Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Countless of error messages on server


  • This topic is locked This topic is locked
26 replies to this topic

#1 purge11

purge11

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 25 October 2011 - 05:12 AM

Hi,

I am receiving a large number of error messages off my advanced windows 2000 server. Quite an old system, but still hate these messages. Here is the log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:29, on 06/09/2011
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\cba\pds.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\sfmsvc.exe
C:\WINNT\System32\sfmprint.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINNT\system32\ntfrs.exe
C:\PSMeterBilling\xyntservice.exe
C:\PSMeterBilling\Util\xyntservice.exe
C:\PSMeterBilling\qmib.exe
C:\PSMeterBilling\Util\watchdog.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\wins.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\PaperCut\PCService.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\PROGRA~1\SAV\vptray.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\WINNT\system32\spool\DRIVERS\W32X86\3\CNABBSWK.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] C:\WINNT\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236777862010
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lsostudent.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C67E68C4-37C9-4598-841B-920F3A4C606D}: NameServer = 192.168.1.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lsostudent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lsostudent.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\System32\cba\pds.exe
O23 - Service: Symantec AntiVirus Server (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: QMMgr - Unknown owner - C:\PSMeterBilling\xyntservice.exe
O23 - Service: QMWatchdog - Unknown owner - C:\PSMeterBilling\Util\xyntservice.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: PaperCut Print Charging (wPaperCut) - Oscura - C:\Program Files\PaperCut\PCService.exe

--
End of file - 4808 bytes

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 PM

Posted 30 October 2011 - 05:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424932 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 purge11

purge11
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 31 October 2011 - 04:19 AM

Hello,

I still have the windows advanced 2000 cd.

I have tried no other steps since the previous post since running the logs.

I cannot really run Gmer since its a 64 bit system.

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 31 October 2011 - 08:35 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

What sort of errors are you getting?
Posted Image
m0le is a proud member of UNITE

#5 purge11

purge11
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 02 November 2011 - 05:16 PM

Hello,

I am getting countless of error messages that appear on the screen. They appear as if some app is trying to run, but fails.


C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe

I would like to track what virus or malware is causing this and stop it from running or remove it.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 02 November 2011 - 08:11 PM

As you can't run Gmer can you instead download aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 purge11

purge11
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 03 November 2011 - 03:24 AM

Here are the scan results

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-03 08:17:35
-----------------------------
08:17:35.875 OS Version: Windows 5.0.2195 Service Pack 4
08:17:35.875 Number of processors: 1 586 0x801
08:17:35.875 ComputerName: STUDENTLSO UserName:
08:17:38.158 Initialize success
08:18:02.440 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-14
08:18:02.440 Disk 0 Vendor: MAXTOR_STM3160212A 3.AAJ Size: 0MB BusType: 3
08:18:04.473 Disk 0 MBR read successfully
08:18:04.473 Disk 0 MBR scan
08:18:04.473 Disk 0 Windows XP default MBR code
08:18:04.493 Disk 0 scanning C:\WINNT\system32\drivers
08:18:38.648 Service scanning
08:18:38.898 Service Abiosdsk C:\WINNT\System32\Drivers\Abiosdsk.sys **LOCKED**
08:18:38.908 Service abp480n5 C:\WINNT\System32\Drivers\abp480n5.sys **LOCKED**
08:18:38.918 Service ACPI C:\WINNT\System32\DRIVERS\ACPI.sys **LOCKED**
08:18:38.918 Service ACPIEC C:\WINNT\System32\Drivers\ACPIEC.sys **LOCKED**
08:18:38.928 Service adpu160m C:\WINNT\System32\Drivers\adpu160m.sys **LOCKED**
08:18:38.928 Service AFD C:\WINNT\System32\drivers\afd.sys **LOCKED**
08:18:38.928 Service Aha154x C:\WINNT\System32\Drivers\Aha154x.sys **LOCKED**
08:18:39.880 Service aic116x C:\WINNT\System32\Drivers\aic116x.sys **LOCKED**
08:18:39.890 Service aic78u2 C:\WINNT\System32\Drivers\aic78u2.sys **LOCKED**
08:18:39.900 Service aic78xx C:\WINNT\System32\Drivers\aic78xx.sys **LOCKED**
08:18:39.910 Service ami0nt C:\WINNT\System32\Drivers\ami0nt.sys **LOCKED**
08:18:39.910 Service amsint C:\WINNT\System32\Drivers\amsint.sys **LOCKED**
08:18:39.920 Service AppleTalk C:\WINNT\System32\DRIVERS\sfmatalk.sys **LOCKED**
08:18:39.930 Service asc C:\WINNT\System32\Drivers\asc.sys **LOCKED**
08:18:39.940 Service asc3350p C:\WINNT\System32\Drivers\asc3350p.sys **LOCKED**
08:18:39.950 Service asc3550 C:\WINNT\System32\Drivers\asc3550.sys **LOCKED**
08:18:39.960 Service AsyncMac C:\WINNT\System32\DRIVERS\asyncmac.sys **LOCKED**
08:18:39.980 Service atapi C:\WINNT\System32\DRIVERS\atapi.sys **LOCKED**
08:18:39.990 Service Atdisk C:\WINNT\System32\Drivers\Atdisk.sys **LOCKED**
08:18:40.000 Service Atmarpc C:\WINNT\System32\DRIVERS\atmarpc.sys **LOCKED**
08:18:40.010 Service audstub C:\WINNT\System32\DRIVERS\audstub.sys **LOCKED**
08:18:40.030 Service BANTExt C:\WINNT\System32\Drivers\BANTExt.sys **LOCKED**
08:18:40.040 Service Beep C:\WINNT\System32\Drivers\Beep.sys **LOCKED**
08:18:40.110 Service BusLogic C:\WINNT\System32\Drivers\BusLogic.sys **LOCKED**
08:18:40.280 Service cd20xrnt C:\WINNT\System32\Drivers\cd20xrnt.sys **LOCKED**
08:18:40.280 Service Cdaudio C:\WINNT\System32\Drivers\Cdaudio.sys **LOCKED**
08:18:40.290 Service Cdrom C:\WINNT\System32\DRIVERS\cdrom.sys **LOCKED**
08:18:40.300 Service Changer C:\WINNT\System32\Drivers\Changer.sys **LOCKED**
08:18:40.330 Service Cpqarray C:\WINNT\System32\Drivers\Cpqarray.sys **LOCKED**
08:18:40.340 Service cpqarry2 C:\WINNT\System32\Drivers\cpqarry2.sys **LOCKED**
08:18:40.350 Service cpqfcalm C:\WINNT\System32\Drivers\cpqfcalm.sys **LOCKED**
08:18:40.360 Service cpqfws2e C:\WINNT\System32\Drivers\cpqfws2e.sys **LOCKED**
08:18:40.450 Service cpuz135 C:\WINNT\system32\drivers\cpuz135_x32.sys **LOCKED**
08:18:40.901 Service dac960nt C:\WINNT\System32\Drivers\dac960nt.sys **LOCKED**
08:18:40.901 Service deckzpsx C:\WINNT\System32\Drivers\deckzpsx.sys **LOCKED**
08:18:40.921 Service DgiVecp C:\WINNT\System32\Drivers\DgiVecp.sys **LOCKED**
08:18:41.021 Service Disk C:\WINNT\System32\DRIVERS\disk.sys **LOCKED**
08:18:41.031 Service Diskperf C:\WINNT\System32\Drivers\Diskperf.sys **LOCKED**
08:18:41.051 Service dmboot C:\WINNT\System32\drivers\dmboot.sys **LOCKED**
08:18:41.221 Service dmio C:\WINNT\System32\drivers\dmio.sys **LOCKED**
08:18:41.231 Service dmload C:\WINNT\System32\drivers\dmload.sys **LOCKED**
08:18:41.251 Service DMusic C:\WINNT\system32\drivers\DMusic.sys **LOCKED**
08:18:41.402 Service Fd16_700 C:\WINNT\System32\Drivers\Fd16_700.sys **LOCKED**
08:18:41.512 Service Fdc C:\WINNT\System32\DRIVERS\fdc.sys **LOCKED**
08:18:41.592 Service FETND5BV C:\WINNT\system32\DRIVERS\fetnd5bv.sys **LOCKED**
08:18:41.602 Service FETNDIS C:\WINNT\System32\DRIVERS\fetnd5b.sys **LOCKED**
08:18:41.642 Service Fips C:\WINNT\System32\Drivers\Fips.sys **LOCKED**
08:18:41.802 Service fireport C:\WINNT\System32\Drivers\fireport.sys **LOCKED**
08:18:41.812 Service flashpnt C:\WINNT\System32\Drivers\flashpnt.sys **LOCKED**
08:18:41.822 Service Flpydisk C:\WINNT\System32\DRIVERS\flpydisk.sys **LOCKED**
08:18:41.832 Service Fs_Rec C:\WINNT\System32\Drivers\Fs_Rec.sys **LOCKED**
08:18:41.842 Service Ftdisk C:\WINNT\System32\DRIVERS\ftdisk.sys **LOCKED**
08:18:41.852 Service Gpc C:\WINNT\System32\DRIVERS\msgpc.sys **LOCKED**
08:18:41.862 Service HidUsb C:\WINNT\System32\DRIVERS\hidusb.sys **LOCKED**
08:18:41.882 Service i8042prt C:\WINNT\System32\DRIVERS\i8042prt.sys **LOCKED**
08:18:41.892 Service ini910u C:\WINNT\System32\Drivers\ini910u.sys **LOCKED**
08:18:41.892 Service IntelIde C:\WINNT\System32\Drivers\IntelIde.sys **LOCKED**
08:18:41.902 Service IpFilterDriver C:\WINNT\System32\DRIVERS\ipfltdrv.sys **LOCKED**
08:18:41.912 Service IpInIp C:\WINNT\System32\DRIVERS\ipinip.sys **LOCKED**
08:18:41.922 Service IpNat C:\WINNT\System32\DRIVERS\ipnat.sys **LOCKED**
08:18:41.932 Service IPSEC C:\WINNT\System32\DRIVERS\ipsec.sys **LOCKED**
08:18:41.942 Service ipsraidn C:\WINNT\System32\Drivers\ipsraidn.sys **LOCKED**
08:18:41.952 Service IRENUM C:\WINNT\System32\DRIVERS\irenum.sys **LOCKED**
08:18:41.972 Service isapnp C:\WINNT\System32\DRIVERS\isapnp.sys **LOCKED**
08:18:41.982 Service Kbdclass C:\WINNT\System32\DRIVERS\kbdclass.sys **LOCKED**
08:18:42.002 Service kmixer C:\WINNT\system32\drivers\kmixer.sys **LOCKED**
08:18:42.012 Service KSecDD C:\WINNT\System32\Drivers\KSecDD.sys **LOCKED**
08:18:42.032 Service lbrtfdc C:\WINNT\System32\Drivers\lbrtfdc.sys **LOCKED**
08:18:42.042 Service LicenseInfo C:\WINNT\System32\Drivers\LicenseInfo.sys **LOCKED**
08:18:42.053 Service lp6nds35 C:\WINNT\System32\Drivers\lp6nds35.sys **LOCKED**
08:18:42.093 Service mnmdd C:\WINNT\System32\Drivers\mnmdd.sys **LOCKED**
08:18:42.103 Service Modem C:\WINNT\System32\Drivers\Modem.sys **LOCKED**
08:18:42.113 Service Mouclass C:\WINNT\System32\DRIVERS\mouclass.sys **LOCKED**
08:18:42.123 Service mouhid C:\WINNT\System32\DRIVERS\mouhid.sys **LOCKED**
08:18:42.123 Service MountMgr C:\WINNT\System32\Drivers\MountMgr.sys **LOCKED**
08:18:42.133 Service mraid35x C:\WINNT\System32\Drivers\mraid35x.sys **LOCKED**
08:18:42.173 Service MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys **LOCKED**
08:18:42.333 Service MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys **LOCKED**
08:18:42.333 Service MSPQM C:\WINNT\system32\drivers\MSPQM.sys **LOCKED**
08:18:42.343 Service NAVAP C:\Program Files\SAV\NAVAP.sys **LOCKED**
08:18:42.353 Service NAVAPEL C:\Program Files\SAV\NAVAPEL.SYS **LOCKED**
08:18:42.363 Service NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVENG.sys **LOCKED**
08:18:42.373 Service NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101018.002\NAVEX15.sys **LOCKED**
08:18:42.383 Service Ncrc710 C:\WINNT\System32\Drivers\Ncrc710.sys **LOCKED**
08:18:42.393 Service NDIS C:\WINNT\System32\Drivers\NDIS.sys **LOCKED**
08:18:42.403 Service NdisTapi C:\WINNT\System32\DRIVERS\ndistapi.sys **LOCKED**
08:18:42.463 Service Ndisuio C:\WINNT\System32\DRIVERS\ndisuio.sys **LOCKED**
08:18:42.483 Service NdisWan C:\WINNT\System32\DRIVERS\ndiswan.sys **LOCKED**
08:18:42.663 Service NDProxy C:\WINNT\System32\Drivers\NDProxy.sys **LOCKED**
08:18:42.683 Service NetBT C:\WINNT\System32\DRIVERS\netbt.sys **LOCKED**
08:18:42.693 Service NetDetect C:\WINNT\system32\drivers\netdtect.sys **LOCKED**
08:18:42.713 Service nm C:\WINNT\System32\DRIVERS\NMnt.sys **LOCKED**
08:18:42.763 Service Null C:\WINNT\System32\Drivers\Null.sys **LOCKED**
08:18:42.773 Service NwlnkFlt C:\WINNT\System32\DRIVERS\nwlnkflt.sys **LOCKED**
08:18:42.783 Service NwlnkFwd C:\WINNT\System32\DRIVERS\nwlnkfwd.sys **LOCKED**
08:18:42.783 Service Parallel C:\WINNT\System32\DRIVERS\parallel.sys **LOCKED**
08:18:42.793 Service Parport C:\WINNT\System32\DRIVERS\parport.sys **LOCKED**
08:18:42.803 Service PartMgr C:\WINNT\System32\Drivers\PartMgr.sys **LOCKED**
08:18:42.814 Service ParVdm C:\WINNT\System32\Drivers\ParVdm.sys **LOCKED**
08:18:42.834 Service PCI C:\WINNT\System32\DRIVERS\pci.sys **LOCKED**
08:18:42.844 Service PCIDump C:\WINNT\System32\Drivers\PCIDump.sys **LOCKED**
08:18:42.854 Service PCIIde C:\WINNT\System32\DRIVERS\pciide.sys **LOCKED**
08:18:42.864 Service Pcmcia C:\WINNT\System32\Drivers\Pcmcia.sys **LOCKED**
08:18:42.864 Service PDCOMP C:\WINNT\System32\Drivers\PDCOMP.sys **LOCKED**
08:18:42.874 Service PDFRAME C:\WINNT\System32\Drivers\PDFRAME.sys **LOCKED**
08:18:42.884 Service PDRELI C:\WINNT\System32\Drivers\PDRELI.sys **LOCKED**
08:18:42.894 Service PDRFRAME C:\WINNT\System32\Drivers\PDRFRAME.sys **LOCKED**
08:18:42.894 Service PptpMiniport C:\WINNT\System32\DRIVERS\raspptp.sys **LOCKED**
08:18:42.904 Service Ptilink C:\WINNT\System32\DRIVERS\ptilink.sys **LOCKED**
08:18:42.914 Service ql1080 C:\WINNT\System32\Drivers\ql1080.sys **LOCKED**
08:18:42.924 Service Ql10wnt C:\WINNT\System32\Drivers\Ql10wnt.sys **LOCKED**
08:18:42.934 Service ql1240 C:\WINNT\System32\Drivers\ql1240.sys **LOCKED**
08:18:42.934 Service ql2100 C:\WINNT\System32\Drivers\ql2100.sys **LOCKED**
08:18:43.014 Service RasAcd C:\WINNT\System32\DRIVERS\rasacd.sys **LOCKED**
08:18:43.144 Service Rasl2tp C:\WINNT\System32\DRIVERS\rasl2tp.sys **LOCKED**
08:18:43.164 Service Raspti C:\WINNT\System32\DRIVERS\raspti.sys **LOCKED**
08:18:43.174 Service RCA C:\WINNT\system32\drivers\RCA.sys **LOCKED**
08:18:43.174 Service RDPWD C:\WINNT\System32\Drivers\RDPWD.sys **LOCKED**
08:18:43.184 Service redbook C:\WINNT\System32\DRIVERS\redbook.sys **LOCKED**
08:18:43.244 Service S3Psddr C:\WINNT\System32\DRIVERS\s3gnbm.sys **LOCKED**
08:18:43.274 Service serenum C:\WINNT\System32\DRIVERS\serenum.sys **LOCKED**
08:18:43.284 Service Serial C:\WINNT\System32\DRIVERS\serial.sys **LOCKED**
08:18:43.284 Service Sfloppy C:\WINNT\System32\Drivers\Sfloppy.sys **LOCKED**
08:18:43.294 Service sglfb C:\WINNT\System32\Drivers\sglfb.sys **LOCKED**
08:18:43.304 Service Simbad C:\WINNT\System32\Drivers\Simbad.sys **LOCKED**
08:18:43.324 Service Sparrow C:\WINNT\System32\Drivers\Sparrow.sys **LOCKED**
08:18:43.504 Service spud C:\WINNT\System32\drivers\spud.sys **LOCKED**
08:18:43.514 Service swenum C:\WINNT\System32\DRIVERS\swenum.sys **LOCKED**
08:18:43.514 Service swmidi C:\WINNT\system32\drivers\swmidi.sys **LOCKED**
08:18:43.524 Service symc810 C:\WINNT\System32\Drivers\symc810.sys **LOCKED**
08:18:43.534 Service symc8xx C:\WINNT\System32\Drivers\symc8xx.sys **LOCKED**
08:18:43.544 Service SymEvent C:\Program Files\Symantec\SYMEVENT.SYS **LOCKED**
08:18:43.554 Service sym_hi C:\WINNT\System32\Drivers\sym_hi.sys **LOCKED**
08:18:43.565 Service sysaudio C:\WINNT\system32\drivers\sysaudio.sys **LOCKED**
08:18:43.585 Service Tcpip C:\WINNT\System32\DRIVERS\tcpip.sys **LOCKED**
08:18:43.595 Service TDASYNC C:\WINNT\System32\Drivers\TDASYNC.sys **LOCKED**
08:18:43.605 Service TDIPX C:\WINNT\System32\Drivers\TDIPX.sys **LOCKED**
08:18:43.615 Service TDNETB C:\WINNT\System32\Drivers\TDNETB.sys **LOCKED**
08:18:43.615 Service TDPIPE C:\WINNT\System32\Drivers\TDPIPE.sys **LOCKED**
08:18:43.625 Service TDSPX C:\WINNT\System32\Drivers\TDSPX.sys **LOCKED**
08:18:43.635 Service TDTCP C:\WINNT\System32\Drivers\TDTCP.sys **LOCKED**
08:18:43.655 Service TermDD C:\WINNT\System32\drivers\termdd.sys **LOCKED**
08:18:43.665 Service tga C:\WINNT\System32\Drivers\tga.sys **LOCKED**
08:18:43.685 Service uhcd C:\WINNT\System32\DRIVERS\uhcd.sys **LOCKED**
08:18:43.695 Service ultra66 C:\WINNT\System32\Drivers\ultra66.sys **LOCKED**
08:18:43.705 Service Update C:\WINNT\System32\DRIVERS\update.sys **LOCKED**
08:18:43.715 Service usbehci C:\WINNT\System32\DRIVERS\usbehci.sys **LOCKED**
08:18:43.725 Service usbhub C:\WINNT\System32\DRIVERS\usbhub.sys **LOCKED**
08:18:43.745 Service usbhub20 C:\WINNT\System32\DRIVERS\usbhub20.sys **LOCKED**
08:18:43.755 Service usbprint C:\WINNT\System32\DRIVERS\usbprint.sys **LOCKED**
08:18:43.765 Service usbscan C:\WINNT\System32\DRIVERS\usbscan.sys **LOCKED**
08:18:43.765 Service USBSTOR C:\WINNT\System32\DRIVERS\USBSTOR.SYS **LOCKED**
08:18:43.785 Service VgaSave C:\WINNT\System32\drivers\vga.sys **LOCKED**
08:18:43.785 Service viaagp C:\WINNT\System32\DRIVERS\viaagp.sys **LOCKED**
08:18:43.795 Service viaagp1 C:\WINNT\System32\DRIVERS\viaagp1.sys **LOCKED**
08:18:43.805 Service viafilter C:\WINNT\System32\Drivers\viausb.sys **LOCKED**
08:18:43.815 Service viaide C:\WINNT\System32\DRIVERS\viaide.sys **LOCKED**
08:18:43.815 Service VIAPFD C:\WINNT\System32\Drivers\VIAPFD.SYS **LOCKED**
08:18:43.825 Service VIAudio C:\WINNT\system32\drivers\viaudio.sys **LOCKED**
08:18:43.835 Service Wanarp C:\WINNT\System32\DRIVERS\wanarp.sys **LOCKED**
08:18:43.845 Service WDICA C:\WINNT\System32\Drivers\WDICA.sys **LOCKED**
08:18:43.855 Service wdmaud C:\WINNT\system32\drivers\wdmaud.sys **LOCKED**
08:18:43.865 Service Winsock C:\WINNT\System32\Drivers\Winsock.sys **LOCKED**
08:18:44.416 Modules scanning
08:19:01.899 Disk 0 trace - called modules:
08:19:01.919 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
08:19:02.069 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x816e8030]
08:19:02.079 3 CLASSPNP.SYS[edc20c60] -> nt!IofCallDriver -> \Device\0000001c[0x816e97d0]
08:19:02.079 5 ACPI.sys[fa9a946b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-14[0x816e98f0]
08:19:02.089 Scan finished successfully
08:20:01.298 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.STUDENT\My Documents\MBR.dat"
08:20:01.368 The log file has been saved successfully to "C:\Documents and Settings\Administrator.STUDENT\My Documents\aswMBR.txt"

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 03 November 2011 - 07:04 PM

Please run OTL, a scanner which can give us some additional information

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#9 purge11

purge11
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 04 November 2011 - 05:19 AM

Here is OTL.TXT


OTL logfile created on: 04/11/2011 09:38:30 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator.STUDENT\Desktop
Windows 2000 Advanced Server Edition Service Pack 4 (Version = 5.0.2195) - Type = NTDomainController
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

223.48 Mb Total Physical Memory | 69.08 Mb Available Physical Memory | 30.91% Memory free
638.05 Mb Paging File | 13.40 Mb Available in Paging File | 2.10% Paging File free
Paging file location(s): C:\pagefile.sys 436 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 50.97 Gb Free Space | 86.99% Space Free | Partition Type: NTFS
Drive F: | 69.40 Gb Total Space | 38.10 Gb Free Space | 54.90% Space Free | Partition Type: NTFS

Computer Name: STUDENTLSO | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.STUDENT\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\PSMeterBilling\QMIB.exe (PrintMIB, LLC)
PRC - C:\PSMeterBilling\Util\WatchDog.exe (PrintMIB, LLC)
PRC - C:\WINNT\system32\LLSSRV.EXE (Microsoft Corporation)
PRC - C:\WINNT\system32\spool\drivers\w32x86\3\CNABBSWK.EXE (CANON INC.)
PRC - C:\WINNT\system32\spool\drivers\w32x86\3\CNAP2RPK.EXE (CANON INC.)
PRC - C:\WINNT\system32\WINS.EXE (Microsoft Corporation)
PRC - C:\WINNT\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
PRC - C:\WINNT\system32\DNS.EXE (Microsoft Corporation)
PRC - C:\WINNT\system32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
PRC - C:\PSMeterBilling\XYNTService.exe ()
PRC - C:\PSMeterBilling\Util\XYNTService.exe ()
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\WINNT\system32\mstask.exe (Microsoft Corporation)
PRC - C:\Program Files\PaperCut\PCService.exe (Oscura)
PRC - C:\Program Files\PaperCut\pcsdb.exe ( )
PRC - C:\WINNT\system32\ntfrs.exe (Microsoft Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\wbem\WinMgmt.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\dfssvc.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\SFMSVC.EXE (Microsoft Corporation)
PRC - C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\ismserv.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\SAV\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\SAV\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\SAV\VPTray.exe (Symantec Corporation)
PRC - C:\WINNT\system32\cba\pds.exe (Intel® Corporation)
PRC - C:\WINNT\system32\sfmprint.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\internat.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINNT\system32\msjetoledb40.dll ()
MOD - C:\PSMeterBilling\XYNTService.exe ()
MOD - C:\PSMeterBilling\Util\XYNTService.exe ()
MOD - C:\WINNT\system32\NavLogon.dll ()
MOD - C:\WINNT\system32\devenum.dll ()


========== Win32 Services (SafeList) ==========

SRV - (jpwcmeep) -- File not found
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (LicenseService) -- C:\WINNT\system32\LLSSRV.EXE (Microsoft Corporation)
SRV - (WINS) Windows Internet Name Service (WINS) -- C:\WINNT\system32\WINS.EXE (Microsoft Corporation)
SRV - (DNS) -- C:\WINNT\system32\DNS.EXE (Microsoft Corporation)
SRV - (QMWatchdog) -- C:\PSMeterBilling\Util\XYNTService.exe ()
SRV - (QMMgr) -- C:\PSMeterBilling\XYNTService.exe ()
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (Schedule) -- C:\WINNT\system32\mstask.exe (Microsoft Corporation)
SRV - (wPaperCut) -- C:\Program Files\PaperCut\PCService.exe (Oscura)
SRV - (NtFrs) -- C:\WINNT\system32\ntfrs.exe (Microsoft Corporation)
SRV - (WinMgmt) -- C:\WINNT\system32\wbem\WinMgmt.exe (Microsoft Corporation)
SRV - (dmadmin) -- C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SRV - (TermService) -- C:\WINNT\system32\termsrv.exe (Microsoft Corporation)
SRV - (Fax) -- C:\WINNT\system32\FAXSVC.EXE (Microsoft Corporation)
SRV - (Dfs) -- C:\WINNT\system32\dfssvc.exe (Microsoft Corporation)
SRV - (RemoteRegistry) -- C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
SRV - (MacFile) -- C:\WINNT\system32\SFMSVC.EXE (Microsoft Corporation)
SRV - (StiSvc) -- C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINNT\system32\ismserv.exe (Microsoft Corporation)
SRV - (UtilMan) -- C:\WINNT\system32\utilman.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINNT\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transport Protocol (SMTP) -- C:\WINNT\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFTPSVC) -- C:\WINNT\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINNT\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Norton AntiVirus Server) -- C:\Program Files\SAV\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\SAV\DefWatch.exe (Symantec Corporation)
SRV - (Intel PDS) -- C:\WINNT\system32\cba\pds.exe (Intel® Corporation)
SRV - (MacPrint) -- C:\WINNT\system32\sfmprint.exe (Microsoft Corporation)
SRV - (IAS) -- C:\WINNT\system32\ias.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (cpuz135) -- C:\WINNT\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (BANTExt) -- C:\WINNT\System32\Drivers\BANTExt.sys ()
DRV - (DgiVecp) -- C:\WINNT\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (dmboot) -- C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)
DRV - (MacSrv) -- C:\WINNT\system32\drivers\sfmsrv.sys (Microsoft Corporation)
DRV - (AppleTalk) -- C:\WINNT\system32\drivers\sfmatalk.sys (Microsoft Corporation)
DRV - (dmio) -- C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
DRV - (DfsDriver) -- C:\WINNT\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (Parallel) -- C:\WINNT\system32\drivers\parallel.sys (Microsoft Corporation)
DRV - (usbhub20) -- C:\WINNT\system32\drivers\usbhub20.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINNT\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (uhcd) -- C:\WINNT\system32\drivers\uhcd.sys (Microsoft Corporation)
DRV - (EFS) -- C:\WINNT\System32\drivers\efs.sys (Microsoft Corporation)
DRV - (TDIPX) -- C:\WINNT\System32\drivers\tdipx.sys (Microsoft Corporation)
DRV - (TDNETB) -- C:\WINNT\System32\drivers\tdnetb.sys (Microsoft Corporation)
DRV - (TDSPX) -- C:\WINNT\System32\drivers\tdspx.sys (Microsoft Corporation)
DRV - (TDASYNC) -- C:\WINNT\System32\drivers\tdasync.sys (Microsoft Corporation)
DRV - (Diskperf) -- C:\WINNT\System32\drivers\diskperf.sys (Microsoft Corporation)
DRV - (dmload) -- C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
DRV - (S3Psddr) -- C:\WINNT\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (VIAudio) VIA AC'97 Audio Controller (WDM) -- C:\WINNT\system32\drivers\viaudio.sys (VIA Technologies, Inc.)
DRV - (viafilter) -- C:\WINNT\System32\Drivers\viausb.sys (VIA Technologies, Inc.)
DRV - (viaagp1) -- C:\WINNT\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (NAVAPEL) -- C:\Program Files\SAV\Navapel.sys (Symantec Corporation)
DRV - (NAVAP) -- C:\Program Files\SAV\Navap.sys (Symantec Corporation)
DRV - (VIAPFD) -- C:\WINNT\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)
DRV - (RCA) -- C:\WINNT\system32\drivers\rca.sys (Microsoft Corporation)
DRV - (spud) -- C:\WINNT\System32\drivers\spud.sys (Microsoft Corporation)
DRV - (NetDetect) -- C:\WINNT\system32\drivers\netdtect.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\SHDOCVW.DLL (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}:0.3.7
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\System32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/18 10:07:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 10:09:40 | 000,000,000 | ---D | M]

[2008/10/19 08:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.STUDENT\Application Data\Mozilla\Extensions
[2008/10/19 08:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.STUDENT\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/13 14:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.STUDENT\Application Data\Mozilla\Firefox\Profiles\oy3ghy31.default\extensions
[2009/02/04 16:53:38 | 000,000,000 | ---D | M] (EditCSS) -- C:\Documents and Settings\Administrator.STUDENT\Application Data\Mozilla\Firefox\Profiles\oy3ghy31.default\extensions\{A0A87DB2-80BA-493a-B22F-FAFBAEA3E0A2}
[2009/10/21 16:15:16 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Administrator.STUDENT\Application Data\Mozilla\Firefox\Profiles\oy3ghy31.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/08/24 10:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/18 10:07:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/10/18 10:07:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/21 16:14:28 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/08/12 04:24:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/08/12 04:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/12 04:24:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/08/12 04:24:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/08/12 04:14:12 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/08/12 04:14:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/08/12 04:24:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([1999/12/07 08:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\WINNT\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [LoadQM] C:\WINNT\loadqm.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\SAV\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [internat.exe] C:\WINNT\System32\internat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINNT\system32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236777862010 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lsostudent.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C67E68C4-37C9-4598-841B-920F3A4C606D}: NameServer = 192.168.1.36
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\INETCOMM.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\USERINIT.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINNT\System32\SYSDM.CPL (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINNT\System32\CRYPT32.DLL (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINNT\System32\CRYPTNET.DLL (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINNT\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINNT\System32\\NavLogon.dll) - C:\WINNT\System32\\NavLogon.dll ()
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINNT\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - (wzcdlg.dll) - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\netshell.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\System32\SHELL32.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINNT\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINNT\System32\SCHANNEL.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINNT\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINNT\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (pwdssp.dll) -C:\WINNT\System32\pwdssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINNT\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/20 09:59:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (DfsInit)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 09:36:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.STUDENT\Desktop\OTL.exe
[2011/11/02 10:34:20 | 000,000,000 | ---D | C] -- C:\WINNT\Minidump
[2011/11/02 09:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\CPUID
[2011/11/02 09:43:16 | 000,021,992 | ---- | C] (CPUID) -- C:\WINNT\System32\drivers\cpuz135_x32.sys
[2011/11/02 09:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011/10/25 09:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STUDENT\My Documents\My Music
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/04 09:35:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.STUDENT\Desktop\OTL.exe
[2011/11/04 09:33:28 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At159.job
[2011/11/04 09:33:27 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At130.job
[2011/11/04 09:33:27 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At100.job
[2011/11/04 09:33:25 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At99.job
[2011/11/04 09:33:24 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At98.job
[2011/11/04 09:33:22 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At78.job
[2011/11/04 09:33:21 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At335.job
[2011/11/04 09:33:21 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At77.job
[2011/11/04 09:33:20 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At33.job
[2011/11/04 09:33:20 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At53.job
[2011/11/04 09:33:19 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At304.job
[2011/11/04 09:33:17 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At272.job
[2011/11/04 09:33:17 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At4.job
[2011/11/04 09:33:16 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At364.job
[2011/11/04 09:33:15 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At332.job
[2011/11/04 09:33:15 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At247.job
[2011/11/04 09:33:14 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At31.job
[2011/11/04 09:33:14 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At219.job
[2011/11/04 09:33:13 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At218.job
[2011/11/04 09:33:12 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At302.job
[2011/11/04 09:33:12 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At189.job
[2011/11/04 09:33:11 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At301.job
[2011/11/04 09:33:11 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At160.job
[2011/11/04 09:33:10 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At30.job
[2011/11/04 09:33:10 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At132.job
[2011/11/04 09:33:09 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At131.job
[2011/11/04 09:33:09 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At270.job
[2011/11/04 09:33:08 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At244.job
[2011/11/04 09:33:07 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At216.job
[2011/11/04 09:33:07 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At101.job
[2011/11/04 09:33:03 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At79.job
[2011/11/04 09:33:02 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At187.job
[2011/11/04 09:33:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At54.job
[2011/11/04 09:33:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At158.job
[2011/11/04 09:33:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At5.job
[2011/11/04 09:32:59 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At129.job
[2011/11/04 09:32:58 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At97.job
[2011/11/04 09:32:56 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At76.job
[2011/11/04 09:32:55 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At52.job
[2011/11/04 09:32:55 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At366.job
[2011/11/04 09:32:54 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At365.job
[2011/11/04 09:32:53 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At363.job
[2011/11/04 09:32:53 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At334.job
[2011/11/04 09:32:52 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At333.job
[2011/11/04 09:32:52 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At331.job
[2011/11/04 09:32:51 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At300.job
[2011/11/04 09:32:51 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At3.job
[2011/11/04 09:32:51 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At32.job
[2011/11/04 09:32:50 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At303.job
[2011/11/04 09:32:50 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At29.job
[2011/11/04 09:32:49 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At271.job
[2011/11/04 09:32:48 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At269.job
[2011/11/04 09:32:47 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At268.job
[2011/11/04 09:32:47 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At246.job
[2011/11/04 09:32:46 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At245.job
[2011/11/04 09:32:45 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At217.job
[2011/11/04 09:32:45 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At243.job
[2011/11/04 09:32:43 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At215.job
[2011/11/04 09:32:41 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At188.job
[2011/11/04 09:32:40 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At186.job
[2011/11/04 09:32:39 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At157.job
[2011/11/04 09:32:38 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At128.job
[2011/11/04 09:32:34 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At75.job
[2011/11/04 09:32:31 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At51.job
[2011/11/04 09:32:30 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At50.job
[2011/11/04 09:32:28 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At330.job
[2011/11/04 09:32:28 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At362.job
[2011/11/04 09:32:26 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At299.job
[2011/11/04 09:32:24 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At28.job
[2011/11/04 09:32:22 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At267.job
[2011/11/04 09:32:21 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At242.job
[2011/11/04 09:32:19 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At214.job
[2011/11/04 09:32:16 | 000,000,796 | ---- | M] () -- C:\WINNT\tasks\lso student.job
[2011/11/04 09:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At67.job
[2011/11/04 09:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At66.job
[2011/11/04 09:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At378.job
[2011/11/04 09:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At44.job
[2011/11/04 09:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At91.job
[2011/11/04 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At348.job
[2011/11/04 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At316.job
[2011/11/04 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At229.job
[2011/11/04 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At171.job
[2011/11/04 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At347.job
[2011/11/04 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At258.job
[2011/11/04 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At230.job
[2011/11/04 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At112.job
[2011/11/04 09:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At315.job
[2011/11/04 09:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At257.job
[2011/11/04 09:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At142.job
[2011/11/04 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At283.job
[2011/11/04 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At200.job
[2011/11/04 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At17.job
[2011/11/04 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At16.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At90.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At65.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At43.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At42.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At346.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At282.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At256.job
[2011/11/04 08:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At228.job
[2011/11/04 08:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At199.job
[2011/11/04 08:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At314.job
[2011/11/04 08:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At141.job
[2011/11/04 08:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At111.job
[2011/11/04 08:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At377.job
[2011/11/04 08:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At170.job
[2011/11/04 08:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At15.job
[2011/11/04 07:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At89.job
[2011/11/04 07:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At88.job
[2011/11/04 07:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At41.job
[2011/11/04 07:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At64.job
[2011/11/04 07:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At376.job
[2011/11/04 07:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At313.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At345.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At255.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At227.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At14.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At110.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At109.job
[2011/11/04 07:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At198.job
[2011/11/04 07:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At169.job
[2011/11/04 07:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At140.job
[2011/11/04 07:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At281.job
[2011/11/04 06:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At87.job
[2011/11/04 06:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At63.job
[2011/11/04 06:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At40.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At374.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At344.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At254.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At197.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At167.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At280.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At279.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At226.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At168.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At108.job
[2011/11/04 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At375.job
[2011/11/04 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At312.job
[2011/11/04 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At139.job
[2011/11/04 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At13.job
[2011/11/04 05:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At62.job
[2011/11/04 05:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At61.job
[2011/11/04 05:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At86.job
[2011/11/04 05:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At39.job
[2011/11/04 05:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At310.job
[2011/11/04 05:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At225.job
[2011/11/04 05:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At12.job
[2011/11/04 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At138.job
[2011/11/04 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At107.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At373.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At311.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At253.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At224.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At195.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At137.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At343.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At342.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At278.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At196.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At166.job
[2011/11/04 04:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At372.job
[2011/11/04 04:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At341.job
[2011/11/04 04:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At223.job
[2011/11/04 04:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At11.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At85.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At38.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At252.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At251.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At194.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At60.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At309.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At277.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At165.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At136.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At106.job
[2011/11/04 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At84.job
[2011/11/04 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At37.job
[2011/11/04 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At276.job
[2011/11/04 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At10.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At83.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At59.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At371.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At36.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At340.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At308.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At222.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At164.job
[2011/11/04 03:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At250.job
[2011/11/04 03:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At135.job
[2011/11/04 03:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At105.job
[2011/11/04 03:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At193.job
[2011/11/04 02:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At9.job
[2011/11/04 02:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At370.job
[2011/11/04 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At82.job
[2011/11/04 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At58.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At307.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At306.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At275.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At192.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At163.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At134.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At104.job
[2011/11/04 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At369.job
[2011/11/04 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At35.job
[2011/11/04 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At221.job
[2011/11/04 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At103.job
[2011/11/04 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At339.job
[2011/11/04 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At337.job
[2011/11/04 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At338.job
[2011/11/04 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At249.job
[2011/11/04 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At248.job
[2011/11/04 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At191.job
[2011/11/04 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At133.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At34.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At305.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At273.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At162.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At102.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At81.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At8.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At57.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At336.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At274.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At220.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At161.job
[2011/11/04 01:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At368.job
[2011/11/04 01:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At190.job
[2011/11/04 00:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At6.job
[2011/11/04 00:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At80.job
[2011/11/04 00:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At7.job
[2011/11/04 00:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At56.job
[2011/11/04 00:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At55.job
[2011/11/04 00:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At367.job
[2011/11/03 10:00:02 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At92.job
[2011/11/03 10:00:02 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At68.job
[2011/11/03 10:00:02 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At380.job
[2011/11/03 10:00:02 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At349.job
[2011/11/03 10:00:02 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At379.job
[2011/11/03 10:00:02 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At284.job
[2011/11/03 10:00:02 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At202.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At45.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At317.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At259.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At231.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At201.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At172.job
[2011/11/03 10:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At143.job
[2011/11/03 10:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At144.job
[2011/11/03 10:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At113.job
[2011/11/03 08:26:24 | 000,924,120 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2011/11/03 08:20:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator.STUDENT\My Documents\MBR.dat
[2011/11/02 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At2.job
[2011/11/02 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At185.job
[2011/11/02 20:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At156.job
[2011/11/02 20:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At184.job
[2011/11/02 20:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At127.job
[2011/11/02 20:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At155.job
[2011/11/02 19:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At361.job
[2011/11/02 19:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At49.job
[2011/11/02 19:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At74.job
[2011/11/02 19:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At360.job
[2011/11/02 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At329.job
[2011/11/02 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At154.job
[2011/11/02 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At126.job
[2011/11/02 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At213.job
[2011/11/02 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At1.job
[2011/11/02 19:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At298.job
[2011/11/02 19:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At241.job
[2011/11/02 19:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At183.job
[2011/11/02 19:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At328.job
[2011/11/02 19:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At27.job
[2011/11/02 19:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At212.job
[2011/11/02 18:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At327.job
[2011/11/02 18:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At48.job
[2011/11/02 18:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At359.job
[2011/11/02 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At297.job
[2011/11/02 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At182.job
[2011/11/02 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At153.job
[2011/11/02 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At125.job
[2011/11/02 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At266.job
[2011/11/02 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At25.job
[2011/11/02 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At240.job
[2011/11/02 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At211.job
[2011/11/02 18:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At296.job
[2011/11/02 18:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At26.job
[2011/11/02 18:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At239.job
[2011/11/02 17:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At358.job
[2011/11/02 17:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At73.job
[2011/11/02 17:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At47.job
[2011/11/02 17:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At388.job
[2011/11/02 17:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At293.job
[2011/11/02 17:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At238.job
[2011/11/02 17:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At210.job
[2011/11/02 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At265.job
[2011/11/02 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At24.job
[2011/11/02 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At152.job
[2011/11/02 17:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At181.job
[2011/11/02 17:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At124.job
[2011/11/02 17:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At326.job
[2011/11/02 17:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At295.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At46.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At387.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At325.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At294.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At292.job
[2011/11/02 16:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At264.job
[2011/11/02 16:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At263.job
[2011/11/02 16:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At356.job
[2011/11/02 16:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At357.job
[2011/11/02 16:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At122.job
[2011/11/02 16:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At123.job
[2011/11/02 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At237.job
[2011/11/02 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At209.job
[2011/11/02 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At180.job
[2011/11/02 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At151.job
[2011/11/02 16:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At23.job
[2011/11/02 15:49:51 | 000,065,536 | ---- | M] () -- C:\WINNT\System32\dsa.msc
[2011/11/02 15:49:46 | 000,065,536 | ---- | M] () -- C:\WINNT\NETLOGON.CHG
[2011/11/02 15:48:14 | 000,002,215 | ---- | M] () -- C:\Documents and Settings\Administrator.STUDENT\Desktop\Active Directory Users and Computers.lnk
[2011/11/02 15:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At72.job
[2011/11/02 15:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At386.job
[2011/11/02 15:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At291.job
[2011/11/02 15:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At150.job
[2011/11/02 15:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At179.job
[2011/11/02 15:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At149.job
[2011/11/02 15:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At323.job
[2011/11/02 15:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At236.job
[2011/11/02 15:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At208.job
[2011/11/02 15:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At207.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At355.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At324.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At290.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At22.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At178.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At385.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At354.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At322.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At177.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At121.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At118.job
[2011/11/02 14:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At21.job
[2011/11/02 14:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At289.job
[2011/11/02 14:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At206.job
[2011/11/02 14:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At148.job
[2011/11/02 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At96.job
[2011/11/02 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At71.job
[2011/11/02 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At70.job
[2011/11/02 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At235.job
[2011/11/02 13:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At95.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At69.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At384.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At383.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At353.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At262.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At234.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At20.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At117.job
[2011/11/02 13:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At205.job
[2011/11/02 13:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At176.job
[2011/11/02 13:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At321.job
[2011/11/02 13:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At288.job
[2011/11/02 13:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At147.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At391.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At390.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At382.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At352.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At287.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At175.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At94.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At351.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At319.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At261.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At146.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At115.job
[2011/11/02 12:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At233.job
[2011/11/02 12:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At204.job
[2011/11/02 12:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At116.job
[2011/11/02 12:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At320.job
[2011/11/02 12:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At19.job
[2011/11/02 11:00:04 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At381.job
[2011/11/02 11:00:04 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At286.job
[2011/11/02 11:00:04 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At232.job
[2011/11/02 11:00:04 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At203.job
[2011/11/02 11:00:04 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At389.job
[2011/11/02 11:00:04 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At285.job
[2011/11/02 11:00:04 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At350.job
[2011/11/02 11:00:04 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At93.job
[2011/11/02 11:00:04 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At318.job
[2011/11/02 11:00:04 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At260.job
[2011/11/02 11:00:03 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At120.job
[2011/11/02 11:00:03 | 000,000,346 | ---- | M] () -- C:\WINNT\tasks\At119.job
[2011/11/02 11:00:03 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At173.job
[2011/11/02 11:00:03 | 000,000,344 | ---- | M] () -- C:\WINNT\tasks\At145.job
[2011/11/02 11:00:03 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At18.job
[2011/11/02 11:00:03 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\At174.job
[2011/11/02 11:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\tasks\At114.job
[2011/11/02 10:39:05 | 457,179,136 | ---- | M] () -- C:\WINNT\MEMORY.DMP
[2011/11/02 10:28:34 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_548.dat
[2011/11/02 10:28:24 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_670.dat
[2011/11/02 09:43:18 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\CPUID CPU-Z.lnk
[2011/10/25 09:45:57 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Mozilla Firefox.lnk
[2011/10/21 08:48:05 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_50c.dat
[2011/10/19 13:39:39 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\Administrator.STUDENT\Desktop\Shortcut to Administrative Tools.lnk
[2011/10/19 13:34:52 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\LBP6300 e-Manual.lnk
[2011/10/19 13:15:31 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Administrator.STUDENT\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/19 12:59:14 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4cc.dat
[2011/10/12 13:09:41 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Administrator.STUDENT\Desktop\Shortcut to scripts.lnk
[2011/10/10 19:26:52 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_6e8.dat
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/03 08:20:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator.STUDENT\My Documents\MBR.dat
[2011/11/02 10:28:34 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_548.dat
[2011/11/02 10:28:24 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_670.dat
[2011/11/02 09:43:18 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\CPUID CPU-Z.lnk
[2011/10/21 08:48:05 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_50c.dat
[2011/10/19 12:59:14 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4cc.dat
[2011/10/10 19:26:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6e8.dat
[2011/09/05 23:09:04 | 000,299,544 | ---- | C] () -- C:\WINNT\RegGenieOnUninstall.exe
[2011/08/19 14:11:51 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_53c.dat
[2011/06/23 05:28:39 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_284.dat
[2011/04/13 16:03:54 | 000,102,400 | ---- | C] () -- C:\WINNT\RegBootClean.exe
[2011/04/13 14:32:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator.STUDENT\Local Settings\Application Data\housecall.guid.cache
[2011/04/11 17:59:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_52c.dat
[2011/03/25 15:45:12 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat
[2011/02/09 17:44:44 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_520.dat
[2011/01/25 15:55:36 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_530.dat
[2010/10/15 02:05:57 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_528.dat
[2010/10/14 02:39:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat
[2010/10/13 18:59:56 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat
[2010/10/13 18:44:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5e4.dat
[2010/10/13 18:08:40 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5dc.dat
[2010/10/06 13:58:29 | 000,000,079 | ---- | C] () -- C:\WINNT\ricdb.ini
[2010/10/06 13:58:23 | 000,000,030 | ---- | C] () -- C:\WINNT\System32\RPCS.ini
[2010/10/06 13:43:39 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5a8.dat
[2010/02/06 11:33:47 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5b8.dat
[2010/01/04 12:56:09 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_594.dat
[2009/12/04 15:45:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5a4.dat
[2009/12/04 15:37:12 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_598.dat
[2009/11/21 17:52:19 | 000,003,840 | ---- | C] () -- C:\WINNT\System32\drivers\BANTExt.sys
[2009/11/21 14:21:32 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_588.dat
[2009/09/30 09:17:03 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5c0.dat
[2009/08/12 13:47:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_604.dat
[2009/07/10 16:01:28 | 000,000,000 | ---- | C] () -- C:\WINNT\ui.INI
[2009/07/10 15:40:56 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5ac.dat
[2009/07/10 15:14:01 | 000,000,000 | ---- | C] () -- C:\WINNT\WATCH.INI
[2009/06/18 11:57:39 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_56c.dat
[2009/04/02 15:41:49 | 000,000,410 | ---- | C] () -- C:\WINNT\BRWMARK.INI
[2009/04/02 15:41:49 | 000,000,034 | ---- | C] () -- C:\WINNT\System32\BD2030.DAT
[2009/03/11 14:15:30 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_574.dat
[2009/03/11 13:32:31 | 000,017,168 | ---- | C] () -- C:\WINNT\System32\ismsink.dll
[2009/01/28 11:40:20 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_544.dat
[2009/01/02 11:20:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_55c.dat
[2008/12/07 20:51:58 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_538.dat
[2008/10/22 09:32:22 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_51c.dat
[2008/10/19 08:36:14 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2008/10/18 13:26:53 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4f4.dat
[2008/10/18 12:13:08 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_508.dat
[2008/08/20 15:53:38 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_500.dat
[2008/08/20 14:24:31 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_504.dat
[2008/08/14 09:52:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_550.dat
[2008/08/13 12:22:35 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_540.dat
[2008/08/13 12:10:51 | 000,000,000 | ---- | C] () -- C:\WINNT\VPC32.INI
[2008/04/30 14:49:30 | 000,011,597 | ---- | C] () -- C:\WINNT\System32\dnsperf.ini
[2008/04/30 12:52:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c8.dat
[2008/04/28 13:51:58 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4ec.dat
[2008/03/31 09:02:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4f0.dat
[2007/07/05 09:49:33 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4f8.dat
[2007/04/19 10:41:16 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat
[2007/03/20 16:54:17 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4bc.dat
[2007/03/20 12:44:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat
[2007/03/20 12:11:46 | 000,000,881 | ---- | C] () -- C:\WINNT\ODBC.INI
[2007/03/20 12:11:46 | 000,000,063 | ---- | C] () -- C:\WINNT\mdm.ini
[2007/03/20 12:11:41 | 000,000,000 | ---- | C] () -- C:\WINNT\NSREX.INI
[2007/03/20 11:12:27 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_464.dat
[2007/03/20 11:08:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_f8.dat
[2007/03/20 10:43:54 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat
[2007/03/20 10:17:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_318.dat
[2007/03/20 10:14:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_314.dat
[2007/03/20 10:12:57 | 000,032,768 | ---- | C] () -- C:\WINNT\System32\UnAudioNT.dll
[2007/03/20 10:12:12 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_338.dat
[2007/03/20 10:09:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_328.dat
[2007/03/20 10:06:16 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_33c.dat
[2007/03/20 09:58:31 | 000,002,360 | ---- | C] () -- C:\WINNT\System32\dhcpctrs.ini
[2007/03/20 09:58:24 | 000,000,000 | ---- | C] () -- C:\WINNT\frontpg.ini
[2007/03/20 09:57:41 | 000,015,012 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2007/03/20 09:56:52 | 000,021,789 | ---- | C] () -- C:\WINNT\System32\smtpctrs.ini
[2007/03/20 09:56:52 | 000,001,037 | ---- | C] () -- C:\WINNT\System32\ntfsdrct.ini
[2007/03/20 09:56:10 | 000,007,854 | ---- | C] () -- C:\WINNT\System32\ftpctrs.ini
[2007/03/20 09:56:08 | 000,038,523 | ---- | C] () -- C:\WINNT\System32\w3ctrs.ini
[2007/03/20 09:56:08 | 000,009,584 | ---- | C] () -- C:\WINNT\System32\axperf.ini
[2007/03/20 09:56:04 | 000,011,355 | ---- | C] () -- C:\WINNT\System32\infoctrs.ini
[2007/03/20 09:55:29 | 000,014,745 | ---- | C] () -- C:\WINNT\System32\CPSsym.ini
[2007/03/20 09:48:43 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2007/03/20 09:48:14 | 000,103,032 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2007/03/20 09:17:40 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2004/09/17 16:37:42 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\vuins32.dll
[2002/07/30 10:33:00 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\NavLogon.dll
[1999/12/07 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1999/12/07 08:00:00 | 000,424,846 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1999/12/07 08:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1999/12/07 08:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1999/12/07 08:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/12/07 08:00:00 | 000,133,752 | ---- | C] () -- C:\WINNT\System32\schema.ini
[1999/12/07 08:00:00 | 000,076,796 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1999/12/07 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1999/12/07 08:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[1999/12/07 08:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1999/12/07 08:00:00 | 000,022,582 | ---- | C] () -- C:\WINNT\System32\ntdsctrs.ini
[1999/12/07 08:00:00 | 000,020,386 | ---- | C] () -- C:\WINNT\System32\ntfrsrep.ini
[1999/12/07 08:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[1999/12/07 08:00:00 | 000,005,597 | ---- | C] () -- C:\WINNT\System32\ntfrscon.ini
[1999/12/07 08:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[1999/12/07 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[1999/09/25 10:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 10:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/10/21 16:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.STUDENT\Application Data\Foxit
[2009/07/01 15:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.STUDENT\Application Data\RemoteScanClient
[2011/08/24 14:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.STUDENT\Application Data\TeamViewer
[2011/05/18 11:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Canon
[2011/11/02 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At1.job
[2011/11/04 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At10.job
[2011/11/04 09:33:27 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At100.job
[2011/11/04 09:33:07 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At101.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At102.job
[2011/11/04 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At103.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At104.job
[2011/11/04 03:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At105.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At106.job
[2011/11/04 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At107.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At108.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At109.job
[2011/11/04 04:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At11.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At110.job
[2011/11/04 08:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At111.job
[2011/11/04 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At112.job
[2011/11/03 10:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At113.job
[2011/11/02 11:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At114.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At115.job
[2011/11/02 12:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At116.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At117.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At118.job
[2011/11/02 11:00:03 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At119.job
[2011/11/04 05:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At12.job
[2011/11/02 11:00:03 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At120.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At121.job
[2011/11/02 16:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At122.job
[2011/11/02 16:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At123.job
[2011/11/02 17:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At124.job
[2011/11/02 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At125.job
[2011/11/02 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At126.job
[2011/11/02 20:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At127.job
[2011/11/04 09:32:38 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At128.job
[2011/11/04 09:32:59 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At129.job
[2011/11/04 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At13.job
[2011/11/04 09:33:27 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At130.job
[2011/11/04 09:33:09 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At131.job
[2011/11/04 09:33:10 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At132.job
[2011/11/04 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At133.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At134.job
[2011/11/04 03:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At135.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At136.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At137.job
[2011/11/04 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At138.job
[2011/11/04 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At139.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At14.job
[2011/11/04 07:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At140.job
[2011/11/04 08:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At141.job
[2011/11/04 09:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At142.job
[2011/11/03 10:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At143.job
[2011/11/03 10:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At144.job
[2011/11/02 11:00:03 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At145.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At146.job
[2011/11/02 13:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At147.job
[2011/11/02 14:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At148.job
[2011/11/02 15:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At149.job
[2011/11/04 08:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At15.job
[2011/11/02 15:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At150.job
[2011/11/02 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At151.job
[2011/11/02 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At152.job
[2011/11/02 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At153.job
[2011/11/02 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At154.job
[2011/11/02 20:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At155.job
[2011/11/02 20:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At156.job
[2011/11/04 09:32:39 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At157.job
[2011/11/04 09:33:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At158.job
[2011/11/04 09:33:28 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At159.job
[2011/11/04 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At16.job
[2011/11/04 09:33:11 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At160.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At161.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At162.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At163.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At164.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At165.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At166.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At167.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At168.job
[2011/11/04 07:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At169.job
[2011/11/04 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At17.job
[2011/11/04 08:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At170.job
[2011/11/04 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At171.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At172.job
[2011/11/02 11:00:03 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At173.job
[2011/11/02 11:00:03 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At174.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At175.job
[2011/11/02 13:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At176.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At177.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At178.job
[2011/11/02 15:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At179.job
[2011/11/02 11:00:03 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At18.job
[2011/11/02 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At180.job
[2011/11/02 17:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At181.job
[2011/11/02 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At182.job
[2011/11/02 19:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At183.job
[2011/11/02 20:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At184.job
[2011/11/02 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At185.job
[2011/11/04 09:32:40 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At186.job
[2011/11/04 09:33:02 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At187.job
[2011/11/04 09:32:41 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At188.job
[2011/11/04 09:33:12 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At189.job
[2011/11/02 12:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At19.job
[2011/11/04 01:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At190.job
[2011/11/04 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At191.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At192.job
[2011/11/04 03:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At193.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At194.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At195.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At196.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At197.job
[2011/11/04 07:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At198.job
[2011/11/04 08:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At199.job
[2011/11/02 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At2.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At20.job
[2011/11/04 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At200.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At201.job
[2011/11/03 10:00:02 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At202.job
[2011/11/02 11:00:04 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At203.job
[2011/11/02 12:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At204.job
[2011/11/02 13:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At205.job
[2011/11/02 14:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At206.job
[2011/11/02 15:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At207.job
[2011/11/02 15:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At208.job
[2011/11/02 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At209.job
[2011/11/02 14:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At21.job
[2011/11/02 17:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At210.job
[2011/11/02 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At211.job
[2011/11/02 19:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At212.job
[2011/11/02 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At213.job
[2011/11/04 09:32:19 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At214.job
[2011/11/04 09:32:43 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At215.job
[2011/11/04 09:33:07 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At216.job
[2011/11/04 09:32:45 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At217.job
[2011/11/04 09:33:13 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At218.job
[2011/11/04 09:33:14 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At219.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At22.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At220.job
[2011/11/04 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At221.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At222.job
[2011/11/04 04:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At223.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At224.job
[2011/11/04 05:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At225.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At226.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At227.job
[2011/11/04 08:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At228.job
[2011/11/04 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At229.job
[2011/11/02 16:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At23.job
[2011/11/04 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At230.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At231.job
[2011/11/02 11:00:04 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At232.job
[2011/11/02 12:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At233.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At234.job
[2011/11/02 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At235.job
[2011/11/02 15:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At236.job
[2011/11/02 16:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At237.job
[2011/11/02 17:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At238.job
[2011/11/02 18:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At239.job
[2011/11/02 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At24.job
[2011/11/02 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At240.job
[2011/11/02 19:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At241.job
[2011/11/04 09:32:21 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At242.job
[2011/11/04 09:32:45 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At243.job
[2011/11/04 09:33:08 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At244.job
[2011/11/04 09:32:46 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At245.job
[2011/11/04 09:32:47 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At246.job
[2011/11/04 09:33:15 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At247.job
[2011/11/04 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At248.job
[2011/11/04 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At249.job
[2011/11/02 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At25.job
[2011/11/04 03:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At250.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At251.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At252.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At253.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At254.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At255.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At256.job
[2011/11/04 09:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At257.job
[2011/11/04 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At258.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At259.job
[2011/11/02 18:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At26.job
[2011/11/02 11:00:04 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At260.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At261.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At262.job
[2011/11/02 16:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At263.job
[2011/11/02 16:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At264.job
[2011/11/02 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At265.job
[2011/11/02 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At266.job
[2011/11/04 09:32:22 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At267.job
[2011/11/04 09:32:47 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At268.job
[2011/11/04 09:32:48 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At269.job
[2011/11/02 19:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At27.job
[2011/11/04 09:33:09 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At270.job
[2011/11/04 09:32:49 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At271.job
[2011/11/04 09:33:17 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At272.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At273.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At274.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At275.job
[2011/11/04 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At276.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At277.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At278.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At279.job
[2011/11/04 09:32:24 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At28.job
[2011/11/04 06:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At280.job
[2011/11/04 07:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At281.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At282.job
[2011/11/04 09:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At283.job
[2011/11/03 10:00:02 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At284.job
[2011/11/02 11:00:04 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At285.job
[2011/11/02 11:00:04 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At286.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At287.job
[2011/11/02 13:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At288.job
[2011/11/02 14:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At289.job
[2011/11/04 09:32:50 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At29.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At290.job
[2011/11/02 15:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At291.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At292.job
[2011/11/02 17:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At293.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At294.job
[2011/11/02 17:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At295.job
[2011/11/02 18:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At296.job
[2011/11/02 18:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At297.job
[2011/11/02 19:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At298.job
[2011/11/04 09:32:26 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At299.job
[2011/11/04 09:32:51 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At3.job
[2011/11/04 09:33:10 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At30.job
[2011/11/04 09:32:51 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At300.job
[2011/11/04 09:33:11 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At301.job
[2011/11/04 09:33:12 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At302.job
[2011/11/04 09:32:50 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At303.job
[2011/11/04 09:33:19 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At304.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At305.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At306.job
[2011/11/04 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At307.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At308.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At309.job
[2011/11/04 09:33:14 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At31.job
[2011/11/04 05:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At310.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At311.job
[2011/11/04 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At312.job
[2011/11/04 07:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At313.job
[2011/11/04 08:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At314.job
[2011/11/04 09:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At315.job
[2011/11/04 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At316.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At317.job
[2011/11/02 11:00:04 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At318.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At319.job
[2011/11/04 09:32:51 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At32.job
[2011/11/02 12:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At320.job
[2011/11/02 13:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At321.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At322.job
[2011/11/02 15:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At323.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At324.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At325.job
[2011/11/02 17:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At326.job
[2011/11/02 18:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At327.job
[2011/11/02 19:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At328.job
[2011/11/02 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At329.job
[2011/11/04 09:33:20 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At33.job
[2011/11/04 09:32:28 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At330.job
[2011/11/04 09:32:52 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At331.job
[2011/11/04 09:33:15 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At332.job
[2011/11/04 09:32:52 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At333.job
[2011/11/04 09:32:53 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At334.job
[2011/11/04 09:33:21 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At335.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At336.job
[2011/11/04 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At337.job
[2011/11/04 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At338.job
[2011/11/04 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At339.job
[2011/11/04 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At34.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At340.job
[2011/11/04 04:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At341.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At342.job
[2011/11/04 05:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At343.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At344.job
[2011/11/04 07:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At345.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At346.job
[2011/11/04 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At347.job
[2011/11/04 09:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At348.job
[2011/11/03 10:00:02 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At349.job
[2011/11/04 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At35.job
[2011/11/02 11:00:04 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At350.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At351.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At352.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At353.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At354.job
[2011/11/02 15:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At355.job
[2011/11/02 16:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At356.job
[2011/11/02 16:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At357.job
[2011/11/02 17:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At358.job
[2011/11/02 18:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At359.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At36.job
[2011/11/02 19:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At360.job
[2011/11/02 19:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At361.job
[2011/11/04 09:32:28 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At362.job
[2011/11/04 09:32:53 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At363.job
[2011/11/04 09:33:16 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At364.job
[2011/11/04 09:32:54 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At365.job
[2011/11/04 09:32:55 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At366.job
[2011/11/04 00:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At367.job
[2011/11/04 01:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At368.job
[2011/11/04 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At369.job
[2011/11/04 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At37.job
[2011/11/04 02:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At370.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At371.job
[2011/11/04 04:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At372.job
[2011/11/04 05:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At373.job
[2011/11/04 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At374.job
[2011/11/04 06:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At375.job
[2011/11/04 07:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At376.job
[2011/11/04 08:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At377.job
[2011/11/04 09:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At378.job
[2011/11/03 10:00:02 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At379.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At38.job
[2011/11/03 10:00:02 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At380.job
[2011/11/02 11:00:04 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At381.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At382.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At383.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At384.job
[2011/11/02 14:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At385.job
[2011/11/02 15:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At386.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At387.job
[2011/11/02 17:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At388.job
[2011/11/02 11:00:04 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At389.job
[2011/11/04 05:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At39.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At390.job
[2011/11/02 12:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At391.job
[2011/11/04 09:33:17 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At4.job
[2011/11/04 06:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At40.job
[2011/11/04 07:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At41.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At42.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At43.job
[2011/11/04 09:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At44.job
[2011/11/03 10:00:02 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At45.job
[2011/11/02 16:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At46.job
[2011/11/02 17:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At47.job
[2011/11/02 18:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At48.job
[2011/11/02 19:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At49.job
[2011/11/04 09:33:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At5.job
[2011/11/04 09:32:30 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At50.job
[2011/11/04 09:32:31 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At51.job
[2011/11/04 09:32:55 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At52.job
[2011/11/04 09:33:20 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At53.job
[2011/11/04 09:33:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At54.job
[2011/11/04 00:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At55.job
[2011/11/04 00:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At56.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At57.job
[2011/11/04 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At58.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At59.job
[2011/11/04 00:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At6.job
[2011/11/04 04:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At60.job
[2011/11/04 05:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At61.job
[2011/11/04 05:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At62.job
[2011/11/04 06:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At63.job
[2011/11/04 07:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At64.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At65.job
[2011/11/04 09:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At66.job
[2011/11/04 09:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At67.job
[2011/11/03 10:00:02 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At68.job
[2011/11/02 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At69.job
[2011/11/04 00:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At7.job
[2011/11/02 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At70.job
[2011/11/02 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At71.job
[2011/11/02 15:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At72.job
[2011/11/02 17:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At73.job
[2011/11/02 19:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At74.job
[2011/11/04 09:32:34 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At75.job
[2011/11/04 09:32:56 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At76.job
[2011/11/04 09:33:21 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At77.job
[2011/11/04 09:33:22 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At78.job
[2011/11/04 09:33:03 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At79.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At8.job
[2011/11/04 00:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At80.job
[2011/11/04 01:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At81.job
[2011/11/04 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At82.job
[2011/11/04 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At83.job
[2011/11/04 03:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At84.job
[2011/11/04 04:00:00 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At85.job
[2011/11/04 05:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At86.job
[2011/11/04 06:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At87.job
[2011/11/04 07:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At88.job
[2011/11/04 07:00:01 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At89.job
[2011/11/04 02:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At9.job
[2011/11/04 08:00:00 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At90.job
[2011/11/04 09:00:01 | 000,000,344 | ---- | M] () -- C:\WINNT\Tasks\At91.job
[2011/11/03 10:00:02 | 000,000,348 | ---- | M] () -- C:\WINNT\Tasks\At92.job
[2011/11/02 11:00:04 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At93.job
[2011/11/02 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At94.job
[2011/11/02 13:00:01 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At95.job
[2011/11/02 14:00:00 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At96.job
[2011/11/04 09:32:58 | 000,000,346 | ---- | M] () -- C:\WINNT\Tasks\At97.job
[2011/11/04 09:33:24 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At98.job
[2011/11/04 09:33:25 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\At99.job
[2011/11/04 09:32:16 | 000,000,796 | ---- | M] () -- C:\WINNT\Tasks\lso student.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Microsoft UAM Volume:AFP_AfpInfo
@Alternate Data Stream - 44 bytes -> C:\Microsoft UAM Volume:AFP_DeskTop
@Alternate Data Stream - 4096 bytes -> C:\Microsoft UAM Volume:AFP_IdIndex

< End of report >


Here is Extras.txt

OTL Extras logfile created on: 04/11/2011 09:38:30 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator.STUDENT\Desktop
Windows 2000 Advanced Server Edition Service Pack 4 (Version = 5.0.2195) - Type = NTDomainController
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

223.48 Mb Total Physical Memory | 69.08 Mb Available Physical Memory | 30.91% Memory free
638.05 Mb Paging File | 13.40 Mb Available in Paging File | 2.10% Paging File free
Paging file location(s): C:\pagefile.sys 436 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 50.97 Gb Free Space | 86.99% Space Free | Partition Type: NTFS
Drive F: | 69.40 Gb Total Space | 38.10 Gb Free Space | 54.90% Space Free | Partition Type: NTFS

Computer Name: STUDENTLSO | User Name: administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{242365CD-80F2-11D2-989A-00C04F7978A9}" = Windows 2000 Support Tools
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7D2B86CA-2D5D-469E-92ED-E56B62BD1D3C}" = Symantec AntiVirus Server
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}" = MSN Messenger 7.0
"{B1C1C959-8B1E-421B-8C90-46AAFBC3D7DD}" = Support Tools Web Package : DCDIAG.EXE
"{B7298620-EAC6-11D1-8F87-0060082EA63E}" = Windows 2000 Administration Tools
"{C8BC7F74-65A7-428F-80C6-D8034103781C}" = Vbsedit
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Foxit Toolbar
"Belarc Advisor" = Belarc Advisor 8.1
"Canon LBP6300" = Canon LBP6300
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Foxit Reader" = Foxit Reader
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Mozilla Firefox 6.0.1 (x86 en-GB)" = Mozilla Firefox 6.0.1 (x86 en-GB)
"P4M266" = ProSavageDDR and Utilities
"PaperCut_is1" = PaperCut 4.1
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"RealVNC_is1" = VNC Free Edition 4.1.2
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"TeamViewer 6" = TeamViewer 6
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows 2000 Service Pack" = Windows 2000 Service Pack 4
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2011 13:07:35 | Computer Name = STUDENTLSO | Source = NTBackup | ID = 8001
Description = End Backup of 'F:' Verify: Off Mode: Append Type:
Inc

Error - 12/10/2011 12:10:52 | Computer Name = STUDENTLSO | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).

Error - 12/10/2011 13:07:23 | Computer Name = STUDENTLSO | Source = NTBackup | ID = 8001
Description = End Backup of 'F:' Verify: Off Mode: Append Type:
Inc

Error - 18/10/2011 12:24:01 | Computer Name = STUDENTLSO | Source = MacPrint | ID = 2009
Description = The Windows 2000 Print System is not responding. MacPrint Service is
stopping.

Error - 19/10/2011 08:58:16 | Computer Name = STUDENTLSO | Source = MacPrint | ID = 2009
Description = The Windows 2000 Print System is not responding. MacPrint Service is
stopping.

Error - 19/10/2011 13:07:10 | Computer Name = STUDENTLSO | Source = NTBackup | ID = 8001
Description = End Backup of 'F:' Verify: Off Mode: Append Type:
Inc

Error - 21/10/2011 04:31:38 | Computer Name = STUDENTLSO | Source = FTPCtrs | ID = 1000
Description = Unable to collect the FTP performance statistics. The error code returned
by the service is data DWORD 0. For additional information specific to this message
please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 02/11/2011 06:28:45 | Computer Name = STUDENTLSO | Source = FTPCtrs | ID = 1000
Description = Unable to collect the FTP performance statistics. The error code returned
by the service is data DWORD 0. For additional information specific to this message
please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 02/11/2011 06:38:03 | Computer Name = STUDENTLSO | Source = FTPCtrs | ID = 1000
Description = Unable to collect the FTP performance statistics. The error code returned
by the service is data DWORD 0. For additional information specific to this message
please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 02/11/2011 14:07:12 | Computer Name = STUDENTLSO | Source = NTBackup | ID = 8001
Description = End Backup of 'F:' Verify: Off Mode: Append Type:
Inc

[ Directory Service Events ]
Error - 13/10/2010 13:54:22 | Computer Name = STUDENTLSO | Source = NTDS General | ID = 1126
Description = Unable to establish connection with global catalog.

Error - 13/10/2010 14:40:00 | Computer Name = STUDENTLSO | Source = NTDS General | ID = 1126
Description = Unable to establish connection with global catalog.

[ DNS Server Events ]
Error - 01/03/2009 09:18:26 | Computer Name = STUDENTLSO | Source = DNS | ID = 4016
Description = The DNS server timed out attempting an Active Directory service operation
on
DC=RootDNSServers,cn=MicrosoftDNS,cn=System,DC=lsostudent,DC=com. Check Active
Directory to see that it is functioning properly. The event data contains the error.

Error - 01/03/2009 09:24:26 | Computer Name = STUDENTLSO | Source = DNS | ID = 4016
Description = The DNS server timed out attempting an Active Directory service operation
on
---. Check Active Directory to see that it is functioning properly. The event data
contains the error.

Error - 01/03/2009 09:24:26 | Computer Name = STUDENTLSO | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The event data
contains the error.

Error - 01/03/2009 09:30:26 | Computer Name = STUDENTLSO | Source = DNS | ID = 4016
Description = The DNS server timed out attempting an Active Directory service operation
on
DC=1.168.192.in-addr.arpa,cn=MicrosoftDNS,cn=System,DC=lsostudent,DC=com. Check
Active Directory to see that it is functioning properly. The event data contains
the error.

Error - 01/03/2009 09:36:26 | Computer Name = STUDENTLSO | Source = DNS | ID = 4016
Description = The DNS server timed out attempting an Active Directory service operation
on
---. Check Active Directory to see that it is functioning properly. The event data
contains the error.

Error - 01/03/2009 09:36:26 | Computer Name = STUDENTLSO | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The event data contains the error.

Error - 06/02/2010 07:30:32 | Computer Name = STUDENTLSO | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone .. This DNS server is configured to use information obtained from Active
Directory
for this zone and is unable to load the zone without it. Check that the Active
Directory is functioning properly and repeat enumeration of the zone. The event data
contains the error.

Error - 06/02/2010 07:30:32 | Computer Name = STUDENTLSO | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone 1.168.192.in-addr.arpa. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone without
it. Check that the Active Directory is functioning properly and repeat enumeration
of
the zone. The event data contains the error.

Error - 06/02/2010 07:30:32 | Computer Name = STUDENTLSO | Source = DNS | ID = 4004
Description = The DNS server was unable to complete directory service enumeration
of zone lsostudent.com. This DNS server is configured to use information obtained
from Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat enumeration of
the zone. The event data contains the error.

Error - 13/10/2010 14:23:15 | Computer Name = STUDENTLSO | Source = DNS | ID = 4000
Description = The DNS server was unable to open Active Directory. This DNS server
is
configured to obtain and use information from the directory for this zone and is
unable to load the zone without it. Check that the Active Directory is functioning
properly and reload the zone. The event data is the error code.

[ System Events ]
Error - 10/10/2011 15:25:13 | Computer Name = STUDENTLSO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:23:02 on 10/10/2011 was unexpected.

Error - 11/10/2011 07:04:38 | Computer Name = STUDENTLSO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:25:13 on 10/10/2011 was unexpected.

Error - 18/10/2011 12:23:35 | Computer Name = STUDENTLSO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: No
action.

Error - 19/10/2011 08:50:15 | Computer Name = STUDENTLSO | Source = Server | ID = 2510
Description = The server service was unable to map error code 1727.

Error - 19/10/2011 08:50:15 | Computer Name = STUDENTLSO | Source = Server | ID = 2510
Description = The server service was unable to map error code 1722.

Error - 19/10/2011 08:50:15 | Computer Name = STUDENTLSO | Source = Server | ID = 2510
Description = The server service was unable to map error code 1722.

Error - 19/10/2011 09:00:48 | Computer Name = STUDENTLSO | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: No
action.

Error - 21/10/2011 04:29:42 | Computer Name = STUDENTLSO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:24:31 on 21/10/2011 was unexpected.

Error - 21/10/2011 04:46:11 | Computer Name = STUDENTLSO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:44:44 on 21/10/2011 was unexpected.

Error - 02/11/2011 06:34:26 | Computer Name = STUDENTLSO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:26:35 on 02/11/2011 was unexpected.


< End of report >

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 04 November 2011 - 02:04 PM

You have been infected by TDSS. This can be cleaned but I have yet to do so on a server. I will warn you that some tools may not work but let's begin with a ready-made tool to try and remove the rootkit.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 06 November 2011 - 07:52 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 07 November 2011 - 07:30 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:06 PM

Posted 08 November 2011 - 12:27 PM

This topic has been re-opened at the request of the person who originally posted.
Posted Image
m0le is a proud member of UNITE

#14 purge11

purge11
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 09 November 2011 - 04:50 AM

Hello Mole,

For some reason, I cannot run TDSSKiller. It says it is not a win32 application.

Screenshot of image at the link

Error screen

Is there anyway I can remove TDSS?

#15 purge11

purge11
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 09 November 2011 - 10:21 AM

Hello,

I was at the computer which is infected and managed to run tdsskiller.

Here is the report as an attachment, its rather long though. Did not seem to bring up anything, but before then I had to reboot the machine due to memory resources problem.

Thanks

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users