Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected; All search engines redirecting and Windows firewall unaccesible


  • This topic is locked This topic is locked
7 replies to this topic

#1 Buckeye77

Buckeye77

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 18 July 2012 - 09:23 AM

I have an infection that results in any search engine being redirected. The redirect will usually go to a "search engine" that show only an IP address rather than an actual name or it will return to my homepage - Google. I also get pop-ups that generally go to a "search engine" that show only an IP address. When scanned; Smantec Endpoint Protection and MBAM scans find two problems each, both programs say they delete the files in questions but the problem is never solved. I also get warnings from Symantec and MBAM about attempts to real malicious websites being blocked.

Lastly, I am not able to open Windows Firewall, iget this message (Due to an unidetified problem, Windows cannot display Windows Firewall settings.) I normally have the Windows Firewall turned off so that I am able to connect via vpn to my company's network.

Thank you for taking the time to read this and for any help you could provide. Have a great day!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by brjohnso at 23:30:29 on 2012-07-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1093 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer
uDefault_Page_URL = hxxp://swebi.schneider-electric.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN24DBK1G405KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\VPNCLI~1.LNK -
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: apc.com\blaze
Trusted Zone: apc.com\citrix
Trusted Zone: apc.com\configurator
Trusted Zone: apc.com\emea2
Trusted Zone: apc.com\emeasametime
Trusted Zone: apc.com\emeasametime.emea
Trusted Zone: apc.com\emeasblprdwet.emea
Trusted Zone: apc.com\intouch
Trusted Zone: apc.com\jpaa-en
Trusted Zone: apc.com\jupiter
Trusted Zone: apc.com\jupiter1
Trusted Zone: apc.com\jupiter2
Trusted Zone: apc.com\jupiter4
Trusted Zone: apc.com\lam-en
Trusted Zone: apc.com\lam-es
Trusted Zone: apc.com\namsametime
Trusted Zone: apc.com\namsametime.ams
Trusted Zone: apc.com\order1
Trusted Zone: apc.com\trojan
Trusted Zone: apc.com\trojan3
Trusted Zone: apcc.com\configurator
Trusted Zone: apcc.com\emea2
Trusted Zone: apcc.com\emeasametime
Trusted Zone: apcc.com\intouch
Trusted Zone: apcc.com\jupiter
Trusted Zone: apcc.com\jupiter1
Trusted Zone: apcc.com\jupiter2
Trusted Zone: apcc.com\jupiter4
Trusted Zone: apcc.com\namsametime
Trusted Zone: apcc.com\order1
Trusted Zone: apcc.com\trojan
Trusted Zone: apcc.com\trojan3
Trusted Zone: custhelp.com\conextproducts
Trusted Zone: emeasametime
Trusted Zone: namsametime
Trusted Zone: apc.com\citrix
Trusted Zone: apc.com\emea-cs
Trusted Zone: apc.com\emea-de
Trusted Zone: apc.com\emea-en
Trusted Zone: apc.com\emea-es
Trusted Zone: apc.com\emea-fr
Trusted Zone: apc.com\emea-it
Trusted Zone: apc.com\emea-pl
Trusted Zone: apc.com\emea2
Trusted Zone: apc.com\emeasametime.emea
Trusted Zone: apc.com\intouch
Trusted Zone: apc.com\jpaa-en
Trusted Zone: apc.com\jupiter
Trusted Zone: apc.com\jupiter1
Trusted Zone: apc.com\jupiter2
Trusted Zone: apc.com\jupiter4
Trusted Zone: apc.com\lam-en
Trusted Zone: apc.com\lam-es
Trusted Zone: apc.com\nam-en
Trusted Zone: apc.com\namsametime.ams
Trusted Zone: apc.com\order1
Trusted Zone: apc.com\siebel78.ams
Trusted Zone: apc.com\trojan
Trusted Zone: apc.com\trojan3
Trusted Zone: apcc.com\emea2
Trusted Zone: apcc.com\intouch
Trusted Zone: apcc.com\jupiter
Trusted Zone: apcc.com\jupiter1
Trusted Zone: apcc.com\jupiter2
Trusted Zone: apcc.com\jupiter4
Trusted Zone: apcc.com\order1
Trusted Zone: apcc.com\trojan
Trusted Zone: apcc.com\trojan3
Trusted Zone: custhelp.com\conextproducts
Trusted Zone: emeasametime
Trusted Zone: namsametime
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {398ABDF3-6489-4E39-940C-FCC112ADFD55} - hxxp://emeasblprdwet.emea.apc.com/sales_ams_enu/20436/applets/SiebelAx_OutBound_mail.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
DPF: {4571C6A3-CB9E-11D0-BDE2-0000F4B02CED} - hxxp://configurator.apc.com/products/powerstruxure/configurator/shared/cabs/attarxinf.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342552207734
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://emeasblprdwet.emea.apc.com/sales_ams_enu/20436/applets/SiebelAx_Desktop_Integration.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18}
DPF: {B5BD336F-FA62-4B8B-B221-7088B6E53EE1} - hxxp://emeasblprdwet.emea.apc.com/sales_ams_enu/20436/applets/SiebelAx_HI_Client.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E35EE16E-3703-4F13-A8DC-A84E9A4A72FA} : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brjohnso.nam\application data\mozilla\firefox\profiles\mttgzb4z.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
============= SERVICES / DRIVERS ===============
.
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 16984]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-11-29 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-11-29 108392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-13 655944]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-11-29 2440632]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-9-16 45288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-13 22344]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120717.018\NAVENG.SYS [2012-7-17 87928]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120717.018\NAVEX15.SYS [2012-7-17 1589752]
S0 fgtjdpm;fgtjdpm;c:\windows\system32\drivers\qphquxu.sys --> c:\windows\system32\drivers\qphquxu.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-30 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-11 250056]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-19 106496]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-11-29 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-30 136176]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [2003-2-14 96256]
S3 probsvc;probsvc;probsvc.exe --> probsvc.exe [?]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2010-9-2 58240]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2003-11-7 36676]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2003-11-7 24344]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-17 19:32:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-07-17 19:32:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-07-17 19:32:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-07-17 19:32:23 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-17 19:30:30 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-07-17 19:30:30 3072 ------w- c:\windows\system32\iacenc.dll
2012-07-17 19:27:58 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-07-17 19:27:20 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-07-17 19:12:50 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-07-17 19:12:50 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-07-17 19:10:55 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-16 18:46:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-16 17:44:39 -------- d-----w- c:\documents and settings\brjohnso.nam\local settings\application data\PCHealth
2012-07-16 17:42:05 -------- dc-h--w- c:\windows\ie8
2012-06-20 22:14:56 -------- d-----w- c:\documents and settings\brjohnso.nam\application data\TeamViewer
2012-06-18 23:08:39 15128 ----a-w- c:\documents and settings\brjohnso.nam\application data\microsoft\identitycrl\production\ppcrlconfig.dll
.
==================== Find3M ====================
.
2012-07-12 16:00:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 16:00:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 05:47:37 54016 ----a-w- c:\windows\system32\drivers\yphdaj.sys
2012-05-15 04:11:19 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-05-15 04:11:19 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2003-04-29 22:38:34 153088 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 23:31:33.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 18 July 2012 - 10:04 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

Lastly, I am not able to open Windows Firewall, iget this message (Due to an unidetified problem, Windows cannot display Windows Firewall settings.) I normally have the Windows Firewall turned off so that I am able to connect via vpn to my company's network.

This is more than likely caused by the infection you have.

==========

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    svchost.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    yphdaj.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Buckeye77

Buckeye77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 18 July 2012 - 04:45 PM

Part 1 of 2

Hello ST,

1) I'm pleased to me you as well, thank you for the quick reply and your help! The site is reporting that my post is too long so I'll break it into two posts, hopefully this does not cause any inconvenience for you.

2)TDSSKiller log
14:31:07.0089 4276 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
14:31:07.0449 4276 ============================================================
14:31:07.0449 4276 Current date / time: 2012/07/18 14:31:07.0449
14:31:07.0449 4276 SystemInfo:
14:31:07.0449 4276
14:31:07.0449 4276 OS Version: 5.1.2600 ServicePack: 3.0
14:31:07.0449 4276 Product type: Workstation
14:31:07.0449 4276 ComputerName: USWKG3Y0K5F1
14:31:07.0449 4276 UserName: brjohnso
14:31:07.0449 4276 Windows directory: C:\WINDOWS
14:31:07.0449 4276 System windows directory: C:\WINDOWS
14:31:07.0449 4276 Processor architecture: Intel x86
14:31:07.0449 4276 Number of processors: 2
14:31:07.0449 4276 Page size: 0x1000
14:31:07.0449 4276 Boot type: Normal boot
14:31:07.0449 4276 ============================================================
14:31:29.0685 4276 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:31:29.0716 4276 ============================================================
14:31:29.0716 4276 \Device\Harddisk0\DR0:
14:31:29.0716 4276 MBR partitions:
14:31:29.0716 4276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x500D0EA
14:31:29.0716 4276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x500D129, BlocksNum 0x4501398
14:31:29.0716 4276 ============================================================
14:31:29.0935 4276 C: <-> \Device\Harddisk0\DR0\Partition0
14:31:30.0325 4276 D: <-> \Device\Harddisk0\DR0\Partition1
14:31:30.0357 4276 ============================================================
14:31:30.0357 4276 Initialize success
14:31:30.0357 4276 ============================================================
14:33:04.0067 7692 ============================================================
14:33:04.0067 7692 Scan started
14:33:04.0067 7692 Mode: Manual; SigCheck; TDLFS;
14:33:04.0067 7692 ============================================================
14:33:05.0380 7692 Abiosdsk - ok
14:33:05.0380 7692 abp480n5 - ok
14:33:05.0427 7692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:33:06.0364 7692 ACPI - ok
14:33:06.0395 7692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:33:06.0520 7692 ACPIEC - ok
14:33:06.0598 7692 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:33:06.0661 7692 AdobeFlashPlayerUpdateSvc - ok
14:33:06.0661 7692 adpu160m - ok
14:33:06.0708 7692 aeaudio (b2886807ac2543da273765cef4d82d68) C:\WINDOWS\system32\drivers\aeaudio.sys
14:33:06.0755 7692 aeaudio ( UnsignedFile.Multi.Generic ) - warning
14:33:06.0755 7692 aeaudio - detected UnsignedFile.Multi.Generic (1)
14:33:06.0786 7692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:33:06.0927 7692 aec - ok
14:33:06.0958 7692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:33:07.0005 7692 AFD - ok
14:33:07.0083 7692 AgereSoftModem (aff071b6290776e1fa162837c35eac78) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:33:07.0224 7692 AgereSoftModem ( UnsignedFile.Multi.Generic ) - warning
14:33:07.0224 7692 AgereSoftModem - detected UnsignedFile.Multi.Generic (1)
14:33:07.0255 7692 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:33:07.0395 7692 agp440 - ok
14:33:07.0395 7692 Aha154x - ok
14:33:07.0395 7692 aic78u2 - ok
14:33:07.0411 7692 aic78xx - ok
14:33:07.0442 7692 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:33:07.0583 7692 Alerter - ok
14:33:07.0599 7692 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:33:07.0770 7692 ALG - ok
14:33:07.0770 7692 AliIde - ok
14:33:07.0770 7692 amsint - ok
14:33:07.0802 7692 ApfiltrService (11246b43e2fd8318ef5f45de3a74fbae) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
14:33:07.0864 7692 ApfiltrService - ok
14:33:07.0911 7692 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
14:33:08.0052 7692 APPDRV ( UnsignedFile.Multi.Generic ) - warning
14:33:08.0052 7692 APPDRV - detected UnsignedFile.Multi.Generic (1)
14:33:08.0130 7692 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:33:08.0177 7692 Apple Mobile Device - ok
14:33:08.0208 7692 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:33:08.0349 7692 AppMgmt - ok
14:33:08.0380 7692 AR5211 (fa4e83435e3d59c687bcc579f5d5eaec) C:\WINDOWS\system32\DRIVERS\ar5211.sys
14:33:08.0505 7692 AR5211 ( UnsignedFile.Multi.Generic ) - warning
14:33:08.0505 7692 AR5211 - detected UnsignedFile.Multi.Generic (1)
14:33:08.0567 7692 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:33:08.0692 7692 Arp1394 - ok
14:33:08.0692 7692 asc - ok
14:33:08.0692 7692 asc3350p - ok
14:33:08.0692 7692 asc3550 - ok
14:33:08.0817 7692 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:33:08.0942 7692 aspnet_state - ok
14:33:08.0958 7692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:33:09.0099 7692 AsyncMac - ok
14:33:09.0130 7692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:33:09.0364 7692 atapi - ok
14:33:09.0364 7692 Atdisk - ok
14:33:09.0427 7692 Ati HotKey Poller (4a243ffb3837d16371533cd6fe8aadc2) C:\WINDOWS\system32\Ati2evxx.exe
14:33:09.0489 7692 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
14:33:09.0489 7692 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
14:33:09.0567 7692 ati2mtag (cfb737fb9e2c8f508baf14a4a8bedf22) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:33:09.0771 7692 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
14:33:09.0771 7692 ati2mtag - detected UnsignedFile.Multi.Generic (1)
14:33:09.0833 7692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:33:09.0974 7692 Atmarpc - ok
14:33:10.0021 7692 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:33:10.0146 7692 AudioSrv - ok
14:33:10.0177 7692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:33:10.0318 7692 audstub - ok
14:33:10.0489 7692 awhost32 (7cf4d19036ba2690e2208379cc56092c) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
14:33:10.0552 7692 awhost32 ( UnsignedFile.Multi.Generic ) - warning
14:33:10.0552 7692 awhost32 - detected UnsignedFile.Multi.Generic (1)
14:33:10.0646 7692 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys
14:33:10.0755 7692 AW_HOST ( UnsignedFile.Multi.Generic ) - warning
14:33:10.0755 7692 AW_HOST - detected UnsignedFile.Multi.Generic (1)
14:33:11.0036 7692 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:33:11.0255 7692 b57w2k - ok
14:33:11.0380 7692 BCM43XX (5d4893633b7161fa25500eb7aeabec94) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:33:11.0583 7692 BCM43XX - ok
14:33:11.0740 7692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:33:11.0865 7692 Beep - ok
14:33:11.0927 7692 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:33:12.0099 7692 BITS - ok
14:33:12.0177 7692 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
14:33:12.0255 7692 Bonjour Service - ok
14:33:12.0286 7692 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:33:12.0411 7692 Browser - ok
14:33:12.0458 7692 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:33:12.0599 7692 BthEnum - ok
14:33:12.0630 7692 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:33:12.0755 7692 BthPan - ok
14:33:12.0802 7692 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
14:33:12.0880 7692 BTHPORT - ok
14:33:12.0911 7692 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
14:33:13.0021 7692 BthServ - ok
14:33:13.0052 7692 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:33:13.0177 7692 BTHUSB - ok
14:33:13.0224 7692 BTWUSB (65e99d0e19bd3ac4d54c707c95ef0cc1) C:\WINDOWS\system32\Drivers\btwusb.sys
14:33:13.0255 7692 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
14:33:13.0255 7692 BTWUSB - detected UnsignedFile.Multi.Generic (1)
14:33:13.0302 7692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:33:13.0427 7692 cbidf2k - ok
14:33:13.0505 7692 ccEvtMgr (4ed0778cf4e1c2406db5fd456f2ed746) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
14:33:13.0552 7692 ccEvtMgr - ok
14:33:13.0630 7692 CcmExec (a454a9baa25b8c8e76735dd86bd4b017) C:\WINDOWS\system32\CCM\CcmExec.exe
14:33:13.0708 7692 CcmExec - ok
14:33:13.0708 7692 ccSetMgr (4ed0778cf4e1c2406db5fd456f2ed746) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
14:33:13.0740 7692 ccSetMgr - ok
14:33:13.0740 7692 cd20xrnt - ok
14:33:13.0771 7692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:33:13.0927 7692 Cdaudio - ok
14:33:13.0990 7692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:33:14.0099 7692 Cdfs - ok
14:33:14.0146 7692 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:33:14.0162 7692 Cdrom - ok
14:33:14.0177 7692 Changer - ok
14:33:14.0208 7692 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe
14:33:14.0349 7692 cisvc - ok
14:33:14.0365 7692 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:33:14.0505 7692 ClipSrv - ok
14:33:14.0615 7692 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:33:14.0740 7692 clr_optimization_v2.0.50727_32 - ok
14:33:14.0787 7692 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:33:14.0833 7692 clr_optimization_v4.0.30319_32 - ok
14:33:14.0865 7692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:33:15.0005 7692 CmBatt - ok
14:33:15.0005 7692 CmdIde - ok
14:33:15.0052 7692 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
14:33:15.0068 7692 COH_Mon - ok
14:33:15.0084 7692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:33:15.0209 7692 Compbatt - ok
14:33:15.0209 7692 COMSysApp - ok
14:33:15.0224 7692 Cpqarray - ok
14:33:15.0255 7692 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:33:15.0396 7692 CryptSvc - ok
14:33:15.0427 7692 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
14:33:15.0443 7692 ctxusbm - ok
14:33:15.0490 7692 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:33:15.0552 7692 CVirtA - ok
14:33:15.0646 7692 CVPND (98b1b70e250ebca7b7a0a56ad2a7e62f) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
14:33:15.0771 7692 CVPND - ok
14:33:15.0959 7692 CVPNDRVA (465ced77e7c4f9d71b81ba600edafac1) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
14:33:16.0005 7692 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
14:33:16.0005 7692 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
14:33:16.0005 7692 dac2w2k - ok
14:33:16.0021 7692 dac960nt - ok
14:33:16.0068 7692 dc3d (90f8539fa0de4aafe4fdbe7f95d6a512) C:\WINDOWS\system32\DRIVERS\dc3d.sys
14:33:16.0084 7692 dc3d - ok
14:33:16.0130 7692 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:33:16.0177 7692 DcomLaunch - ok
14:33:16.0209 7692 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:33:16.0334 7692 Dhcp - ok
14:33:16.0396 7692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:33:16.0521 7692 Disk - ok
14:33:16.0521 7692 dmadmin - ok
14:33:16.0599 7692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:33:16.0771 7692 dmboot - ok
14:33:16.0834 7692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:33:16.0974 7692 dmio - ok
14:33:17.0006 7692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:33:17.0131 7692 dmload - ok
14:33:17.0162 7692 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:33:17.0443 7692 dmserver - ok
14:33:17.0474 7692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:33:17.0615 7692 DMusic - ok
14:33:17.0740 7692 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\WINDOWS\system32\DRIVERS\dne2000.sys
14:33:17.0771 7692 DNE - ok
14:33:17.0818 7692 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:33:17.0912 7692 Dnscache - ok
14:33:17.0943 7692 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:33:18.0068 7692 Dot3svc - ok
14:33:18.0084 7692 dpti2o - ok
14:33:18.0099 7692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:33:18.0224 7692 drmkaud - ok
14:33:18.0271 7692 E1000 (8179a01475f75417011e27e322c7e0e3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
14:33:18.0334 7692 E1000 - ok
14:33:18.0349 7692 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:33:18.0459 7692 EapHost - ok
14:33:18.0553 7692 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:33:18.0646 7692 eeCtrl - ok
14:33:18.0678 7692 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:33:18.0724 7692 EraserUtilRebootDrv - ok
14:33:18.0756 7692 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:33:18.0881 7692 ERSvc - ok
14:33:18.0928 7692 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:33:18.0974 7692 Eventlog - ok
14:33:19.0006 7692 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
14:33:19.0068 7692 EventSystem - ok
14:33:19.0099 7692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:33:19.0381 7692 Fastfat - ok
14:33:19.0412 7692 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:33:19.0474 7692 FastUserSwitchingCompatibility - ok
14:33:19.0506 7692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:33:19.0646 7692 Fdc - ok
14:33:19.0646 7692 fgtjdpm - ok
14:33:19.0662 7692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:33:19.0803 7692 Fips - ok
14:33:19.0834 7692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:33:19.0959 7692 Flpydisk - ok
14:33:19.0990 7692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:33:20.0162 7692 FltMgr - ok
14:33:20.0256 7692 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:33:20.0287 7692 FontCache3.0.0.0 - ok
14:33:20.0318 7692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:33:20.0443 7692 Fs_Rec - ok
14:33:20.0490 7692 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\WINDOWS\system32\drivers\ftdibus.sys
14:33:20.0521 7692 FTDIBUS - ok
14:33:20.0568 7692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:33:20.0693 7692 Ftdisk - ok
14:33:20.0725 7692 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\WINDOWS\system32\drivers\ftser2k.sys
14:33:20.0756 7692 FTSER2K - ok
14:33:20.0803 7692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:33:20.0818 7692 GEARAspiWDM - ok
14:33:20.0834 7692 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
14:33:20.0881 7692 Gernuwa ( UnsignedFile.Multi.Generic ) - warning
14:33:20.0881 7692 Gernuwa - detected UnsignedFile.Multi.Generic (1)
14:33:20.0912 7692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:33:21.0037 7692 Gpc - ok
14:33:21.0084 7692 guardian2 (0e1fd1ea2837d6b7a1d7b6c928014d05) C:\WINDOWS\system32\Drivers\oz776.sys
14:33:21.0240 7692 guardian2 - ok
14:33:21.0334 7692 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:33:21.0506 7692 gupdate - ok
14:33:21.0506 7692 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:33:21.0537 7692 gupdatem - ok
14:33:21.0584 7692 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
14:33:21.0615 7692 gv3 ( UnsignedFile.Multi.Generic ) - warning
14:33:21.0615 7692 gv3 - detected UnsignedFile.Multi.Generic (1)
14:33:21.0647 7692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:33:21.0772 7692 HDAudBus - ok
14:33:21.0834 7692 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:33:21.0959 7692 helpsvc - ok
14:33:21.0990 7692 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:33:22.0100 7692 HidServ - ok
14:33:22.0131 7692 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:33:22.0256 7692 HidUsb - ok
14:33:22.0287 7692 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:33:22.0397 7692 hkmsvc - ok
14:33:22.0412 7692 hpn - ok
14:33:22.0412 7692 hpt3xx - ok
14:33:22.0459 7692 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:33:22.0584 7692 HPZid412 - ok
14:33:22.0631 7692 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:33:22.0678 7692 HPZipr12 - ok
14:33:22.0725 7692 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:33:22.0772 7692 HPZius12 - ok
14:33:22.0803 7692 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:33:22.0850 7692 HSFHWAZL - ok
14:33:22.0865 7692 HSFHWICH - ok
14:33:22.0943 7692 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:33:23.0022 7692 HSF_DPV - ok
14:33:23.0069 7692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:33:23.0131 7692 HTTP - ok
14:33:23.0162 7692 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:33:23.0303 7692 HTTPFilter - ok
14:33:23.0303 7692 i2omgmt - ok
14:33:23.0319 7692 i2omp - ok
14:33:23.0350 7692 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:33:23.0522 7692 i8042prt - ok
14:33:23.0740 7692 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:33:24.0115 7692 ialm - ok
14:33:24.0553 7692 iastor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\Drivers\iaStor.sys
14:33:24.0600 7692 iastor - ok
14:33:24.0741 7692 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:33:24.0959 7692 idsvc - ok
14:33:25.0022 7692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:33:25.0194 7692 Imapi - ok
14:33:25.0241 7692 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
14:33:25.0397 7692 ImapiService - ok
14:33:25.0412 7692 ini910u - ok
14:33:25.0444 7692 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:33:25.0569 7692 IntelIde - ok
14:33:25.0616 7692 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:33:25.0725 7692 intelppm - ok
14:33:25.0741 7692 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:33:25.0866 7692 ip6fw - ok
14:33:25.0897 7692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:33:26.0053 7692 IpFilterDriver - ok
14:33:26.0069 7692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:33:26.0194 7692 IpInIp - ok
14:33:26.0225 7692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:33:26.0413 7692 IpNat - ok
14:33:27.0100 7692 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
14:33:27.0147 7692 iPod Service - ok
14:33:27.0178 7692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:33:27.0428 7692 IPSec - ok
14:33:27.0475 7692 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
14:33:27.0616 7692 irda - ok
14:33:27.0647 7692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:33:27.0772 7692 IRENUM - ok
14:33:27.0819 7692 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
14:33:27.0913 7692 Irmon - ok
14:33:27.0975 7692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:33:28.0210 7692 isapnp - ok
14:33:28.0225 7692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:33:28.0350 7692 Kbdclass - ok
14:33:28.0397 7692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:33:28.0522 7692 kbdhid - ok
14:33:28.0585 7692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:33:28.0694 7692 kmixer - ok
14:33:28.0725 7692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:33:28.0803 7692 KSecDD - ok
14:33:28.0835 7692 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:33:28.0913 7692 lanmanserver - ok
14:33:28.0960 7692 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:33:28.0991 7692 lanmanworkstation - ok
14:33:28.0991 7692 lbrtfdc - ok
14:33:29.0241 7692 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
14:33:29.0538 7692 LiveUpdate - ok
14:33:29.0710 7692 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:33:29.0835 7692 LmHosts - ok
14:33:29.0866 7692 Lotus Notes Single Logon (a896dbd1408e82b43f252f4f325be700) C:\WINDOWS\system32\nslsvice.exe
14:33:29.0897 7692 Lotus Notes Single Logon ( UnsignedFile.Multi.Generic ) - warning
14:33:29.0897 7692 Lotus Notes Single Logon - detected UnsignedFile.Multi.Generic (1)
14:33:29.0944 7692 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
14:33:29.0975 7692 MBAMProtector - ok
14:33:30.0085 7692 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:33:30.0194 7692 MBAMService - ok
14:33:30.0288 7692 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
14:33:30.0319 7692 MDM - ok
14:33:30.0350 7692 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:33:30.0382 7692 mdmxsdk - ok
14:33:30.0428 7692 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:33:30.0538 7692 Messenger - ok
14:33:30.0585 7692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:33:30.0725 7692 mnmdd - ok
14:33:30.0772 7692 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
14:33:30.0897 7692 mnmsrvc - ok
14:33:30.0928 7692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:33:31.0163 7692 Modem - ok
14:33:31.0194 7692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:33:31.0304 7692 Mouclass - ok
14:33:31.0335 7692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:33:31.0475 7692 mouhid - ok
14:33:31.0491 7692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:33:31.0600 7692 MountMgr - ok
14:33:31.0616 7692 mraid35x - ok
14:33:31.0663 7692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:33:31.0804 7692 MRxDAV - ok
14:33:31.0850 7692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:33:31.0975 7692 MRxSmb - ok
14:33:32.0007 7692 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:33:32.0132 7692 MSDTC - ok
14:33:32.0163 7692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:33:32.0288 7692 Msfs - ok
14:33:32.0288 7692 MSIServer - ok
14:33:32.0335 7692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:33:32.0460 7692 MSKSSRV - ok
14:33:32.0491 7692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:33:32.0616 7692 MSPCLOCK - ok
14:33:32.0647 7692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:33:32.0772 7692 MSPQM - ok
14:33:32.0804 7692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:33:32.0913 7692 mssmbios - ok
14:33:32.0976 7692 MSSQLSERVER - ok
14:33:33.0022 7692 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:33:33.0069 7692 MSSQLServerADHelper - ok
14:33:33.0132 7692 Multi-user Cleanup Service (c0457e14fbc39686f085186a9381d0e2) C:\Notes\ntmulti.exe
14:33:33.0194 7692 Multi-user Cleanup Service ( UnsignedFile.Multi.Generic ) - warning
14:33:33.0194 7692 Multi-user Cleanup Service - detected UnsignedFile.Multi.Generic (1)
14:33:33.0226 7692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:33:33.0288 7692 Mup - ok
14:33:33.0304 7692 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:33:33.0444 7692 napagent - ok
14:33:33.0554 7692 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120717.018\NAVENG.SYS
14:33:33.0585 7692 NAVENG - ok
14:33:33.0694 7692 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120717.018\NAVEX15.SYS
14:33:33.0882 7692 NAVEX15 - ok
14:33:34.0069 7692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:33:34.0226 7692 NDIS - ok
14:33:34.0257 7692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:33:34.0319 7692 NdisTapi - ok
14:33:34.0335 7692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:33:34.0460 7692 Ndisuio - ok
14:33:34.0491 7692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:33:34.0632 7692 NdisWan - ok
14:33:34.0632 7692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:33:34.0710 7692 NDProxy - ok
14:33:34.0741 7692 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
14:33:34.0788 7692 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:33:34.0788 7692 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:33:34.0804 7692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:33:34.0929 7692 NetBIOS - ok
14:33:34.0944 7692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:33:35.0132 7692 NetBT - ok
14:33:35.0163 7692 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:33:35.0398 7692 NetDDE - ok
14:33:35.0398 7692 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:33:35.0523 7692 NetDDEdsdm - ok
14:33:35.0569 7692 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:33:35.0694 7692 Netlogon - ok
14:33:35.0726 7692 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:33:35.0851 7692 Netman - ok
14:33:35.0944 7692 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:33:36.0023 7692 NetTcpPortSharing - ok
14:33:36.0038 7692 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:33:36.0273 7692 NIC1394 - ok
14:33:36.0320 7692 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:33:36.0382 7692 Nla - ok
14:33:36.0429 7692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:33:36.0570 7692 Npfs - ok
14:33:36.0585 7692 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:33:36.0695 7692 NSCIRDA - ok
14:33:36.0757 7692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:33:36.0898 7692 Ntfs - ok
14:33:36.0898 7692 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:33:37.0023 7692 NtLmSsp - ok
14:33:37.0070 7692 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:33:37.0226 7692 NtmsSvc - ok
14:33:37.0257 7692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:33:37.0429 7692 Null - ok
14:33:37.0460 7692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:33:37.0601 7692 NwlnkFlt - ok
14:33:37.0616 7692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:33:37.0757 7692 NwlnkFwd - ok
14:33:37.0804 7692 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:33:37.0992 7692 ohci1394 - ok
14:33:38.0085 7692 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:33:38.0132 7692 ose - ok
14:33:38.0163 7692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:33:38.0320 7692 Parport - ok
14:33:38.0335 7692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:33:38.0460 7692 PartMgr - ok
14:33:38.0492 7692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:33:38.0648 7692 ParVdm - ok
14:33:38.0648 7692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:33:38.0788 7692 PCI - ok
14:33:38.0788 7692 PCIDump - ok
14:33:38.0820 7692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:33:38.0929 7692 PCIIde - ok
14:33:38.0929 7692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:33:39.0054 7692 Pcmcia - ok
14:33:39.0085 7692 PCX504 (8a89a9aa0a6b9c3b3ad6d98fe211b560) C:\WINDOWS\system32\DRIVERS\PCX504.sys
14:33:39.0132 7692 PCX504 ( UnsignedFile.Multi.Generic ) - warning
14:33:39.0132 7692 PCX504 - detected UnsignedFile.Multi.Generic (1)
14:33:39.0132 7692 PDCOMP - ok
14:33:39.0148 7692 PDFRAME - ok
14:33:39.0148 7692 PDRELI - ok
14:33:39.0148 7692 PDRFRAME - ok
14:33:39.0163 7692 perc2 - ok
14:33:39.0163 7692 perc2hib - ok
14:33:39.0210 7692 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:33:39.0226 7692 PlugPlay - ok
14:33:39.0273 7692 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
14:33:39.0304 7692 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:33:39.0304 7692 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:33:39.0335 7692 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\WINDOWS\system32\DRIVERS\point32.sys
14:33:39.0351 7692 Point32 - ok
14:33:39.0367 7692 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:33:39.0476 7692 PolicyAgent - ok
14:33:39.0507 7692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:33:39.0648 7692 PptpMiniport - ok
14:33:39.0726 7692 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\WINDOWS\system32\CCM\prepdrv.sys
14:33:39.0757 7692 prepdrvr - ok
14:33:39.0757 7692 probsvc - ok
14:33:39.0789 7692 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:33:39.0914 7692 Processor - ok
14:33:39.0929 7692 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:33:40.0039 7692 ProtectedStorage - ok
14:33:40.0054 7692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:33:40.0179 7692 PSched - ok
14:33:40.0210 7692 PTDCBus (445d21f11eb4f378b206ebca5f597ffa) C:\WINDOWS\system32\DRIVERS\PTDCBus.sys
14:33:40.0273 7692 PTDCBus - ok
14:33:40.0304 7692 PTDCMdm (fea4addf9e23b853e5cacc9f013bb986) C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys
14:33:40.0367 7692 PTDCMdm - ok
14:33:40.0382 7692 PTDCVsp (56e46ffef17844e626b441176be1aabf) C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys
14:33:40.0445 7692 PTDCVsp - ok
14:33:40.0460 7692 PTDCWWAN (a4bbb6c04d80ed32b8f3d3c10430a032) C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys
14:33:40.0539 7692 PTDCWWAN - ok
14:33:40.0554 7692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:33:40.0695 7692 Ptilink - ok
14:33:40.0726 7692 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:33:40.0773 7692 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:33:40.0773 7692 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:33:40.0789 7692 ql1080 - ok
14:33:40.0789 7692 Ql10wnt - ok
14:33:40.0789 7692 ql12160 - ok
14:33:40.0804 7692 ql1240 - ok
14:33:40.0804 7692 ql1280 - ok
14:33:40.0835 7692 RapFile (4a1dd4ccc5a08fee9b96e7b4f1368df6) C:\WINDOWS\System32\drivers\RapFile.sys
14:33:40.0867 7692 RapFile ( UnsignedFile.Multi.Generic ) - warning
14:33:40.0867 7692 RapFile - detected UnsignedFile.Multi.Generic (1)
14:33:40.0882 7692 RapNet (dbbd61e13e5a7c5e9c2ccaf3c3a4e06d) C:\WINDOWS\System32\drivers\RapNet.sys
14:33:40.0945 7692 RapNet ( UnsignedFile.Multi.Generic ) - warning
14:33:40.0945 7692 RapNet - detected UnsignedFile.Multi.Generic (1)
14:33:40.0961 7692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:33:41.0086 7692 RasAcd - ok
14:33:41.0117 7692 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:33:41.0257 7692 RasAuto - ok
14:33:41.0289 7692 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:33:41.0367 7692 Rasirda - ok
14:33:41.0382 7692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:33:41.0492 7692 Rasl2tp - ok
14:33:41.0539 7692 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:33:41.0648 7692 RasMan - ok
14:33:41.0648 7692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:33:41.0820 7692 RasPppoe - ok
14:33:41.0836 7692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:33:41.0961 7692 Raspti - ok
14:33:42.0007 7692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:33:42.0132 7692 Rdbss - ok
14:33:42.0148 7692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:33:42.0304 7692 RDPCDD - ok
14:33:42.0336 7692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:33:42.0461 7692 rdpdr - ok
14:33:42.0492 7692 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:33:42.0664 7692 RDPWD - ok
14:33:42.0695 7692 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:33:42.0898 7692 RDSessMgr - ok
14:33:42.0929 7692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:33:43.0054 7692 redbook - ok
14:33:43.0086 7692 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:33:43.0211 7692 RemoteAccess - ok
14:33:43.0242 7692 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:33:43.0383 7692 RemoteRegistry - ok
14:33:43.0414 7692 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:33:43.0554 7692 RFCOMM - ok
14:33:43.0586 7692 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
14:33:43.0804 7692 RimUsb - ok
14:33:43.0820 7692 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
14:33:43.0883 7692 RimVSerPort - ok
14:33:43.0914 7692 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
14:33:44.0054 7692 ROOTMODEM - ok
14:33:44.0070 7692 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
14:33:44.0195 7692 RpcLocator - ok
14:33:44.0226 7692 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:33:44.0258 7692 RpcSs - ok
14:33:44.0289 7692 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
14:33:44.0492 7692 RSVP - ok
14:33:44.0539 7692 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:33:44.0648 7692 SamSs - ok
14:33:44.0695 7692 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:33:44.0883 7692 SCardSvr - ok
14:33:44.0945 7692 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:33:45.0086 7692 Schedule - ok
14:33:45.0101 7692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:33:45.0226 7692 Secdrv - ok
14:33:45.0273 7692 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:33:45.0398 7692 seclogon - ok
14:33:45.0414 7692 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:33:45.0648 7692 SENS - ok
14:33:45.0680 7692 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:33:45.0789 7692 serenum - ok
14:33:45.0820 7692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:33:45.0945 7692 Serial - ok
14:33:45.0977 7692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:33:46.0117 7692 Sfloppy - ok
14:33:46.0148 7692 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:33:46.0164 7692 ShellHWDetection - ok
14:33:46.0164 7692 Simbad - ok
14:33:46.0352 7692 SmcService (e9859a09625b68225f9bf35838d4cfd5) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
14:33:46.0461 7692 SmcService - ok
14:33:46.0461 7692 SMNDIS5 - ok
14:33:46.0680 7692 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
14:33:46.0695 7692 smsmdd - ok
14:33:46.0742 7692 smstsmgr - ok
14:33:46.0789 7692 smwdm (66aaa895b7f2337b5c52611241455614) C:\WINDOWS\system32\drivers\smwdm.sys
14:33:46.0852 7692 smwdm ( UnsignedFile.Multi.Generic ) - warning
14:33:46.0852 7692 smwdm - detected UnsignedFile.Multi.Generic (1)
14:33:46.0992 7692 SNAC (d3b6133b0bf6620643e5f36de1f54ab6) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
14:33:47.0070 7692 SNAC - ok
14:33:47.0180 7692 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
14:33:47.0211 7692 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:33:47.0211 7692 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:33:47.0211 7692 Sparrow - ok
14:33:47.0305 7692 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:33:47.0352 7692 SPBBCDrv - ok
14:33:47.0383 7692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:33:47.0524 7692 splitter - ok
14:33:47.0555 7692 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:33:47.0570 7692 Spooler - ok
14:33:47.0695 7692 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:33:47.0742 7692 SQLBrowser - ok
14:33:47.0789 7692 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:33:47.0820 7692 SQLWriter - ok
14:33:47.0836 7692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:33:47.0945 7692 sr - ok
14:33:48.0008 7692 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
14:33:48.0149 7692 srservice - ok
14:33:48.0195 7692 SRTSP (72aabf0903d64708c36441f60a0d3cb0) C:\WINDOWS\system32\Drivers\SRTSP.SYS
14:33:48.0227 7692 Suspicious file (Forged): C:\WINDOWS\system32\Drivers\SRTSP.SYS. Real md5: 72aabf0903d64708c36441f60a0d3cb0, Fake md5: 3cb2f35789632f0bae8a1b9edb08e965
14:33:48.0242 7692 SRTSP ( Virus.Win32.ZAccess.k ) - infected
14:33:48.0242 7692 SRTSP - detected Virus.Win32.ZAccess.k (0)
14:33:48.0258 7692 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
14:33:48.0305 7692 SRTSPL - ok
14:33:48.0367 7692 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
14:33:48.0383 7692 SRTSPX - ok
14:33:48.0430 7692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:33:48.0508 7692 Srv - ok
14:33:48.0539 7692 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:33:48.0664 7692 SSDPSRV - ok
14:33:48.0727 7692 STacSV (686fa4acfdcb4e16b7f0230b88f6d17e) C:\WINDOWS\system32\StacSV.exe
14:33:48.0774 7692 STacSV ( UnsignedFile.Multi.Generic ) - warning
14:33:48.0774 7692 STacSV - detected UnsignedFile.Multi.Generic (1)
14:33:48.0836 7692 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
14:33:49.0008 7692 STHDA - ok
14:33:49.0039 7692 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:33:49.0180 7692 StillCam - ok
14:33:49.0227 7692 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:33:49.0367 7692 stisvc - ok
14:33:49.0383 7692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:33:49.0508 7692 swenum - ok
14:33:49.0524 7692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:33:49.0649 7692 swmidi - ok
14:33:49.0664 7692 SwPrv - ok
14:33:49.0883 7692 Symantec AntiVirus (da035c6cd2684e3160b9d0a66176814c) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
14:33:50.0008 7692 Symantec AntiVirus - ok
14:33:50.0196 7692 symc810 - ok
14:33:50.0196 7692 symc8xx - ok
14:33:50.0242 7692 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:33:50.0258 7692 SymEvent - ok
14:33:50.0289 7692 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
14:33:50.0352 7692 SYMREDRV - ok
14:33:50.0367 7692 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
14:33:50.0399 7692 SYMTDI - ok
14:33:50.0399 7692 sym_hi - ok
14:33:50.0399 7692 sym_u3 - ok
14:33:50.0477 7692 SynTP (1cde0a5c0416187b9b89e03980c6e8de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:33:50.0571 7692 SynTP ( UnsignedFile.Multi.Generic ) - warning
14:33:50.0571 7692 SynTP - detected UnsignedFile.Multi.Generic (1)
14:33:50.0602 7692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:33:50.0711 7692 sysaudio - ok
14:33:50.0758 7692 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:33:50.0868 7692 SysmonLog - ok
14:33:50.0914 7692 SysPlant (6ccbb4b7e72c8ee59e0b649b4feec3d1) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
14:33:50.0930 7692 SysPlant - ok
14:33:50.0961 7692 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:33:51.0102 7692 TapiSrv - ok
14:33:51.0149 7692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:33:51.0196 7692 Tcpip - ok
14:33:51.0243 7692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:33:51.0383 7692 TDPIPE - ok
14:33:51.0383 7692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:33:51.0539 7692 TDTCP - ok
14:33:51.0586 7692 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
14:33:51.0618 7692 Teefer2 - ok
14:33:51.0618 7692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:33:51.0727 7692 TermDD - ok
14:33:51.0774 7692 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:33:52.0039 7692 TermService - ok
14:33:52.0071 7692 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:33:52.0102 7692 Themes - ok
14:33:52.0133 7692 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
14:33:52.0399 7692 TlntSvr - ok
14:33:52.0415 7692 TosIde - ok
14:33:52.0446 7692 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
14:33:52.0508 7692 tosrfbd - ok
14:33:52.0524 7692 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
14:33:52.0555 7692 Tosrfhid - ok
14:33:52.0602 7692 tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
14:33:52.0649 7692 tosrfusb - ok
14:33:52.0680 7692 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:33:52.0805 7692 TrkWks - ok
14:33:52.0836 7692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:33:52.0946 7692 Udfs - ok
14:33:52.0946 7692 ultra - ok
14:33:52.0993 7692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:33:53.0149 7692 Update - ok
14:33:53.0165 7692 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:33:53.0321 7692 upnphost - ok
14:33:53.0352 7692 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:33:53.0493 7692 UPS - ok
14:33:53.0540 7692 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:33:53.0586 7692 USBAAPL - ok
14:33:53.0618 7692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:33:53.0774 7692 usbccgp - ok
14:33:53.0805 7692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:33:53.0930 7692 usbehci - ok
14:33:53.0977 7692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:33:54.0305 7692 usbhub - ok
14:33:54.0399 7692 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:33:54.0555 7692 usbohci - ok
14:33:54.0602 7692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:33:54.0727 7692 usbprint - ok
14:33:54.0758 7692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:33:54.0899 7692 usbscan - ok
14:33:54.0946 7692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:33:55.0055 7692 USBSTOR - ok
14:33:55.0071 7692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:33:55.0196 7692 usbuhci - ok
14:33:55.0227 7692 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
14:33:55.0337 7692 USB_RNDIS - ok
14:33:55.0368 7692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:33:55.0493 7692 VgaSave - ok
14:33:55.0493 7692 ViaIde - ok
14:33:55.0540 7692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:33:55.0665 7692 VolSnap - ok
14:33:55.0712 7692 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
14:33:55.0759 7692 vsdatant - ok
14:33:55.0805 7692 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:33:55.0930 7692 VSS - ok
14:33:55.0962 7692 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
14:33:56.0071 7692 W32Time - ok
14:33:56.0118 7692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:33:56.0259 7692 Wanarp - ok
14:33:56.0305 7692 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:33:56.0337 7692 Wdf01000 - ok
14:33:56.0352 7692 WDICA - ok
14:33:56.0384 7692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:33:56.0509 7692 wdmaud - ok
14:33:56.0540 7692 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:33:56.0665 7692 WebClient - ok
14:33:56.0727 7692 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:33:56.0805 7692 winachsf - ok
14:33:56.0899 7692 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:33:57.0118 7692 winmgmt - ok
14:33:57.0149 7692 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
14:33:57.0180 7692 WinUSB - ok
14:33:57.0212 7692 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:33:57.0274 7692 WmdmPmSN - ok
14:33:57.0337 7692 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:33:57.0415 7692 Wmi - ok
14:33:57.0493 7692 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:33:57.0634 7692 WmiAcpi - ok
14:33:57.0681 7692 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:33:57.0821 7692 WmiApSrv - ok
14:33:57.0962 7692 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:33:58.0134 7692 WMPNetworkSvc - ok
14:33:58.0227 7692 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) C:\Program Files\Zune\WMZuneComm.exe
14:33:58.0321 7692 WMZuneComm - ok
14:33:58.0493 7692 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:33:58.0634 7692 WPFFontCache_v0400 - ok
14:33:58.0743 7692 WPS (0cdbea86a391f11918af8576c7844a3f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
14:33:58.0759 7692 WPS - ok
14:33:58.0790 7692 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
14:33:58.0806 7692 WpsHelper - ok
14:33:58.0821 7692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:33:58.0978 7692 WS2IFSL - ok
14:33:59.0009 7692 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:33:59.0134 7692 wuauserv - ok
14:33:59.0165 7692 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:33:59.0228 7692 WudfPf - ok
14:33:59.0274 7692 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:33:59.0337 7692 WudfRd - ok
14:33:59.0368 7692 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
14:33:59.0431 7692 WudfSvc - ok
14:33:59.0493 7692 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:33:59.0618 7692 WZCSVC - ok
14:33:59.0665 7692 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:33:59.0806 7692 xmlprov - ok
14:33:59.0853 7692 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
14:33:59.0884 7692 zumbus - ok
14:34:00.0149 7692 ZuneBusEnum (dee869820c3483ec7b92a9fd9ba332a7) C:\Program Files\Zune\ZuneBusEnum.exe
14:34:00.0368 7692 ZuneBusEnum - ok
14:34:00.0618 7692 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) C:\Program Files\Zune\ZuneNss.exe
14:34:01.0212 7692 ZuneNetworkSvc - ok
14:34:01.0337 7692 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
14:34:01.0400 7692 ZuneWlanCfgSvc - ok
14:34:01.0462 7692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:34:01.0946 7692 \Device\Harddisk0\DR0 - ok
14:34:01.0962 7692 Boot (0x1200) (ad7e5adf562f621dd68741a33fbed3f7) \Device\Harddisk0\DR0\Partition0
14:34:01.0962 7692 \Device\Harddisk0\DR0\Partition0 - ok
14:34:01.0978 7692 Boot (0x1200) (c8cf993be54c3068a4d71d0b7e7dbe66) \Device\Harddisk0\DR0\Partition1
14:34:01.0978 7692 \Device\Harddisk0\DR0\Partition1 - ok
14:34:01.0978 7692 ============================================================
14:34:01.0978 7692 Scan finished
14:34:01.0978 7692 ============================================================
14:34:02.0118 2180 Detected object count: 25
14:34:02.0118 2180 Actual detected object count: 25
14:34:42.0825 2180 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0825 2180 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0825 2180 AgereSoftModem ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0825 2180 AgereSoftModem ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0825 2180 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0825 2180 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0825 2180 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0825 2180 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0825 2180 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0825 2180 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0825 2180 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0825 2180 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0825 2180 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0825 2180 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0825 2180 AW_HOST ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0825 2180 AW_HOST ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0840 2180 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0840 2180 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0840 2180 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0840 2180 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0840 2180 Gernuwa ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0840 2180 Gernuwa ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0840 2180 gv3 ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0840 2180 gv3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0840 2180 Lotus Notes Single Logon ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0840 2180 Lotus Notes Single Logon ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0840 2180 Multi-user Cleanup Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0840 2180 Multi-user Cleanup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0840 2180 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0840 2180 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0840 2180 PCX504 ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0840 2180 PCX504 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0840 2180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0840 2180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0856 2180 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0856 2180 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0856 2180 RapFile ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0856 2180 RapFile ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0856 2180 RapNet ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0856 2180 RapNet ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0856 2180 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0856 2180 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:42.0856 2180 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:42.0856 2180 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:43.0059 2180 C:\WINDOWS\system32\Drivers\SRTSP.SYS - copied to quarantine
14:34:43.0715 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\@ - copied to quarantine
14:34:43.0778 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\Desktop.ini - copied to quarantine
14:34:43.0809 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\L\00000004.@ - copied to quarantine
14:34:43.0825 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\L\1afb2d56 - copied to quarantine
14:34:43.0825 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\L\201d3dde - copied to quarantine
14:34:43.0856 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\L\akygdmgo - copied to quarantine
14:34:43.0887 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\00000004.@ - copied to quarantine
14:34:44.0794 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\00000008.@ - copied to quarantine
14:34:45.0028 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\000000cb.@ - copied to quarantine
14:34:45.0184 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\80000000.@ - copied to quarantine
14:34:45.0356 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\80000032.@ - copied to quarantine
14:34:45.0762 2180 Backup copy found, using it..
14:34:45.0856 2180 C:\WINDOWS\system32\Drivers\SRTSP.SYS - will be cured on reboot
14:34:55.0326 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\@ - will be deleted on reboot
14:34:55.0326 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\Desktop.ini - will be deleted on reboot
14:34:55.0388 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\00000004.@ - will be deleted on reboot
14:34:55.0388 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\00000008.@ - will be deleted on reboot
14:34:55.0388 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\000000cb.@ - will be deleted on reboot
14:34:55.0388 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\80000000.@ - will be deleted on reboot
14:34:55.0388 2180 C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\80000032.@ - will be deleted on reboot
14:34:55.0388 2180 C:\WINDOWS\$NtUninstallKB48828$\444889134 - will be deleted on reboot
14:34:55.0388 2180 SRTSP ( Virus.Win32.ZAccess.k ) - User select action: Cure
14:34:55.0388 2180 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:55.0388 2180 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:34:55.0388 2180 SynTP ( UnsignedFile.Multi.Generic ) - skipped by user
14:34:55.0388 2180 SynTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:36:05.0453 8856 Deinitialize success

3)Farbar Service Scanner log.
Farbar Service Scanner Version: 08-07-2012
Ran by brjohnso (administrator) on 18-07-2012 at 14:40:31
Running from "C:\Documents and Settings\brjohnso.NAM\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(10) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) RFCOMM(9) SYMTDI(11) Tcpip(5) WPS(12)
0x0C0000000600000001000000020000000300000004000000050000000C0000000B0000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

#4 Buckeye77

Buckeye77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 18 July 2012 - 04:47 PM

Part 2 of 2

4)OTL.txt & Extras.txt logs
OTL logfile created on: 7/18/2012 2:45:23 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\brjohnso.NAM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.25% Memory free
3.84 Gb Paging File | 2.74 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.03 Gb Total Space | 6.94 Gb Free Space | 17.33% Space Free | Partition Type: NTFS
Drive D: | 34.50 Gb Total Space | 8.13 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Drive G: | 11.59 Gb Total Space | 8.01 Gb Free Space | 69.17% Space Free | Partition Type: NTFS
Drive I: | 5810.62 Gb Total Space | 184.51 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
Drive J: | 1008.36 Mb Total Space | 189.92 Mb Free Space | 18.83% Space Free | Partition Type: NTFS
Drive W: | 11.99 Gb Total Space | 2.02 Gb Free Space | 16.84% Space Free | Partition Type: NTFS

Computer Name: USWKG3Y0K5F1 | User Name: brjohnso | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/18 14:41:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brjohnso.NAM\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/09/09 16:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2011/09/09 15:49:30 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/29 15:30:06 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/11/29 15:30:02 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/11/29 15:29:54 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/11/29 15:29:54 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/11/29 15:29:46 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/03/29 17:47:08 | 000,278,528 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/29 17:47:08 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/03/29 17:47:08 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008/06/19 18:08:48 | 000,172,840 | ---- | M] () -- C:\Program Files\Cisco Systems\VPN Client\IPSecLog.exe
PRC - [2008/06/19 18:08:46 | 001,544,984 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
PRC - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 08:38:58 | 000,057,393 | ---- | M] (IBM Corp) -- C:\Notes\ntmulti.exe
PRC - [2007/03/07 08:38:36 | 000,028,717 | ---- | M] (IBM Corp) -- C:\WINDOWS\system32\nsl.exe
PRC - [2007/03/07 08:38:34 | 000,020,530 | ---- | M] (IBM Corp) -- C:\WINDOWS\system32\nslsvice.exe
PRC - [2007/03/07 08:28:20 | 001,044,529 | ---- | M] (IBM Corp) -- C:\Notes\nlnotes.exe
PRC - [2007/03/07 08:11:50 | 000,020,530 | ---- | M] (IBM Corp) -- C:\Notes\ntaskldr.exe
PRC - [2007/02/20 12:29:08 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/02/19 14:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/02/19 14:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/19 18:08:52 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008/06/19 18:08:48 | 000,172,840 | ---- | M] () -- C:\Program Files\Cisco Systems\VPN Client\IPSecLog.exe
MOD - [2007/03/07 04:45:42 | 000,110,642 | ---- | M] () -- C:\Notes\nimuires.dll
MOD - [2007/02/20 12:29:46 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/05/14 10:23:42 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2005/10/24 11:59:58 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2005/10/13 12:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2005/09/21 05:57:56 | 004,325,376 | ---- | M] () -- C:\Program Files\Cisco Systems\VPN Client\qt-mt335.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/12 12:00:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/29 15:30:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (EraserSvc11210)
SRV - [2010/11/29 15:30:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/11/29 15:30:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/11/29 15:29:54 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/11/29 15:29:54 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/11/29 15:29:46 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/03/19 13:36:47 | 000,066,048 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\probsvc.exe -- (probsvc)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/11/04 12:30:24 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/07 08:38:58 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2007/03/07 08:38:34 | 000,020,530 | ---- | M] (IBM Corp) [Auto | Running] -- C:\WINDOWS\system32\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2007/02/19 14:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2003/10/31 12:01:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\VERIZON\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- D:\TEMP\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - File not found [Kernel | On_Demand | Unknown] -- D:\TEMP\fwlyrfod.sys -- (fwlyrfod)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\qphquxu.sys -- (fgtjdpm)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/18 14:34:55 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) [File_System | Boot | Unknown] -- C:\WINDOWS\system32\drivers\48927818.sys -- (94532833)
DRV - [2012/07/18 14:34:45 | 000,280,112 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\tsk306D.tmp -- (SRTSP)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/31 08:19:04 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/31 08:19:03 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/16 04:11:02 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120717.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 04:11:02 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120717.018\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/15 00:11:19 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2011/03/18 14:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/11/29 15:30:20 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/11/29 15:30:08 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/11/29 15:30:08 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/11/29 15:29:58 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/11/29 15:29:58 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/11/29 15:28:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2010/11/29 15:28:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2010/11/29 15:28:50 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/11/29 15:28:36 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/03/29 17:47:08 | 000,239,664 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/02/03 03:47:36 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008/10/20 20:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/06/19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/14 01:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/30 20:30:14 | 000,058,240 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCWWAN.sys -- (PTDCWWAN)
DRV - [2007/04/23 16:39:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/10 20:29:42 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/04/01 06:45:30 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCVsp.sys -- (PTDCVsp) PANTECH PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/01 06:45:26 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCMdm.sys -- (PTDCMdm) PANTECH PC Card Drivers (UDP)
DRV - [2007/04/01 06:45:22 | 000,027,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCBus.sys -- (PTDCBus) PANTECH PC Card Composite Device Driver (UDP)
DRV - [2007/03/13 14:26:06 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/23 15:47:34 | 000,056,576 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/02/19 14:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 18:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 18:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/05 16:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/25 22:59:12 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/10/24 10:53:08 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/09/12 22:55:56 | 000,325,312 | ---- | M] (Philips Electronics North America, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2003/08/20 18:28:44 | 000,051,848 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2003/06/27 08:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/06/19 19:40:54 | 000,024,344 | R--- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapNet.sys -- (RapNet)
DRV - [2003/06/19 19:40:42 | 000,036,676 | R--- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RapFile.sys -- (RapFile)
DRV - [2003/04/21 14:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2003/02/14 16:16:32 | 000,096,256 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504)
DRV - [2002/11/18 17:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.apc.com
IE - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://swebi.schneider-electric.com/
IE - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.apc.com/
IE - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 21:53:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 02:27:40 | 000,000,000 | ---D | M]

[2008/01/28 15:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brjohnso.NAM\Application Data\Mozilla\eclipse\extensions
[2008/01/15 10:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\brjohnso.NAM\Application Data\Mozilla\Firefox\Profiles\mttgzb4z.default\extensions
[2012/07/17 03:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/12 18:21:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2012/03/04 22:17:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/09/05 20:58:42 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = badblue.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = BearShare.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = BitTorrent-3.4.2.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = blubster.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = BonziBDY.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = Direct Connect.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = DirectConnect.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = djnap.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = filetopia.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = furhter.bat
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = hpSplooge.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = IE7-WindowsXP-x86-enu.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = iMeshClient.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = inoize.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = kast.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 16 = kazaa.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 17 = LimeWire.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 18 = mirc.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 19 = morpheus.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 20 = overnet.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 21 = PinPost.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 22 = piolet.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 23 = runGrokster.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 24 = Shareaza.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 25 = slsk.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 26 = winmx.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 27 = wippit.exe
O7 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 28 = xolox.exe
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: ads ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: americashome ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([ads] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([ccentral] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([cfapp] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([ciobulletinboard] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([citrix] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([citrix] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([cst] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([emea2] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-cs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-cs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-de] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-de] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-en] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-es] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-es] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-fr] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-fr] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-it] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-it] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-pl] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emea-pl] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([emeasametime.emea] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([empire] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([financeportal] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([findpart] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([findsku] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([ibat] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([insight] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([intouch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([intraapp] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([intraapp] https in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([intra-app] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([intranet] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([intra-stage-wkg] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([isxinternal] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([itops] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([jpaa] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([jpaa-en] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([jupiter] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([jupiter1] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([jupiter1] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([jupiter2] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([jupiter2] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([jupiter4] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([jupiter4] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([lam-en] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([lam-es] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([marcom] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([nam-en] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([namsametime.ams] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([netapp] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([order1] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([order1] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([pricing] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([responsemgt] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([responsemgtdev] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([responsemgtinter] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([responsemgtstage] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([rightasset] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([saleshome] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([salestools] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([secempire] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([siebel78.ams] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([smp] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([spdtraining] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([steponelogin] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([training] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([trojan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([trojan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([trojan3] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([trojan3] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apc.com ([upiguarani] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([videonam] http in Local intranet)
O15 - HKLM\..Trusted Domains: apc.com ([watt] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([ads] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([ccentral] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([cfapp] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([cfapp] https in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([ciobulletinboard] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([cst] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([emea2] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([empire] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([financeportal] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([findpart] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([findsku] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([ibat] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([insight] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([intouch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([intraapp] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([intraapp] https in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([intra-app] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([intranet] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([intra-stage-wkg] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([isxinternal] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([itops] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([jpaa] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([jupiter] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([jupiter1] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([jupiter1] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([jupiter2] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([jupiter2] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([jupiter4] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([jupiter4] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([marcom] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([netapp] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([order1] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([order1] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([pricing] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([responsemgt] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([responsemgtdev] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([responsemgtinter] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([responsemgtstage] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([rightasset] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([saleshome] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([salestools] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([secempire] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([smp] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([spdtraining] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([steponelogin] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([training] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([trojan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([trojan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([trojan3] http in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([trojan3] https in Trusted sites)
O15 - HKLM\..Trusted Domains: apcc.com ([upiguarani] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([videonam] http in Local intranet)
O15 - HKLM\..Trusted Domains: apcc.com ([watt] http in Local intranet)
O15 - HKLM\..Trusted Domains: ccentral ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: cfapp ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: cfapp ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: ciobulletinboard ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: cst ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: custhelp.com ([conextproducts] http in Trusted sites)
O15 - HKLM\..Trusted Domains: emeasametime ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: empire ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: financeportal ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: findpart ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: findsku ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: ibat ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: insight ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: intraapp ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: intraapp ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: intra-app ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: intranet ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: intra-stage-wkg ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: isxinternal ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: itops ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: jpaa ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: marcom ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: namsametime ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: netapp ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: pricing ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: responsemgt ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: responsemgtdev ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: responsemgtinter ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: responsemgtstage ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: rightasset ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: saleshome ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: saleshome.schneider-electric.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: salestools ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: schneider-electric.com ([americashome] http in Local intranet)
O15 - HKLM\..Trusted Domains: schneider-electric.com ([saleshome] http in Local intranet)
O15 - HKLM\..Trusted Domains: schneider-electric.com ([teamwork] http in Local intranet)
O15 - HKLM\..Trusted Domains: secempire ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: smp ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: spdtraining ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: steponelogin ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: teamwork ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: training ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: upiguarani ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: watt ([]http in Local intranet)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apc.com ([emeasblprdwet.emea] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apc.com ([jupiter] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apc.com ([jupiter] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apc.com ([order1] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apc.com ([order1] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apc.com ([trojan] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apc.com ([trojan] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apcc.com ([jupiter] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apcc.com ([jupiter] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apcc.com ([order1] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apcc.com ([order1] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apcc.com ([trojan] http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: apcc.com ([trojan] https in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: citrix ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813\..Trusted Domains: citrix ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([blaze] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([citrix] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([citrix] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([configurator] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([emea2] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([emeasametime] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([emeasametime.emea] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([emeasblprdwet.emea] http in Local intranet)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([emeasblprdwet.emea] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([intouch] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([jpaa-en] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([jupiter] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([jupiter] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([jupiter1] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([jupiter1] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([jupiter2] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([jupiter2] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([jupiter4] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([jupiter4] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([lam-en] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([lam-es] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([namsametime] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([namsametime.ams] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([order1] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([order1] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([trojan] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([trojan] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([trojan3] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apc.com ([trojan3] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([configurator] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([emea2] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([emeasametime] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([intouch] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([jupiter] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([jupiter] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([jupiter1] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([jupiter1] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([jupiter2] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([jupiter2] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([jupiter4] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([jupiter4] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([namsametime] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([order1] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([order1] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([trojan] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([trojan] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([trojan3] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: apcc.com ([trojan3] https in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: custhelp.com ([conextproducts] http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: emeasametime ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2723623973-1505943458-2159161028-72410\..Trusted Domains: namsametime ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([blaze] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([citrix] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([citrix] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([configurator] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([emea2] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([emeasametime] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([emeasametime.emea] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([intouch] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([jpaa-en] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([jupiter] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([jupiter] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([jupiter1] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([jupiter1] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([jupiter2] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([jupiter2] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([jupiter4] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([jupiter4] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([lam-en] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([lam-es] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([namsametime] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([namsametime.ams] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([order1] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([order1] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([trojan] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([trojan] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([trojan3] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apc.com ([trojan3] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([configurator] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([emea2] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([emeasametime] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([intouch] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([jupiter] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([jupiter] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([jupiter1] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([jupiter1] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([jupiter2] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([jupiter2] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([jupiter4] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([jupiter4] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([namsametime] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([order1] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([order1] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([trojan] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([trojan] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([trojan3] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: apcc.com ([trojan3] https in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: custhelp.com ([conextproducts] http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: emeasametime ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3940012701-813931548-1633180954-1021\..Trusted Domains: namsametime ([]http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {398ABDF3-6489-4E39-940C-FCC112ADFD55} http://emeasblprdwet.emea.apc.com/sales_ams_enu/20436/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {4571C6A3-CB9E-11D0-BDE2-0000F4B02CED} http://configurator.apc.com/products/powerstruxure/configurator/shared/cabs/attarxinf.cab (Cincom Rich Client)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342552207734 (WUWebControl Class)
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} http://emeasblprdwet.emea.apc.com/sales_ams_enu/20436/applets/SiebelAx_Desktop_Integration.cab (Siebel Desktop Integration)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Oracle JInitiator 1.1.8.16)
O16 - DPF: {B5BD336F-FA62-4B8B-B221-7088B6E53EE1} http://emeasblprdwet.emea.apc.com/sales_ams_enu/20436/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nam.gad.schneider-electric.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9131411C-4094-424A-89F9-633DCFDF639C}: Domain = apc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9131411C-4094-424A-89F9-633DCFDF639C}: NameServer = 10.218.104.240,10.218.105.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E35EE16E-3703-4F13-A8DC-A84E9A4A72FA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1757981266-113007714-1801674531-242813 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/10 12:56:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk I:\
O32 - AutoRun File - [2012/04/17 16:24:53 | 000,000,332 | RHS- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\##10.170.171.84#NAM\Shell - "" = AutoRun
O33 - MountPoints2\##10.170.171.84#NAM\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##10.170.171.84#NAM\Shell\AutoRun\command - "" = ~TempCfg\cf-p860165.exe
O33 - MountPoints2\##10.170.171.84#NAM\Shell\explore\command - "" = ~TempCfg\cf-p860165.exe
O33 - MountPoints2\##10.170.171.84#NAM\Shell\open\command - "" = ~TempCfg\cf-p860165.exe
O33 - MountPoints2\##10.170.171.84#NAM\Shell\search\command - "" = ~TempCfg\cf-p860165.exe
O33 - MountPoints2\##NTS-APPS-WKG.apc.com#APPS\Shell - "" = AutoRun
O33 - MountPoints2\##NTS-APPS-WKG.apc.com#APPS\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##NTS-APPS-WKG.apc.com#APPS\Shell\AutoRun\command - "" = bar/bar32.exe
O33 - MountPoints2\##NTS-APPS-WKG.apc.com#APPS\Shell\exPLore\comMand - "" = bar/////////bar32.exe
O33 - MountPoints2\##NTS-APPS-WKG.apc.com#APPS\Shell\oPEn\commaNd - "" = bar\\\\\\\\\\\bar32.exe
O33 - MountPoints2\{c51d30fd-c20f-11e0-a216-00059a3c7800}\Shell\AutoRun\command - "" = H:\urDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


SafeBootMin: 94532833.sys - C:\WINDOWS\system32\drivers\48927818.sys (Kaspersky Lab, GERT)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688
ActiveX: {6b0d63a7-bf2d-45df-877b-b22d4c0eddbd} - KB887797
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{8BAF2BB0-95E3-4148-BD31-450D8764E0AC} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
ActiveX: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 14:41:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\brjohnso.NAM\Desktop\OTL.exe
[2012/07/18 14:39:38 | 000,688,663 | ---- | C] (Farbar) -- C:\Documents and Settings\brjohnso.NAM\Desktop\FSS.exe
[2012/07/18 14:34:55 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\48927818.sys
[2012/07/18 14:34:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/18 14:30:21 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\brjohnso.NAM\Desktop\tdsskiller.exe
[2012/07/17 23:18:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\brjohnso.NAM\Desktop\dds.scr
[2012/07/17 22:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/07/17 19:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/17 19:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/17 15:32:23 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/07/17 15:32:23 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/07/17 15:27:58 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/07/17 15:27:20 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/07/17 15:12:50 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/07/17 15:12:50 | 000,017,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/07/17 15:10:55 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/07/16 15:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2012/07/16 14:46:00 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/07/16 13:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brjohnso.NAM\Local Settings\Application Data\PCHealth
[2012/07/16 13:42:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/07/12 01:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/12 01:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/01 15:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brjohnso.NAM\Desktop\Global Thermoelectric
[2012/06/20 18:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brjohnso.NAM\Application Data\TeamViewer
[2012/06/19 11:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\brjohnso.NAM\Desktop\1100190
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 14:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/18 14:51:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/18 14:41:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\brjohnso.NAM\Desktop\OTL.exe
[2012/07/18 14:39:39 | 000,688,663 | ---- | M] (Farbar) -- C:\Documents and Settings\brjohnso.NAM\Desktop\FSS.exe
[2012/07/18 14:34:55 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\48927818.sys
[2012/07/18 14:30:35 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\brjohnso.NAM\Desktop\tdsskiller.exe
[2012/07/18 14:15:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/18 14:09:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cd63212fa1bf94.job
[2012/07/18 14:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/07/18 10:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/07/18 03:09:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd63212f177730.job
[2012/07/17 23:40:53 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\qfb370mf.exe
[2012/07/17 23:18:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\brjohnso.NAM\Desktop\dds.scr
[2012/07/17 21:13:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/17 20:40:02 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/07/17 19:42:58 | 000,531,334 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/17 19:42:58 | 000,098,610 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/17 19:24:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/17 19:23:33 | 000,000,455 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012/07/17 19:21:53 | 000,257,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/17 19:21:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/17 19:21:06 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 16:55:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/07/17 15:01:05 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/16 14:22:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/16 12:43:45 | 000,929,861 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\Sandman Inn Bill - GUTOR.pdf
[2012/07/12 12:00:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/12 12:00:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/11 18:52:53 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 18:49:20 | 000,059,636 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\WR_1110123001-002_12JUL12.pdf
[2012/07/11 18:47:46 | 000,078,090 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\CFSR_1110123001-006_04JUL12.pdf
[2012/07/11 18:45:49 | 000,066,977 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\CFSR_1110123001-002_12JUL12.pdf
[2012/07/11 18:31:32 | 000,061,487 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\WR_1110123001-006_04JUL12pdf.pdf
[2012/07/11 13:34:36 | 000,005,228 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\attachments.zip
[2012/07/11 13:34:20 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123002_07150D.bin
[2012/07/11 13:34:20 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123001_0713F1.bin
[2012/07/11 12:57:36 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123001_VQO_142516.bin
[2012/07/11 12:54:51 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123001_VQB_1424F4.bin
[2012/07/11 12:50:31 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123001_VQM_14383E.bin
[2012/07/11 11:52:38 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123002_VQO_1424B3.bin
[2012/07/11 11:45:46 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123002_VQB_1424D5.bin
[2012/07/11 11:42:02 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123002_VQM_143902.bin
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 11:56:35 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2012/06/21 11:49:56 | 000,117,399 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\CFSR_4001380.pdf
[2012/06/21 11:49:34 | 000,157,280 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\SAT_1110237002.pdf
[2012/06/21 10:23:55 | 009,261,469 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\Manual _GB_1110237005.pdf
[2012/06/20 17:24:38 | 000,969,034 | ---- | M] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\Datasheet_KPM16x.pdf
[2012/06/20 17:10:38 | 000,031,124 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/06/20 17:09:14 | 000,001,272 | RHS- | M] () -- C:\Documents and Settings\brjohnso.NAM\ntuser.pol
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 23:40:53 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\qfb370mf.exe
[2012/07/17 15:30:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/17 15:30:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/07/16 14:44:41 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/07/16 12:43:43 | 000,929,861 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\Sandman Inn Bill - GUTOR.pdf
[2012/07/16 03:04:04 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cd63212fa1bf94.job
[2012/07/16 03:04:03 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd63212f177730.job
[2012/07/12 01:32:57 | 000,095,744 | ---- | C] () -- C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\80000032.@
[2012/07/12 01:32:57 | 000,000,804 | ---- | C] () -- C:\WINDOWS\$NtUninstallKB48828$\1823592973\L\00000004.@
[2012/07/12 01:32:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\80000000.@
[2012/07/12 01:32:07 | 000,232,960 | ---- | C] () -- C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\00000008.@
[2012/07/12 01:32:05 | 000,002,048 | ---- | C] () -- C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\00000004.@
[2012/07/12 01:32:05 | 000,001,632 | ---- | C] () -- C:\WINDOWS\$NtUninstallKB48828$\1823592973\U\000000cb.@
[2012/07/12 01:32:00 | 000,002,048 | ---- | C] () -- C:\WINDOWS\$NtUninstallKB48828$\1823592973\@
[2012/07/11 18:49:19 | 000,059,636 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\WR_1110123001-002_12JUL12.pdf
[2012/07/11 18:47:46 | 000,078,090 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\CFSR_1110123001-006_04JUL12.pdf
[2012/07/11 18:45:49 | 000,066,977 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\CFSR_1110123001-002_12JUL12.pdf
[2012/07/11 18:31:32 | 000,061,487 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\WR_1110123001-006_04JUL12pdf.pdf
[2012/07/11 13:35:00 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123002_07150D.bin
[2012/07/11 13:35:00 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123001_0713F1.bin
[2012/07/11 13:34:35 | 000,005,228 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\attachments.zip
[2012/07/11 12:57:36 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123001_VQO_142516.bin
[2012/07/11 12:54:51 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123001_VQB_1424F4.bin
[2012/07/11 12:50:31 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123001_VQM_14383E.bin
[2012/07/11 11:52:38 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123002_VQO_1424B3.bin
[2012/07/11 11:45:46 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123002_VQB_1424D5.bin
[2012/07/11 11:42:02 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\1110123002_VQM_143902.bin
[2012/07/02 11:52:14 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET
[2012/06/21 11:50:08 | 000,117,399 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\CFSR_4001380.pdf
[2012/06/21 11:49:50 | 000,157,280 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\SAT_1110237002.pdf
[2012/06/21 10:16:22 | 009,261,469 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\Manual _GB_1110237005.pdf
[2012/06/20 17:24:38 | 000,969,034 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Desktop\Datasheet_KPM16x.pdf
[2012/06/20 17:09:12 | 000,001,272 | RHS- | C] () -- C:\Documents and Settings\brjohnso.NAM\ntuser.pol
[2012/06/15 03:53:37 | 000,155,841 | ---- | C] () -- C:\WINDOWS\hpwins12.dat
[2012/06/15 03:52:25 | 000,000,981 | ---- | C] () -- C:\WINDOWS\hpwmdl12.dat
[2012/06/11 04:42:21 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/05/27 00:36:48 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\brjohnso.NAM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/15 01:47:37 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\yphdaj.sys
[2012/05/14 11:44:27 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2012/05/03 14:55:06 | 000,007,562 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2012/05/03 14:50:59 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2012/05/03 14:50:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2012/01/18 09:35:40 | 000,286,422 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/02 00:22:59 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\yjrofioq.sys
[2011/05/27 08:45:55 | 000,009,148 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6ng1a3e0d74h323647i8y21a8730pf4emm2820
[2011/05/16 18:59:58 | 000,139,571 | ---- | C] () -- C:\WINDOWS\hpoins21.dat.temp
[2011/05/16 18:59:58 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat.temp
[2011/02/12 18:11:35 | 000,052,116 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/05 15:20:23 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/09/20 01:36:34 | 000,009,847 | ---- | C] () -- C:\WINDOWS\hpwscr12.dat
[2010/09/14 11:18:33 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bdaqpax.sys
[2010/03/12 13:06:35 | 000,031,124 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005/03/22 17:14:45 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2003/09/10 08:21:02 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/09/10 08:21:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/09/10 08:21:02 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/18 14:34:55 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\system32\drivers\48927818.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/05/02 09:46:36 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2012/05/15 00:11:19 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2012/05/15 01:47:37 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\yphdaj.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3GDR\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/14 01:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2003/10/06 09:57:36 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/10/06 09:57:36 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 05:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: NETBT.SYS >
[2008/04/14 01:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/14 01:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 06:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 01:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/14 01:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: YPHDAJ.SYS >
[2012/05/15 01:47:37 | 000,054,016 | ---- | M] () MD5=E6D35F3AA51A65EB35C1F2340154A25E -- C:\WINDOWS\system32\drivers\yphdaj.sys

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/04/02 11:56:16 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/04/02 11:56:16 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/04/02 11:56:16 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/04/02 11:56:13 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/04/02 11:56:16 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/04/02 11:56:16 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/04/02 11:56:16 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/04/02 11:56:13 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 7/18/2012 2:45:33 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\brjohnso.NAM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.25% Memory free
3.84 Gb Paging File | 2.74 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.03 Gb Total Space | 6.94 Gb Free Space | 17.33% Space Free | Partition Type: NTFS
Drive D: | 34.50 Gb Total Space | 8.13 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Drive G: | 11.59 Gb Total Space | 8.01 Gb Free Space | 69.17% Space Free | Partition Type: NTFS
Drive I: | 5810.62 Gb Total Space | 184.51 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
Drive J: | 1008.36 Mb Total Space | 189.92 Mb Free Space | 18.83% Space Free | Partition Type: NTFS
Drive W: | 11.99 Gb Total Space | 2.02 Gb Free Space | 16.84% Space Free | Partition Type: NTFS

Computer Name: USWKG3Y0K5F1 | User Name: brjohnso | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AllAlertsDisabled" = 1
"TermService" = 1
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0BC4864E-72C5-472D-8692-0E5971E0BD36}" = BPDSoftware_Ini
"{0EFC3CD1-B7ED-4D77-B3CC-24B7B82F5416}" = Borland Database Engine
"{10829556-7C82-4a83-8C81-F2D98472C76B}" = H470
"{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}" = Neat Mobile Scanner Driver
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{15D7ECFC-B252-4990-A6BC-1C550A046FE5}" = SolidWorks eDrawings 2009
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{23170F69-40C1-2701-0442-000001000000}" = 7-Zip 4.42
"{231FCC75-2D19-4274-AB75-C9833EBCBCC0}" = Lotus Notes 6.5.6
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}" = Microsoft USB Flash Drive Manager
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{432DDCA6-5CF6-4F02-93D3-BD78E327DA66}" = RSA SecurID Software Token
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{533557D5-E468-4F96-BD95-C81D0A2A8181}" = IBM Lotus Sametime Connect 8.0.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F5920A-9897-4830-BD4A-BE85DA9734FF}" = Neat Mobile Scanner 2008 Driver
"{58155B30-6BE9-4268-A059-149629149C63}" = Neat ADF Scanner Driver
"{5A15F754-086E-4185-96F4-0BC31F1A2382}" = HP Officejet H470 Series
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6673E0F4-D376-431b-A6F4-18D1B86B4A89}" = BPDSoftware
"{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B349DE1-590D-4506-B272-9115EC31F7D2}" = 470_Help
"{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}" = Neat Mobile Scanner (Silver) Driver
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{786FB8FC-F686-45A9-8691-A57BE6798F63}" = FlukeView Power Quality Analyzer 3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BD1EAE4-2E08-4087-8600-44B0ACB0C887}" = NeatWorks Core Files
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901E0405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Czech User Interface Pack
"{901E0406-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Danish User Interface Pack
"{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack
"{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack
"{901E040E-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Hungarian User Interface Pack
"{901E0410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Italian User Interface Pack
"{901E0411-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Japanese User Interface Pack
"{901E0415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Polish User Interface Pack
"{901E0416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Portuguese (Brazil) User Interface Pack
"{901E0419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Russian User Interface Pack
"{901E041D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Swedish User Interface Pack
"{901E0804-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Chinese (Simplified) User Interface Pack
"{901E081A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Serbian (Latin) User Interface Pack
"{901E0C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Spanish User Interface Pack
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C55C629-6C4F-48A9-8840-C897DF6187ED}" = HP Officejet Pro 8600 Basic Device Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A4A42670-82B9-4A58-8955-20271DBBF29F}" = Neat ADF Scanner 2008 Driver
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA72A4E3-D2D0-4203-A17E-E53012B8807C}" = BPD_HPSU
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}" = IE5 Registration
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDA1B59F-03F8-486D-9D45-B5A84A2E870A}" = ZipMail V10 for Lotus Notes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software
"{E022C318-BAC9-468D-8731-3C5EE63C7743}" = 470_Readme
"{E05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{EC7E7111-9212-48FF-8457-6CA0A03A7747}_is1" = GALEP5 Version 2.05.00
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE5F0136-2C7C-42a7-B1B0-5F12D107A0EE}" = ProductContext
"{EEB507E9-3497-476F-8AB4-F09A7E36C115}" = signotec SignoAPI V7.0.105
"{F3145062-3758-46A4-8592-E35ED17808A3}" = signotec SignoAPI V7.0.105
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DivX Codec" = Remove DivX Codec
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Innosoft PDF - Printer" = Innosoft PDF - Printer 6.0
"InstallShield_{432DDCA6-5CF6-4F02-93D3-BD78E327DA66}" = RSA SecurID Software Token
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Modbus Poll" = Modbus Poll 3.60a
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeatWorks" = NeatWorks
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notes 6.5.2" = Notes 6.5.2
"Oracle JInitiator 1.1.8.16" = Oracle JInitiator 1.1.8.16
"PROSet" = Intel® PRO Network Adapters and Drivers
"RDC" = RDC
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"Siebel Uninstall Manager" = Siebel Systems Uninstallation Manager
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2012 12:16:25 PM | Computer Name = USWKG3Y0K5F1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


Error - 7/18/2012 12:50:13 PM | Computer Name = USWKG3Y0K5F1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


Error - 7/18/2012 2:06:58 PM | Computer Name = USWKG3Y0K5F1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


Error - 7/18/2012 2:32:01 PM | Computer Name = USWKG3Y0K5F1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


Error - 7/18/2012 2:36:15 PM | Computer Name = USWKG3Y0K5F1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\TDSSKiller_Quarantine\18.07.2012_14.31.07\rtkt0000\zafs0000\tsk0006.dta
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 7/18/2012 2:36:43 PM | Computer Name = USWKG3Y0K5F1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen in File: C:\TDSSKiller_Quarantine\18.07.2012_14.31.07\rtkt0000\zafs0000\tsk0006.dta
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 7/18/2012 2:37:09 PM | Computer Name = USWKG3Y0K5F1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\TDSSKiller_Quarantine\18.07.2012_14.31.07\rtkt0000\zafs0000\tsk0006.dta
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 7/18/2012 2:37:35 PM | Computer Name = USWKG3Y0K5F1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Zeroaccess.B in File: C:\TDSSKiller_Quarantine\18.07.2012_14.31.07\rtkt0000\zafs0000\tsk0006.dta
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 7/18/2012 2:38:01 PM | Computer Name = USWKG3Y0K5F1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\TDSSKiller_Quarantine\18.07.2012_14.31.07\rtkt0000\zafs0000\tsk0006.dta
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 7/18/2012 2:43:00 PM | Computer Name = USWKG3Y0K5F1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Backdoor.Graybird in File: D:\TEMP\Temporary Internet
Files\Content.IE5\2S36GAPD\OTL[1].exe by: Auto-Protect scan. Action: Cleaned by
Deletion. Action Description: The file was deleted successfully.

[ System Events ]
Error - 7/17/2012 9:07:36 PM | Computer Name = USWKG3Y0K5F1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 7/17/2012 11:07:39 PM | Computer Name = USWKG3Y0K5F1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 7/18/2012 12:10:13 AM | Computer Name = USWKG3Y0K5F1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NAM due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/18/2012 3:08:14 AM | Computer Name = USWKG3Y0K5F1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 7/18/2012 3:33:57 AM | Computer Name = USWKG3Y0K5F1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 7/18/2012 4:00:56 AM | Computer Name = USWKG3Y0K5F1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 7/18/2012 4:03:49 AM | Computer Name = USWKG3Y0K5F1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

Error - 7/18/2012 4:15:02 AM | Computer Name = USWKG3Y0K5F1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NAM due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/18/2012 8:23:02 AM | Computer Name = USWKG3Y0K5F1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NAM due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/18/2012 10:26:07 AM | Computer Name = USWKG3Y0K5F1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NAM due to the following:
%%1727. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

< End of report >

5)I still have all the same issues as detailed in my original post.

Thanks again for your help! Have a great day!

Best regards,
Buckeye77

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 19 July 2012 - 06:40 AM

Hi Buckeye77!

1) I'm pleased to me you as well, thank you for the quick reply and your help! The site is reporting that my post is too long so I'll break it into two posts, hopefully this does not cause any inconvenience for you.

Nope, that's not a problem at all. :)

Certain entries in your OTL log seem to indicate that this maybe a business machine.

Can you confirm whether or not this is the case, if it is, I want to make sure that you're company doesn't have any policies in place regarding infected workstations. I have no issue helping you out, I just want to make sure we're not going to get in trouble for fixing this.

Please let me know.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 Buckeye77

Buckeye77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 22 July 2012 - 03:07 PM

Hello ST,

Yes my computer is a business machine. I spoke with my IT department and they advised having the operating system reloaded, similar to what you mentioned might be required, due to security concerns.

Thank you for your time and assistance with this matter! Hope you ave a great day!

Best regards,

Buckeye77

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 23 July 2012 - 02:06 AM

Hi Buckeye77!

I'm still a little confused as to what your IT department is wanting you to do. I don't want to assume anything, so if you could be so kinda to clarify the following for me:

Are they wanting to re-format and re-install the operatintg system right away, or are they giving you the chance to try and fix it on your own with my assistance?

I can tell you right off the bat that you're infected with a nasty infection, and a reformat and re-install is not only going to be the safest option to take, but the fastest.

Let me know.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:24 AM

Posted 01 August 2012 - 09:30 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users