976 | ---- | C] () -- C:\WINDOWS\System32\cricu19.dll
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/03/04 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2010/09/01 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2011/09/27 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2011/09/20 15:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2006/10/27 08:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/07/01 08:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/01/03 16:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/17 11:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/01 10:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/10 10:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/10/10 14:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Canon
[2010/04/30 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2006/08/21 11:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\eRoom
[2011/09/27 13:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\FileOpen
[2006/06/08 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Leadertech
[2006/01/16 09:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\MSNInstaller
[2006/06/01 14:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\SAEPublishing
[2009/06/23 09:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Viewpoint
[2010/09/28 13:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\WebPublisher
[2011/09/20 13:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Windows Desktop Search
[2010/06/01 09:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\julie.myers\Application Data\Windows Search
[2011/10/07 08:19:25 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

========== Purity Check ==========



< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 AM

Posted 07 October 2011 - 08:15 PM

One more OTL run I think

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
C:\WINDOWS\tasks\At*.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:commands
[EmptyTemp]

Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#15 stx_latino

stx_latino
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 10 October 2011 - 07:41 AM

Here is the OTL Log, I will post MBAM log after it runs because it takes a while on this computer to run...


All processes killed
========== OTL ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 19432632 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 697321 bytes
->Flash cache emptied: 562 bytes

User: administrator.NETWORK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 300 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56545 bytes

User: julie.myers
->Temp folder emptied: 26968961 bytes
->Temporary Internet Files folder emptied: 34879270 bytes
->Java cache emptied: 5837317 bytes
->Apple Safari cache emptied: 1006592 bytes
->Flash cache emptied: 279304 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 115859 bytes

User: NetworkService
->Temp folder emptied: 105960 bytes
->Temporary Internet Files folder emptied: 167416997 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 8652673 bytes
%systemroot%\System32 .tmp files removed: 1596062 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2375646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 49920200 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 1460612855 bytes

Total Files Cleaned = 1,698.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10102011_072508

Files\Folders moved on Reboot...
C:\Documents and Settings\julie.myers\Local Settings\Temporary Internet Files\Content.Word\~WRF{C89DDB72-F748-4467-9F8E-B99D839B4F80}.tmp moved successfully.
File\Folder C:\Documents and Settings\julie.myers\Local Settings\Temporary Internet Files\Content.Word\~WRS{01529905-05F8-4A49-9BE9-AC1C521F24D1}.tmp not found!
C:\Documents and Settings\julie.myers\Local Settings\Temporary Internet Files\Content.Word\~WRS{1145C871-797C-4034-8BB8-3E5A2B429E93}.tmp moved successfully.
C:\Documents and Settings\julie.myers\Local Settings\Temporary Internet Files\Content.Word\~WRS{5A58A658-F458-46A8-8EFE-7A3DE79A044E}.tmp moved successfully.
C:\Documents and Settings\julie.myers\Local Settings\Temporary Internet Files\Content.Word\~WRS{5E91DA61-B4A1-418B-913D-C897745B9782}.tmp moved successfully.
File\Folder C:\Documents and Settings\julie.myers\Local Settings\Temporary Internet Files\Content.Word\~WRS{8059859B-8231-4936-BD2A-C32B066C1D67}.tmp not found!
C:\Documents and Settings\julie.myers\Local Settings\Temporary Internet Files\Content.Word\~WRS{97CE4348-3738-44CF-8DDF-FE0DD0C8CF52}.tmp moved successfully.
File\Folder C:\Documents and Settings\julie.myers\Local Settings\Temporary Internet Files\Content.Word\~WRS{BFD14E96-F88F-4C9E-868A-59CBCC73A764}.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_35c.dat not found!

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users