Solved Virus and malware removal logs

B

Boscoe

Posts: 14   +0
I have been having issues with my internet browser/browsing. First, I am no longer able to click on links to websites directly from my email - it opens an "InPrivate" browser. I have checked my in private browsing settings repeatedly and the feature is not turned on. Second, when I click on a link in google search results, random ad sites come up instead of the link I selected. I followed the steps in the removal process as directed and my logs are pasted below. Sincerest thanks in advance.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.07.13
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
QU54112 :: NC-ATL14010 [administrator]
9/25/2012 8:22:35 PM
mbam-log-2012-09-25 (20-22-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250968
Time elapsed: 22 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|2 (Security.Hijack) -> Data: chrome.exe -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\qu54112\Application Data\dplaysvr.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\qu54112\Application Data\dplaysvr.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-25 20:55:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ECBO
Running: t2vs2ej8.exe; Driver: C:\DOCUME~1\qu54112\LOCALS~1\Temp\fxrirpow.sys

---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9356290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB93562A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB93562D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9356326]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB935627C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9356254]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9356268]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB93562BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB93562FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB93562E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9356350]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB935633C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9356310]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs PGPfsfd.sys (PGP FSFD/PGP Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by QU54112 at 20:58:49 on 2012-09-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3241.2345 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\SvcTools\pkg\SLM-Usage\eSMARTUM.exe
C:\WINDOWS\system32\dleacoms.exe
C:\WINDOWS\SYSTEM32\DNTUS26.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lumension\Patch Agent\GravitixService.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Dell V310-V510 Series\dleamon.exe
C:\Program Files\Dell V310-V510 Series\ezprint.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lumension\LEMSSAgent\epui\epui.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Lumension\Patch Agent\pddm.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Documents and Settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Documents and Settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP Desktop.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by Newell-Rubbermaid
uStart Page = hxxp://www-I.nwlconnect.com/
uDefault_Page_URL = hxxp://www-I.nwlconnect.com/
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell printable web\toolband.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe
uRun: [PTOneClick] c:\program files\webex\productivity tools\ptoneclk.exe /AutoRunning="2"
uRun: [Akamai NetSession Interface] "c:\documents and settings\qu54112\local settings\application data\akamai\netsession_win.exe"
uRun: [PCShowServer] "c:\documents and settings\qu54112\local settings\application data\directv player\PCShowServerPMWrapper.exe"
uRun: [SubSystems] rundll32.exe "c:\documents and settings\qu54112\local settings\application data\subsystems\jnvfxtgq.dll",DllGetClassObject
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
mRun: [SAP_WUS_UNT] "c:\program files\sap\sapsetup\setup\updater\NwSapSetupUserNotificationTool.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [dleamon.exe] "c:\program files\dell v310-v510 series\dleamon.exe"
mRun: [EzPrint] "c:\program files\dell v310-v510 series\ezprint.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [msbui] ",FILTERTEXTURE
mRun: [IntellisyncLotus] " /J
mRun: [wpcof] ",INITEX
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\qu54112\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gripde~1.lnk - c:\windows\installer\{58d3349d-849e-4215-870e-66349cec47f9}\_188652DA885AB9DE3230E7.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{7ba5cb2d-f497-4ab6-8206-c24a7d67750f}\Icon6560581611.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = 386.exe
uPolicies-disallowrun: 2 = chrome.exe
uPolicies-disallowrun: 3 = ChromeSetup.exe
uPolicies-disallowrun: 4 = Elite.exe
uPolicies-disallowrun: 5 = Explorer32.exe
uPolicies-disallowrun: 6 = googledesktop.exe
uPolicies-disallowrun: 7 = usb.exe
uPolicies-disallowrun: 8 = usb32.exe
uPolicies-disallowrun: 9 = windrvl32.exe
uPolicies-disallowrun: 10 = winshost.exe
mPolicies-explorer: NoStartMenuEjectPC = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\PGPlsp.dll
LSP: mswsock.dll
Trusted Zone: appreciatehub.com
Trusted Zone: btslearning.com\www
Trusted Zone: Contentserver.elementh.com
Trusted Zone: Dell.com
Trusted Zone: my-totalrewards.com
Trusted Zone: newellco.com
Trusted Zone: newellcotraining.com
Trusted Zone: octanner.com\*.recognition
Trusted Zone: outlook.com
Trusted Zone: retireonline.com\www
Trusted Zone: scorm.com
Trusted Zone: Staples.com
Trusted Zone: staplesadvantage.com
Trusted Zone: taleo.net
Trusted Zone: unisourcelink.com
Trusted Zone: workforcehosting.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://mqc.sap.newellco.com:8080/qcbin/capicom.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282248966734
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://newell.webex.com/client/upgradeserver/client/ptool/T27L10NSP11_ASRRLS6-4838/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://qc.newellco.com:8080/qcbin/ALM-Platform-Loader.11.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://bond.newellco.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://mqc.sap.newellco.com:8080/qcbin/Spider10.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
LSA: Notification Packages = scecli PGPpwflt
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-14 461864]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2011-5-9 136824]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2011-5-9 13432]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-7-7 17648]
R1 EPS;EPS;c:\windows\system32\drivers\eps.sys [2012-9-13 139504]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-24 89624]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-10-25 826272]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-10-25 32160]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2011-1-6 378224]
R2 DDM Usage Monitoring;DDM Usage Monitoring;c:\svctools\pkg\slm-usage\eSMARTUM.exe [2011-7-15 52224]
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 LEMSS Agent;LEMSS Agent;c:\program files\lumension\lemssagent\LMAgent.exe [2012-5-1 467280]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2011-5-12 324928]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2011-8-31 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-5-19 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2011-5-10 150032]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-8-31 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-14 148520]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\sap\sapsetup\setup\updater\NwSapAutoWorkstationUpdateService.exe [2010-8-20 263536]
R2 PGP RDD Service;PGP RDD Service;c:\program files\pgp corporation\pgp desktop\RDDService.exe [2011-5-9 166520]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-7-7 2656280]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-7-7 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-7-7 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-7-7 33832]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [2011-7-7 174248]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-7-7 260864]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-7-7 41088]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-14 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-14 59288]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfvst.sys [2011-7-7 60904]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 Patch Agent;Patch Agent;c:\program files\lumension\patch agent\GravitixService.exe [2011-9-20 95584]
S0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2010-6-29 218112]
S0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2010-6-29 48140]
S0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2010-6-29 204800]
S0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-6-29 187960]
S0 cerc6;cerc6; [x]
S0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2010-6-29 19200]
S0 sisraid4;sisraid4;c:\windows\system32\drivers\sisraid4.sys [2010-6-29 63872]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [2011-7-26 98984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-8 250568]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2011-11-4 352256]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2011-11-4 33792]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys --> c:\windows\system32\drivers\e1y5132.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-14 87808]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-26 00:21:54 -------- d-----w- c:\documents and settings\qu54112\application data\Malwarebytes
2012-09-26 00:20:40 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 00:20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-13 14:35:08 109056 ----a-w- c:\windows\system32\EPUICpl.cpl
2012-09-13 14:34:52 139504 ----a-w- c:\windows\system32\eps.sys
2012-09-13 14:34:51 139504 ----a-w- c:\windows\system32\drivers\eps.sys
2012-09-13 14:33:57 -------- d-----w- c:\program files\Lumension
2012-09-13 14:33:57 -------- d-----w- c:\documents and settings\all users\application data\Lumension
.
==================== Find3M ====================
.
2012-08-29 00:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 22:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-22 12:13:58 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 12:13:57 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 21:00:27.64 ===============

.
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/7/2011 9:17:05 AM
System Uptime: 9/25/2012 8:48:38 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0K0DNP
Processor: Intel Pentium III Xeon processor | CPU 1 | 1571/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 148.108 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP276: 8/23/2012 10:43:11 AM - Removed Verizon Wireless USB727 Firmware Updates.
RP277: 8/23/2012 3:45:14 PM - System Checkpoint
RP278: 8/24/2012 8:12:30 PM - System Checkpoint
RP279: 8/27/2012 12:49:14 PM - System Checkpoint
RP280: 8/28/2012 9:48:50 PM - System Checkpoint
RP281: 8/29/2012 9:51:22 PM - System Checkpoint
RP282: 8/30/2012 11:10:02 PM - System Checkpoint
RP283: 9/4/2012 11:32:52 AM - Installed Java(TM) 6 Update 35
RP284: 9/6/2012 1:56:08 PM - System Checkpoint
RP285: 9/7/2012 9:59:52 PM - System Checkpoint
RP286: 9/8/2012 11:38:42 PM - System Checkpoint
RP287: 9/9/2012 11:40:41 PM - System Checkpoint
RP288: 9/10/2012 11:44:08 PM - System Checkpoint
RP289: 9/11/2012 11:48:06 PM - System Checkpoint
RP290: 9/13/2012 12:47:52 AM - System Checkpoint
RP291: 9/14/2012 6:31:11 PM - System Checkpoint
RP292: 9/16/2012 12:06:34 AM - System Checkpoint
RP293: 9/18/2012 1:07:35 PM - System Checkpoint
RP294: 9/20/2012 7:24:49 PM - System Checkpoint
RP295: 9/21/2012 7:25:58 PM - System Checkpoint
RP296: 9/23/2012 6:54:47 AM - System Checkpoint
RP297: 9/24/2012 4:05:19 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
AccelerometerP11
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Avaya one-X Communicator
BEHRINGER USB AUDIO DRIVER
BioAPI Framework
BlackBerry Desktop Software 6.1
Bonjour
Cisco Systems VPN Client 5.0.00.0340
Cisco WebEx Meetings
Custom
CyberLink PowerDVD 9.5
CyberSafe TrustBroker Secure Client for Workstations
Definition update for Microsoft Office 2010 (KB982726)
Dell ControlVault Host Components Installer
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Data Protection | Access | Prerequisites
Dell Image Preparation Tool
Dell System Manager
Dell Toolbar
Dell Touchpad
Dell V310-V510 Series
DellAccess
DIRECTV Player
DW WLAN Card Utility
ECL Viewer
EMBASSY Security Center
energyXT2.5
Font - Trade Gothic 6.03-B
FormsWizard
Gemalto
GRIP Desktop
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB967048-v2)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB981793)
Intel(R) Management Engine Components
iTunes
Java Auto Updater
Java(TM) 6 Update 35
Juniper Networks Network Connect 7.0.0
Juniper Networks Network Connect 7.1.0
Juniper Networks Network Connect 7.2.0
Juniper Networks, Inc. Setup Client
LM Agent
Lumension Patch Agent for Windows
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee SiteAdvisor Enterprise Plus
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
MM Client
Mobile Broadband Generic Drivers
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MSXML4.0 redistributable
Musicnotes Player V1.31.6 and Viewer V1.19.0
Musicnotes Software Suite 1.6.0
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero Express
Nero RescueAgent
Nikon File Uploader 2
Nikon Message Center 2
NRAtlanta-DDM8
NTRU TCG Software Stack
OGA Notifier 2.0.0048.0
PC CCID
PGP Desktop
Picasa 3
Picture Control Utility
Preboot Manager
Private Information Manager
Program Files
QuickTime
QWS3270 PLUS 4.2
RWD uPerform Client
SAP Business Explorer
SAP GUI for Windows 7.20
SAPSetup Automatic Workstation Update Service
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shutterfly Express Uploader
Skype Click to Call
Skype™ 5.5
SPBA 5.9
Trusted Drive Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Upek Touchchip Fingerprint Reader
vcredist_x86
ViewNX 2
Wave Infrastructure Installer
Wave Support Software Installer
WebEx Productivity Tools
WebFldrs XP
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
9/25/2012 8:49:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a320raid aac aarich adpu160m adpu320 ahcix86 aic78u2 aic78xx atapi cercsr6 fasttx2k IntelIde megasas nvatabus nvraid PCIIde sisraid4 Symmpi vmscsi
9/25/2012 6:26:32 PM, error: Dhcp [1002] - The IP address lease 10.2.71.108 for the Network Card with network address 00FF00DBEB88 has been denied by the DHCP server 10.200.200.201 (The DHCP Server sent a DHCPNACK message).
9/25/2012 6:17:47 PM, error: Dhcp [1002] - The IP address lease 10.221.160.253 for the Network Card with network address C0F8DA3B22CC has been denied by the DHCP server 172.20.0.1 (The DHCP Server sent a DHCPNACK message).
9/23/2012 8:49:40 AM, error: Dhcp [1002] - The IP address lease 10.2.71.108 for the Network Card with network address 00FF989CFB88 has been denied by the DHCP server 10.200.200.201 (The DHCP Server sent a DHCPNACK message).
9/22/2012 11:34:27 AM, error: Dhcp [1002] - The IP address lease 10.2.71.108 for the Network Card with network address 00FF009BF388 has been denied by the DHCP server 10.200.200.201 (The DHCP Server sent a DHCPNACK message).
9/21/2012 7:59:05 AM, error: Dhcp [1002] - The IP address lease 10.2.82.52 for the Network Card with network address 00FF009BF388 has been denied by the DHCP server 10.200.200.201 (The DHCP Server sent a DHCPNACK message).
9/20/2012 8:19:01 AM, error: Print [22] - Failed to ugrade printer settings for printer \\EMSFPSA10001\EMPRISA10123,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpmdp112.dll error 5.
9/20/2012 8:18:54 AM, error: Print [22] - Failed to ugrade printer settings for printer \\naseasasfps01\NASEASAPHP01,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpmdp112.dll error 5.
9/20/2012 6:54:37 PM, error: Dhcp [1002] - The IP address lease 10.221.160.253 for the Network Card with network address C0F8DA3B22CC has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
9/19/2012 8:11:59 AM, error: e1cexpress [24] - Intel(R) 82579LM Gigabit Network Connection PROBLEM: Unable to start the network adapter. ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm".
9/19/2012 8:11:49 AM, error: NETLOGON [5719] - No Domain Controller is available for domain NRADNEWELLCO due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
9/18/2012 8:12:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vmscsi
9/18/2012 8:12:14 AM, error: Service Control Manager [7023] - The Wtcls2k service terminated with the following error: The specified module could not be found.
9/18/2012 8:12:14 AM, error: Service Control Manager [7009] - Timeout (300000 milliseconds) waiting for the dleaCATSCustConnectService service to connect.
9/18/2012 8:12:14 AM, error: Service Control Manager [7000] - The dleaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
[FONT=Lucida Console]Thank you!Here are my logs:[/FONT]

[FONT=Lucida Console]21:37:11.0924 7524 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 ============================================================[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 Current date / time: 2012/09/25 21:37:12.0440[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 SystemInfo:[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 [/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 OS Version: 5.1.2600 ServicePack: 3.0[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 Product type: Workstation[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 ComputerName: NC-ATL14010[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 UserName: QU54112[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 Windows directory: C:\WINDOWS[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 System windows directory: C:\WINDOWS[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 Processor architecture: Intel x86[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 Number of processors: 4[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 Page size: 0x1000[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 Boot type: Normal boot[/FONT]
[FONT=Lucida Console]21:37:12.0440 7524 ============================================================[/FONT]
[FONT=Lucida Console]21:37:13.0018 7524 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050[/FONT]
[FONT=Lucida Console]21:37:13.0018 7524 ============================================================[/FONT]
[FONT=Lucida Console]21:37:13.0018 7524 \Device\Harddisk0\DR0:[/FONT]
[FONT=Lucida Console]21:37:13.0018 7524 MBR partitions:[/FONT]
[FONT=Lucida Console]21:37:13.0018 7524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542[/FONT]
[FONT=Lucida Console]21:37:13.0018 7524 ============================================================[/FONT]
[FONT=Lucida Console]21:37:13.0018 7524 Initialize success[/FONT]
[FONT=Lucida Console]21:37:13.0018 7524 ============================================================[/FONT]
[FONT=Lucida Console]21:37:20.0390 7260 ============================================================[/FONT]
[FONT=Lucida Console]21:37:20.0390 7260 Scan started[/FONT]
[FONT=Lucida Console]21:37:20.0406 7260 Mode: Manual; [/FONT]
[FONT=Lucida Console]21:37:20.0406 7260 ============================================================[/FONT]
[FONT=Lucida Console]21:37:21.0156 7260 ================ Scan system memory ========================[/FONT]
[FONT=Lucida Console]21:37:21.0171 7260 System memory - ok[/FONT]
[FONT=Lucida Console]21:37:21.0171 7260 ================ Scan services =============================[/FONT]
[FONT=Lucida Console]21:37:21.0171 7260 a320raid - ok[/FONT]
[FONT=Lucida Console]21:37:21.0187 7260 aac - ok[/FONT]
[FONT=Lucida Console]21:37:21.0187 7260 aarich - ok[/FONT]
[FONT=Lucida Console]21:37:21.0187 7260 Abiosdsk - ok[/FONT]
[FONT=Lucida Console]21:37:21.0187 7260 abp480n5 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0187 7260 Acceler - ok[/FONT]
[FONT=Lucida Console]21:37:21.0203 7260 ACPI - ok[/FONT]
[FONT=Lucida Console]21:37:21.0203 7260 ACPIEC - ok[/FONT]
[FONT=Lucida Console]21:37:21.0218 7260 AdobeFlashPlayerUpdateSvc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0218 7260 adpu160m - ok[/FONT]
[FONT=Lucida Console]21:37:21.0218 7260 adpu320 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0218 7260 aec - ok[/FONT]
[FONT=Lucida Console]21:37:21.0218 7260 AESTAud - ok[/FONT]
[FONT=Lucida Console]21:37:21.0234 7260 AFD - ok[/FONT]
[FONT=Lucida Console]21:37:21.0250 7260 Aha154x - ok[/FONT]
[FONT=Lucida Console]21:37:21.0281 7260 ahcix86 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0296 7260 aic78u2 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0296 7260 aic78xx - ok[/FONT]
[FONT=Lucida Console]21:37:21.0312 7260 Alerter - ok[/FONT]
[FONT=Lucida Console]21:37:21.0312 7260 ALG - ok[/FONT]
[FONT=Lucida Console]21:37:21.0312 7260 AliIde - ok[/FONT]
[FONT=Lucida Console]21:37:21.0328 7260 amsint - ok[/FONT]
[FONT=Lucida Console]21:37:21.0328 7260 ApfiltrService - ok[/FONT]
[FONT=Lucida Console]21:37:21.0328 7260 Apple Mobile Device - ok[/FONT]
[FONT=Lucida Console]21:37:21.0343 7260 AppMgmt - ok[/FONT]
[FONT=Lucida Console]21:37:21.0343 7260 asc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0359 7260 asc3350p - ok[/FONT]
[FONT=Lucida Console]21:37:21.0359 7260 asc3550 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0359 7260 aspnet_state - ok[/FONT]
[FONT=Lucida Console]21:37:21.0374 7260 AsyncMac - ok[/FONT]
[FONT=Lucida Console]21:37:21.0390 7260 atapi - ok[/FONT]
[FONT=Lucida Console]21:37:21.0390 7260 Atdisk - ok[/FONT]
[FONT=Lucida Console]21:37:21.0468 7260 Atmarpc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0484 7260 AudioSrv - ok[/FONT]
[FONT=Lucida Console]21:37:21.0515 7260 audstub - ok[/FONT]
[FONT=Lucida Console]21:37:21.0531 7260 BCM43XX - ok[/FONT]
[FONT=Lucida Console]21:37:21.0531 7260 BCMWLNPF - ok[/FONT]
[FONT=Lucida Console]21:37:21.0562 7260 Beep - ok[/FONT]
[FONT=Lucida Console]21:37:21.0562 7260 BEHRINGER_2902 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0624 7260 BITS - ok[/FONT]
[FONT=Lucida Console]21:37:21.0624 7260 Bonjour Service - ok[/FONT]
[FONT=Lucida Console]21:37:21.0640 7260 Browser - ok[/FONT]
[FONT=Lucida Console]21:37:21.0640 7260 BUSB_AUDIO_WDM - ok[/FONT]
[FONT=Lucida Console]21:37:21.0640 7260 cbidf2k - ok[/FONT]
[FONT=Lucida Console]21:37:21.0656 7260 CCDECODE - ok[/FONT]
[FONT=Lucida Console]21:37:21.0656 7260 cd20xrnt - ok[/FONT]
[FONT=Lucida Console]21:37:21.0656 7260 Cdaudio - ok[/FONT]
[FONT=Lucida Console]21:37:21.0656 7260 Cdfs - ok[/FONT]
[FONT=Lucida Console]21:37:21.0656 7260 Cdrom - ok[/FONT]
[FONT=Lucida Console]21:37:21.0671 7260 cerc6 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0687 7260 cercsr6 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0687 7260 Changer - ok[/FONT]
[FONT=Lucida Console]21:37:21.0687 7260 cisvc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0687 7260 ClipSrv - ok[/FONT]
[FONT=Lucida Console]21:37:21.0687 7260 clr_optimization_v2.0.50727_32 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0703 7260 clr_optimization_v4.0.30319_32 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0703 7260 CmBatt - ok[/FONT]
[FONT=Lucida Console]21:37:21.0703 7260 CmdIde - ok[/FONT]
[FONT=Lucida Console]21:37:21.0718 7260 Compbatt - ok[/FONT]
[FONT=Lucida Console]21:37:21.0718 7260 COMSysApp - ok[/FONT]
[FONT=Lucida Console]21:37:21.0718 7260 Cpqarray - ok[/FONT]
[FONT=Lucida Console]21:37:21.0718 7260 Credential Vault Host Control Service - ok[/FONT]
[FONT=Lucida Console]21:37:21.0734 7260 Credential Vault Host Storage - ok[/FONT]
[FONT=Lucida Console]21:37:21.0734 7260 CryptSvc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0734 7260 CVirtA - ok[/FONT]
[FONT=Lucida Console]21:37:21.0749 7260 CVPND - ok[/FONT]
[FONT=Lucida Console]21:37:21.0749 7260 CVPNDRVA - ok[/FONT]
[FONT=Lucida Console]21:37:21.0749 7260 cvusbdrv - ok[/FONT]
[FONT=Lucida Console]21:37:21.0749 7260 dac2w2k - ok[/FONT]
[FONT=Lucida Console]21:37:21.0765 7260 dac960nt - ok[/FONT]
[FONT=Lucida Console]21:37:21.0765 7260 DcomLaunch - ok[/FONT]
[FONT=Lucida Console]21:37:21.0765 7260 dcpsysmgrsvc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0765 7260 DDM Usage Monitoring - ok[/FONT]
[FONT=Lucida Console]21:37:21.0796 7260 Dhcp - ok[/FONT]
[FONT=Lucida Console]21:37:21.0796 7260 Disk - ok[/FONT]
[FONT=Lucida Console]21:37:21.0812 7260 dleaCATSCustConnectService - ok[/FONT]
[FONT=Lucida Console]21:37:21.0812 7260 dlea_device - ok[/FONT]
[FONT=Lucida Console]21:37:21.0827 7260 dmadmin - ok[/FONT]
[FONT=Lucida Console]21:37:21.0827 7260 dmboot - ok[/FONT]
[FONT=Lucida Console]21:37:21.0843 7260 dmio - ok[/FONT]
[FONT=Lucida Console]21:37:21.0843 7260 dmload - ok[/FONT]
[FONT=Lucida Console]21:37:21.0843 7260 dmserver - ok[/FONT]
[FONT=Lucida Console]21:37:21.0843 7260 DMusic - ok[/FONT]
[FONT=Lucida Console]21:37:21.0843 7260 DNE - ok[/FONT]
[FONT=Lucida Console]21:37:21.0859 7260 Dnscache - ok[/FONT]
[FONT=Lucida Console]21:37:21.0859 7260 DNTUS26 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0859 7260 Dot3svc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0859 7260 dpti2o - ok[/FONT]
[FONT=Lucida Console]21:37:21.0874 7260 drmkaud - ok[/FONT]
[FONT=Lucida Console]21:37:21.0874 7260 dsNcAdpt - ok[/FONT]
[FONT=Lucida Console]21:37:21.0874 7260 dsNcService - ok[/FONT]
[FONT=Lucida Console]21:37:21.0874 7260 e1cexpress - ok[/FONT]
[FONT=Lucida Console]21:37:21.0890 7260 e1yexpress - ok[/FONT]
[FONT=Lucida Console]21:37:21.0890 7260 EapHost - ok[/FONT]
[FONT=Lucida Console]21:37:21.0890 7260 EPS - ok[/FONT]
[FONT=Lucida Console]21:37:21.0890 7260 ERSvc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0890 7260 Eventlog - ok[/FONT]
[FONT=Lucida Console]21:37:21.0906 7260 EventSystem - ok[/FONT]
[FONT=Lucida Console]21:37:21.0921 7260 Fastfat - ok[/FONT]
[FONT=Lucida Console]21:37:21.0937 7260 fasttx2k - ok[/FONT]
[FONT=Lucida Console]21:37:21.0952 7260 FastUserSwitchingCompatibility - ok[/FONT]
[FONT=Lucida Console]21:37:21.0968 7260 Fdc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0968 7260 Fips - ok[/FONT]
[FONT=Lucida Console]21:37:21.0968 7260 Flpydisk - ok[/FONT]
[FONT=Lucida Console]21:37:21.0968 7260 FltMgr - ok[/FONT]
[FONT=Lucida Console]21:37:21.0968 7260 FontCache3.0.0.0 - ok[/FONT]
[FONT=Lucida Console]21:37:21.0968 7260 Fs_Rec - ok[/FONT]
[FONT=Lucida Console]21:37:21.0984 7260 Ftdisk - ok[/FONT]
[FONT=Lucida Console]21:37:21.0984 7260 GEARAspiWDM - ok[/FONT]
[FONT=Lucida Console]21:37:21.0984 7260 Gpc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0984 7260 gusvc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0984 7260 HDAudBus - ok[/FONT]
[FONT=Lucida Console]21:37:21.0999 7260 helpsvc - ok[/FONT]
[FONT=Lucida Console]21:37:21.0999 7260 HidServ - ok[/FONT]
[FONT=Lucida Console]21:37:21.0999 7260 HidUsb - ok[/FONT]
[FONT=Lucida Console]21:37:21.0999 7260 hkmsvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0015 7260 hpn - ok[/FONT]
[FONT=Lucida Console]21:37:22.0015 7260 HTTP - ok[/FONT]
[FONT=Lucida Console]21:37:22.0015 7260 HTTPFilter - ok[/FONT]
[FONT=Lucida Console]21:37:22.0015 7260 i2omgmt - ok[/FONT]
[FONT=Lucida Console]21:37:22.0015 7260 i2omp - ok[/FONT]
[FONT=Lucida Console]21:37:22.0062 7260 i8042prt - ok[/FONT]
[FONT=Lucida Console]21:37:22.0062 7260 ialm - ok[/FONT]
[FONT=Lucida Console]21:37:22.0062 7260 iastor - ok[/FONT]
[FONT=Lucida Console]21:37:22.0093 7260 iClarityQoSService - ok[/FONT]
[FONT=Lucida Console]21:37:22.0093 7260 IDriverT - ok[/FONT]
[FONT=Lucida Console]21:37:22.0093 7260 idsvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0093 7260 Imapi - ok[/FONT]
[FONT=Lucida Console]21:37:22.0093 7260 ImapiService - ok[/FONT]
[FONT=Lucida Console]21:37:22.0109 7260 ini910u - ok[/FONT]
[FONT=Lucida Console]21:37:22.0109 7260 IntcDAud - ok[/FONT]
[FONT=Lucida Console]21:37:22.0124 7260 IntelIde - ok[/FONT]
[FONT=Lucida Console]21:37:22.0124 7260 intelppm - ok[/FONT]
[FONT=Lucida Console]21:37:22.0124 7260 Ip6Fw - ok[/FONT]
[FONT=Lucida Console]21:37:22.0124 7260 IpFilterDriver - ok[/FONT]
[FONT=Lucida Console]21:37:22.0140 7260 IpInIp - ok[/FONT]
[FONT=Lucida Console]21:37:22.0140 7260 IpNat - ok[/FONT]
[FONT=Lucida Console]21:37:22.0140 7260 iPod Service - ok[/FONT]
[FONT=Lucida Console]21:37:22.0140 7260 IPSec - ok[/FONT]
[FONT=Lucida Console]21:37:22.0156 7260 IRENUM - ok[/FONT]
[FONT=Lucida Console]21:37:22.0156 7260 isapnp - ok[/FONT]
[FONT=Lucida Console]21:37:22.0156 7260 JavaQuickStarterService - ok[/FONT]
[FONT=Lucida Console]21:37:22.0171 7260 Kbdclass - ok[/FONT]
[FONT=Lucida Console]21:37:22.0171 7260 kbdhid - ok[/FONT]
[FONT=Lucida Console]21:37:22.0187 7260 kmixer - ok[/FONT]
[FONT=Lucida Console]21:37:22.0187 7260 KSecDD - ok[/FONT]
[FONT=Lucida Console]21:37:22.0218 7260 LanmanServer - ok[/FONT]
[FONT=Lucida Console]21:37:22.0218 7260 lanmanworkstation - ok[/FONT]
[FONT=Lucida Console]21:37:22.0218 7260 lbrtfdc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0218 7260 LEMSS Agent - ok[/FONT]
[FONT=Lucida Console]21:37:22.0234 7260 LmHosts - ok[/FONT]
[FONT=Lucida Console]21:37:22.0234 7260 LMS - ok[/FONT]
[FONT=Lucida Console]21:37:22.0234 7260 McAfee SiteAdvisor Enterprise Service - ok[/FONT]
[FONT=Lucida Console]21:37:22.0249 7260 McAfeeEngineService - ok[/FONT]
[FONT=Lucida Console]21:37:22.0249 7260 McAfeeFramework - ok[/FONT]
[FONT=Lucida Console]21:37:22.0249 7260 McShield - ok[/FONT]
[FONT=Lucida Console]21:37:22.0249 7260 McTaskManager - ok[/FONT]
[FONT=Lucida Console]21:37:22.0249 7260 MDM - ok[/FONT]
[FONT=Lucida Console]21:37:22.0249 7260 megasas - ok[/FONT]
[FONT=Lucida Console]21:37:22.0265 7260 MEI - ok[/FONT]
[FONT=Lucida Console]21:37:22.0265 7260 Messenger - ok[/FONT]
[FONT=Lucida Console]21:37:22.0265 7260 mfeapfk - ok[/FONT]
[FONT=Lucida Console]21:37:22.0265 7260 mfeavfk - ok[/FONT]
[FONT=Lucida Console]21:37:22.0265 7260 mfebopk - ok[/FONT]
[FONT=Lucida Console]21:37:22.0280 7260 mfehidk - ok[/FONT]
[FONT=Lucida Console]21:37:22.0280 7260 mferkdet - ok[/FONT]
[FONT=Lucida Console]21:37:22.0280 7260 mfetdi2k - ok[/FONT]
[FONT=Lucida Console]21:37:22.0280 7260 mfetdik - ok[/FONT]
[FONT=Lucida Console]21:37:22.0280 7260 mfevtp - ok[/FONT]
[FONT=Lucida Console]21:37:22.0343 7260 mnmdd - ok[/FONT]
[FONT=Lucida Console]21:37:22.0359 7260 mnmsrvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0359 7260 Modem - ok[/FONT]
[FONT=Lucida Console]21:37:22.0359 7260 Mouclass - ok[/FONT]
[FONT=Lucida Console]21:37:22.0359 7260 mouhid - ok[/FONT]
[FONT=Lucida Console]21:37:22.0374 7260 MountMgr - ok[/FONT]
[FONT=Lucida Console]21:37:22.0374 7260 mraid35x - ok[/FONT]
[FONT=Lucida Console]21:37:22.0374 7260 MRxDAV - ok[/FONT]
[FONT=Lucida Console]21:37:22.0374 7260 MRxSmb - ok[/FONT]
[FONT=Lucida Console]21:37:22.0390 7260 MSDTC - ok[/FONT]
[FONT=Lucida Console]21:37:22.0390 7260 Msfs - ok[/FONT]
[FONT=Lucida Console]21:37:22.0390 7260 MSIServer - ok[/FONT]
[FONT=Lucida Console]21:37:22.0390 7260 MSKSSRV - ok[/FONT]
[FONT=Lucida Console]21:37:22.0390 7260 MSPCLOCK - ok[/FONT]
[FONT=Lucida Console]21:37:22.0405 7260 MSPQM - ok[/FONT]
[FONT=Lucida Console]21:37:22.0405 7260 mssmbios - ok[/FONT]
[FONT=Lucida Console]21:37:22.0405 7260 MSTAPE - ok[/FONT]
[FONT=Lucida Console]21:37:22.0405 7260 MSTEE - ok[/FONT]
[FONT=Lucida Console]21:37:22.0405 7260 Mup - ok[/FONT]
[FONT=Lucida Console]21:37:22.0421 7260 NABTSFEC - ok[/FONT]
[FONT=Lucida Console]21:37:22.0421 7260 napagent - ok[/FONT]
[FONT=Lucida Console]21:37:22.0421 7260 NDIS - ok[/FONT]
[FONT=Lucida Console]21:37:22.0421 7260 NdisIP - ok[/FONT]
[FONT=Lucida Console]21:37:22.0421 7260 NdisTapi - ok[/FONT]
[FONT=Lucida Console]21:37:22.0421 7260 Ndisuio - ok[/FONT]
[FONT=Lucida Console]21:37:22.0437 7260 NdisWan - ok[/FONT]
[FONT=Lucida Console]21:37:22.0437 7260 NDProxy - ok[/FONT]
[FONT=Lucida Console]21:37:22.0437 7260 NetBIOS - ok[/FONT]
[FONT=Lucida Console]21:37:22.0437 7260 NetBT - ok[/FONT]
[FONT=Lucida Console]21:37:22.0437 7260 NetDDE - ok[/FONT]
[FONT=Lucida Console]21:37:22.0437 7260 NetDDEdsdm - ok[/FONT]
[FONT=Lucida Console]21:37:22.0452 7260 Netlogon - ok[/FONT]
[FONT=Lucida Console]21:37:22.0452 7260 Netman - ok[/FONT]
[FONT=Lucida Console]21:37:22.0452 7260 NetTcpPortSharing - ok[/FONT]
[FONT=Lucida Console]21:37:22.0452 7260 Nla - ok[/FONT]
[FONT=Lucida Console]21:37:22.0452 7260 Npfs - ok[/FONT]
[FONT=Lucida Console]21:37:22.0468 7260 Ntfs - ok[/FONT]
[FONT=Lucida Console]21:37:22.0468 7260 NtLmSsp - ok[/FONT]
[FONT=Lucida Console]21:37:22.0468 7260 NtmsSvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0468 7260 Null - ok[/FONT]
[FONT=Lucida Console]21:37:22.0468 7260 nvatabus - ok[/FONT]
[FONT=Lucida Console]21:37:22.0484 7260 nvraid - ok[/FONT]
[FONT=Lucida Console]21:37:22.0484 7260 NWADI - ok[/FONT]
[FONT=Lucida Console]21:37:22.0484 7260 NwlnkFlt - ok[/FONT]
[FONT=Lucida Console]21:37:22.0484 7260 NwlnkFwd - ok[/FONT]
[FONT=Lucida Console]21:37:22.0484 7260 NWSAPAutoWorkstationUpdateSvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0499 7260 NWUSBModem - ok[/FONT]
[FONT=Lucida Console]21:37:22.0499 7260 NWUSBPort - ok[/FONT]
[FONT=Lucida Console]21:37:22.0499 7260 O2FLASH - ok[/FONT]
[FONT=Lucida Console]21:37:22.0499 7260 O2MDFRDR - ok[/FONT]
[FONT=Lucida Console]21:37:22.0499 7260 ohci1394 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0499 7260 ose - ok[/FONT]
[FONT=Lucida Console]21:37:22.0515 7260 osppsvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0515 7260 Parport - ok[/FONT]
[FONT=Lucida Console]21:37:22.0515 7260 PartMgr - ok[/FONT]
[FONT=Lucida Console]21:37:22.0515 7260 ParVdm - ok[/FONT]
[FONT=Lucida Console]21:37:22.0515 7260 Patch Agent - ok[/FONT]
[FONT=Lucida Console]21:37:22.0530 7260 PBADRV - ok[/FONT]
[FONT=Lucida Console]21:37:22.0530 7260 PCI - ok[/FONT]
[FONT=Lucida Console]21:37:22.0530 7260 PCIDump - ok[/FONT]
[FONT=Lucida Console]21:37:22.0530 7260 PCIIde - ok[/FONT]
[FONT=Lucida Console]21:37:22.0530 7260 Pcmcia - ok[/FONT]
[FONT=Lucida Console]21:37:22.0530 7260 PDCOMP - ok[/FONT]
[FONT=Lucida Console]21:37:22.0546 7260 PDFRAME - ok[/FONT]
[FONT=Lucida Console]21:37:22.0546 7260 PDRELI - ok[/FONT]
[FONT=Lucida Console]21:37:22.0546 7260 PDRFRAME - ok[/FONT]
[FONT=Lucida Console]21:37:22.0546 7260 perc2 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0546 7260 perc2hib - ok[/FONT]
[FONT=Lucida Console]21:37:22.0562 7260 PGP RDD Service - ok[/FONT]
[FONT=Lucida Console]21:37:22.0562 7260 PGPdisk - ok[/FONT]
[FONT=Lucida Console]21:37:22.0562 7260 pgpfs - ok[/FONT]
[FONT=Lucida Console]21:37:22.0562 7260 PGPsdkDriver - ok[/FONT]
[FONT=Lucida Console]21:37:22.0562 7260 PGPserv - ok[/FONT]
[FONT=Lucida Console]21:37:22.0577 7260 PGPwded - ok[/FONT]
[FONT=Lucida Console]21:37:22.0577 7260 Pgpwdefs - ok[/FONT]
[FONT=Lucida Console]21:37:22.0577 7260 PLFlash DeviceIoControl Service - ok[/FONT]
[FONT=Lucida Console]21:37:22.0577 7260 PlugPlay - ok[/FONT]
[FONT=Lucida Console]21:37:22.0577 7260 Pml Driver HPZ12 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0577 7260 PolicyAgent - ok[/FONT]
[FONT=Lucida Console]21:37:22.0577 7260 PptpMiniport - ok[/FONT]
[FONT=Lucida Console]21:37:22.0593 7260 ProcObsrv - ok[/FONT]
[FONT=Lucida Console]21:37:22.0593 7260 ProtectedStorage - ok[/FONT]
[FONT=Lucida Console]21:37:22.0593 7260 PSched - ok[/FONT]
[FONT=Lucida Console]21:37:22.0593 7260 Ptilink - ok[/FONT]
[FONT=Lucida Console]21:37:22.0593 7260 ql1080 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0593 7260 Ql10wnt - ok[/FONT]
[FONT=Lucida Console]21:37:22.0593 7260 ql12160 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0609 7260 ql1240 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0609 7260 ql1280 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0609 7260 RasAcd - ok[/FONT]
[FONT=Lucida Console]21:37:22.0609 7260 RasAuto - ok[/FONT]
[FONT=Lucida Console]21:37:22.0609 7260 Rasl2tp - ok[/FONT]
[FONT=Lucida Console]21:37:22.0609 7260 RasMan - ok[/FONT]
[FONT=Lucida Console]21:37:22.0609 7260 RasPppoe - ok[/FONT]
[FONT=Lucida Console]21:37:22.0624 7260 Raspti - ok[/FONT]
[FONT=Lucida Console]21:37:22.0624 7260 Rdbss - ok[/FONT]
[FONT=Lucida Console]21:37:22.0624 7260 RDPCDD - ok[/FONT]
[FONT=Lucida Console]21:37:22.0624 7260 rdpdr - ok[/FONT]
[FONT=Lucida Console]21:37:22.0624 7260 RDPWD - ok[/FONT]
[FONT=Lucida Console]21:37:22.0624 7260 RDSessMgr - ok[/FONT]
[FONT=Lucida Console]21:37:22.0640 7260 redbook - ok[/FONT]
[FONT=Lucida Console]21:37:22.0640 7260 RemoteAccess - ok[/FONT]
[FONT=Lucida Console]21:37:22.0640 7260 RemoteRegistry - ok[/FONT]
[FONT=Lucida Console]21:37:22.0640 7260 RimUsb - ok[/FONT]
[FONT=Lucida Console]21:37:22.0640 7260 RimVSerPort - ok[/FONT]
[FONT=Lucida Console]21:37:22.0640 7260 ROOTMODEM - ok[/FONT]
[FONT=Lucida Console]21:37:22.0640 7260 RpcLocator - ok[/FONT]
[FONT=Lucida Console]21:37:22.0655 7260 RpcSs - ok[/FONT]
[FONT=Lucida Console]21:37:22.0655 7260 RSVP - ok[/FONT]
[FONT=Lucida Console]21:37:22.0655 7260 SamSs - ok[/FONT]
[FONT=Lucida Console]21:37:22.0655 7260 SCardSvr - ok[/FONT]
[FONT=Lucida Console]21:37:22.0655 7260 Schedule - ok[/FONT]
[FONT=Lucida Console]21:37:22.0655 7260 sdbus - ok[/FONT]
[FONT=Lucida Console]21:37:22.0671 7260 Secdrv - ok[/FONT]
[FONT=Lucida Console]21:37:22.0671 7260 seclogon - ok[/FONT]
[FONT=Lucida Console]21:37:22.0671 7260 SecureStorageService - ok[/FONT]
[FONT=Lucida Console]21:37:22.0671 7260 SENS - ok[/FONT]
[FONT=Lucida Console]21:37:22.0671 7260 Serenum - ok[/FONT]
[FONT=Lucida Console]21:37:22.0671 7260 Serial - ok[/FONT]
[FONT=Lucida Console]21:37:22.0687 7260 sffdisk - ok[/FONT]
[FONT=Lucida Console]21:37:22.0687 7260 sffp_sd - ok[/FONT]
[FONT=Lucida Console]21:37:22.0687 7260 Sfloppy - ok[/FONT]
[FONT=Lucida Console]21:37:22.0687 7260 SharedAccess - ok[/FONT]
[FONT=Lucida Console]21:37:22.0702 7260 ShellHWDetection - ok[/FONT]
[FONT=Lucida Console]21:37:22.0702 7260 Simbad - ok[/FONT]
[FONT=Lucida Console]21:37:22.0702 7260 sisraid4 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0702 7260 SLIP - ok[/FONT]
[FONT=Lucida Console]21:37:22.0702 7260 Sparrow - ok[/FONT]
[FONT=Lucida Console]21:37:22.0702 7260 splitter - ok[/FONT]
[FONT=Lucida Console]21:37:22.0718 7260 Spooler - ok[/FONT]
[FONT=Lucida Console]21:37:22.0718 7260 sr - ok[/FONT]
[FONT=Lucida Console]21:37:22.0718 7260 srservice - ok[/FONT]
[FONT=Lucida Console]21:37:22.0718 7260 Srv - ok[/FONT]
[FONT=Lucida Console]21:37:22.0718 7260 SSDPSRV - ok[/FONT]
[FONT=Lucida Console]21:37:22.0718 7260 STacSV - ok[/FONT]
[FONT=Lucida Console]21:37:22.0733 7260 stdcfltn - ok[/FONT]
[FONT=Lucida Console]21:37:22.0733 7260 STHDA - ok[/FONT]
[FONT=Lucida Console]21:37:22.0733 7260 stisvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0733 7260 streamip - ok[/FONT]
[FONT=Lucida Console]21:37:22.0733 7260 swenum - ok[/FONT]
[FONT=Lucida Console]21:37:22.0733 7260 swmidi - ok[/FONT]
[FONT=Lucida Console]21:37:22.0749 7260 SwPrv - ok[/FONT]
[FONT=Lucida Console]21:37:22.0749 7260 symc810 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0749 7260 symc8xx - ok[/FONT]
[FONT=Lucida Console]21:37:22.0749 7260 Symmpi - ok[/FONT]
[FONT=Lucida Console]21:37:22.0749 7260 sym_hi - ok[/FONT]
[FONT=Lucida Console]21:37:22.0749 7260 sym_u3 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0765 7260 sysaudio - ok[/FONT]
[FONT=Lucida Console]21:37:22.0765 7260 SysmonLog - ok[/FONT]
[FONT=Lucida Console]21:37:22.0765 7260 TapiSrv - ok[/FONT]
[FONT=Lucida Console]21:37:22.0765 7260 Tcpip - ok[/FONT]
[FONT=Lucida Console]21:37:22.0765 7260 tcsd_win32.exe - ok[/FONT]
[FONT=Lucida Console]21:37:22.0765 7260 TdmService - ok[/FONT]
[FONT=Lucida Console]21:37:22.0780 7260 TDPIPE - ok[/FONT]
[FONT=Lucida Console]21:37:22.0780 7260 TDTCP - ok[/FONT]
[FONT=Lucida Console]21:37:22.0780 7260 TermDD - ok[/FONT]
[FONT=Lucida Console]21:37:22.0780 7260 TermService - ok[/FONT]
[FONT=Lucida Console]21:37:22.0780 7260 Themes - ok[/FONT]
[FONT=Lucida Console]21:37:22.0780 7260 TlntSvr - ok[/FONT]
[FONT=Lucida Console]21:37:22.0796 7260 TosIde - ok[/FONT]
[FONT=Lucida Console]21:37:22.0796 7260 TrkWks - ok[/FONT]
[FONT=Lucida Console]21:37:22.0796 7260 Udfs - ok[/FONT]
[FONT=Lucida Console]21:37:22.0796 7260 ultra - ok[/FONT]
[FONT=Lucida Console]21:37:22.0796 7260 UNS - ok[/FONT]
[FONT=Lucida Console]21:37:22.0796 7260 Update - ok[/FONT]
[FONT=Lucida Console]21:37:22.0812 7260 upnphost - ok[/FONT]
[FONT=Lucida Console]21:37:22.0812 7260 UPS - ok[/FONT]
[FONT=Lucida Console]21:37:22.0812 7260 USBAAPL - ok[/FONT]
[FONT=Lucida Console]21:37:22.0812 7260 usbaudio - ok[/FONT]
[FONT=Lucida Console]21:37:22.0827 7260 usbccgp - ok[/FONT]
[FONT=Lucida Console]21:37:22.0827 7260 USBCCID - ok[/FONT]
[FONT=Lucida Console]21:37:22.0827 7260 usbehci - ok[/FONT]
[FONT=Lucida Console]21:37:22.0827 7260 usbhub - ok[/FONT]
[FONT=Lucida Console]21:37:22.0827 7260 usbprint - ok[/FONT]
[FONT=Lucida Console]21:37:22.0827 7260 usbscan - ok[/FONT]
[FONT=Lucida Console]21:37:22.0843 7260 USBSTOR - ok[/FONT]
[FONT=Lucida Console]21:37:22.0843 7260 usbuhci - ok[/FONT]
[FONT=Lucida Console]21:37:22.0843 7260 usbvideo - ok[/FONT]
[FONT=Lucida Console]21:37:22.0843 7260 VgaSave - ok[/FONT]
[FONT=Lucida Console]21:37:22.0843 7260 ViaIde - ok[/FONT]
[FONT=Lucida Console]21:37:22.0843 7260 vmscsi - ok[/FONT]
[FONT=Lucida Console]21:37:22.0843 7260 VolSnap - ok[/FONT]
[FONT=Lucida Console]21:37:22.0858 7260 vsdatant - ok[/FONT]
[FONT=Lucida Console]21:37:22.0858 7260 VSS - ok[/FONT]
[FONT=Lucida Console]21:37:22.0858 7260 W32Time - ok[/FONT]
[FONT=Lucida Console]21:37:22.0858 7260 Wanarp - ok[/FONT]
[FONT=Lucida Console]21:37:22.0858 7260 Wdf01000 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0874 7260 WDICA - ok[/FONT]
[FONT=Lucida Console]21:37:22.0874 7260 wdmaud - ok[/FONT]
[FONT=Lucida Console]21:37:22.0874 7260 WebClient - ok[/FONT]
[FONT=Lucida Console]21:37:22.0874 7260 winmgmt - ok[/FONT]
[FONT=Lucida Console]21:37:22.0890 7260 WinRM - ok[/FONT]
[FONT=Lucida Console]21:37:22.0890 7260 wltrysvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0890 7260 WmdmPmSN - ok[/FONT]
[FONT=Lucida Console]21:37:22.0890 7260 Wmi - ok[/FONT]
[FONT=Lucida Console]21:37:22.0905 7260 WmiAcpi - ok[/FONT]
[FONT=Lucida Console]21:37:22.0905 7260 WmiApSrv - ok[/FONT]
[FONT=Lucida Console]21:37:22.0905 7260 WMPNetworkSvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0905 7260 WPFFontCache_v0400 - ok[/FONT]
[FONT=Lucida Console]21:37:22.0921 7260 WSearch - ok[/FONT]
[FONT=Lucida Console]21:37:22.0921 7260 WSTCODEC - ok[/FONT]
[FONT=Lucida Console]21:37:22.0921 7260 wuauserv - ok[/FONT]
[FONT=Lucida Console]21:37:22.0921 7260 WudfPf - ok[/FONT]
[FONT=Lucida Console]21:37:22.0921 7260 WudfRd - ok[/FONT]
[FONT=Lucida Console]21:37:22.0921 7260 WudfSvc - ok[/FONT]
[FONT=Lucida Console]21:37:22.0937 7260 WZCSVC - ok[/FONT]
[FONT=Lucida Console]21:37:22.0937 7260 xmlprov - ok[/FONT]
[FONT=Lucida Console]21:37:22.0937 7260 ================ Scan global ===============================[/FONT]
[FONT=Lucida Console]21:37:22.0937 7260 [Global] - ok[/FONT]
[FONT=Lucida Console]21:37:22.0952 7260 ================ Scan MBR ==================================[/FONT]
[FONT=Lucida Console]21:37:22.0968 7260 [ E9E14E3F65458533C0B413CBE07BE4E4 ] \Device\Harddisk0\DR0[/FONT]
[FONT=Lucida Console]21:37:23.0046 7260 \Device\Harddisk0\DR0 - ok[/FONT]
[FONT=Lucida Console]21:37:23.0046 7260 ================ Scan VBR ==================================[/FONT]
[FONT=Lucida Console]21:37:23.0046 7260 [ ADA95700CA9272AFFB1DD29EF933E316 ] \Device\Harddisk0\DR0\Partition1[/FONT]
[FONT=Lucida Console]21:37:23.0046 7260 \Device\Harddisk0\DR0\Partition1 - ok[/FONT]
[FONT=Lucida Console]21:37:23.0046 7260 ============================================================[/FONT]
[FONT=Lucida Console]21:37:23.0046 7260 Scan finished[/FONT]
[FONT=Lucida Console]21:37:23.0046 7260 ============================================================[/FONT]
[FONT=Lucida Console]21:37:23.0046 4124 Detected object count: 0[/FONT]
[FONT=Lucida Console]21:37:23.0046 4124 Actual detected object count: 0[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]RogueKiller V8.0.5 [09/23/2012] by Tigzy[/FONT]
[FONT=Calibri]mail: tigzyRK<at>gmail<dot>com[/FONT]
[FONT=Calibri]Feedback: https://www.techspot.com/downloads/5562-roguekiller.html[/FONT]
[FONT=Calibri]Blog: http://tigzyrk.blogspot.com[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version[/FONT]
[FONT=Calibri]Started in : Normal mode[/FONT]
[FONT=Calibri]User : QU54112 [Admin rights][/FONT]
[FONT=Calibri]Mode : Remove -- Date : 09/25/2012 21:40:21[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]¤¤¤ Bad processes : 4 ¤¤¤[/FONT]
[FONT=Calibri][SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\qu54112\Local Settings\Application Data\SubSystems\jnvfxtgq.dll -> UNLOADED[/FONT]
[FONT=Calibri][SUSP PATH] PCShowServerPMWrapper.exe -- C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe -> KILLED [TermProc][/FONT]
[FONT=Calibri][SUSP PATH][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : -> KILLED [TermProc][/FONT]
[FONT=Calibri][SUSP PATH] NDSPCShowServer.exe -- C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe -> KILLED [TermProc][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]¤¤¤ Registry Entries : 7 ¤¤¤[/FONT]
[FONT=Calibri][RUN][SUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe") -> DELETED[/FONT]
[FONT=Calibri][RUN][BLACKLIST DLL] HKCU\[...]\Run : SubSystems (rundll32.exe "C:\Documents and Settings\qu54112\Local Settings\Application Data\SubSystems\jnvfxtgq.dll",DllGetClassObject) -> DELETED[/FONT]
[FONT=Calibri][HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED[/FONT]
[FONT=Calibri][HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[/FONT]
[FONT=Calibri][HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)[/FONT]
[FONT=Calibri][HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)[/FONT]
[FONT=Calibri][HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]¤¤¤ Particular Files / Folders: ¤¤¤[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]¤¤¤ Driver : [LOADED] ¤¤¤[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]¤¤¤ Extern Hives: ¤¤¤[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]¤¤¤ Infection : ¤¤¤[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]¤¤¤ HOSTS File: ¤¤¤[/FONT]
[FONT=Calibri]--> C:\WINDOWS\system32\drivers\etc\hosts[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]¤¤¤ MBR Check: ¤¤¤[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]+++++ PhysicalDrive0: Hitachi HTS723225A7A364 +++++[/FONT]
[FONT=Calibri]--- User ---[/FONT]
[FONT=Calibri][MBR] 8c2a039f5162017e42a6c9156e4d04c9[/FONT]
[FONT=Calibri][BSP] 7f6a04fa76454dbdd855d1f97d3b12da : MBR Code unknown[/FONT]
[FONT=Calibri]Partition table:[/FONT]
[FONT=Calibri]0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo[/FONT]
[FONT=Calibri]User = LL1 ... OK![/FONT]
[FONT=Calibri]User = LL2 ... OK![/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]Finished : << RKreport[2].txt >>[/FONT]
[FONT=Calibri]RKreport[1].txt ; RKreport[2].txt[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software[/FONT]
[FONT=Calibri]Run date: 2012-09-25 21:42:54[/FONT]
[FONT=Calibri]-----------------------------[/FONT]
[FONT=Calibri]21:42:54.768 OS Version: Windows 5.1.2600 Service Pack 3[/FONT]
[FONT=Calibri]21:42:54.768 Number of processors: 4 586 0x2A07[/FONT]
[FONT=Calibri]21:42:54.768 ComputerName: NC-ATL14010 UserName: QU54112[/FONT]
[FONT=Calibri]21:42:55.893 Initialize success[/FONT]
[FONT=Calibri]21:55:40.814 AVAST engine defs: 12092501[/FONT]
[FONT=Calibri]21:55:45.439 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1[/FONT]
[FONT=Calibri]21:55:45.439 Disk 0 Vendor: Hitachi_ ECBO Size: 238475MB BusType: 3[/FONT]
[FONT=Calibri]21:55:45.439 Disk 0 MBR read successfully[/FONT]
[FONT=Calibri]21:55:45.439 Disk 0 MBR scan[/FONT]
[FONT=Calibri]21:55:45.501 Disk 0 unknown MBR code[/FONT]
[FONT=Calibri]21:55:45.501 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 238472 MB offset 63[/FONT]
[FONT=Calibri]21:55:45.532 Disk 0 scanning sectors +488392065[/FONT]
[FONT=Calibri]21:55:45.642 Disk 0 scanning C:\WINDOWS\system32\drivers[/FONT]
[FONT=Calibri]21:55:45.657 Service scanning[/FONT]
[FONT=Calibri]21:56:28.354 Modules scanning[/FONT]
[FONT=Calibri]21:56:28.557 Disk 0 trace - called modules:[/FONT]
[FONT=Calibri]21:56:28.573 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll [/FONT]
[FONT=Calibri]21:56:28.573 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adfbab8][/FONT]
[FONT=Calibri]21:56:28.573 3 CLASSPNP.SYS[b98f8fd7] -> nt!IofCallDriver -> [0x8ad32bf8][/FONT]
[FONT=Calibri]21:56:28.573 5 stdcfltn.sys[b9cc9896] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8adec028][/FONT]
[FONT=Calibri]21:56:29.635 AVAST engine scan C:\WINDOWS[/FONT]
[FONT=Calibri]21:56:29.698 AVAST engine scan C:\WINDOWS\system32[/FONT]
[FONT=Calibri]21:56:29.807 AVAST engine scan C:\WINDOWS\system32\drivers[/FONT]
[FONT=Calibri]21:56:29.885 AVAST engine scan C:\Documents and Settings\qu54112[/FONT]
[FONT=Calibri]21:56:29.948 AVAST engine scan C:\Documents and Settings\All Users[/FONT]
[FONT=Calibri]21:56:29.948 Scan finished successfully[/FONT]
[FONT=Calibri]21:56:57.069 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\qu54112\Desktop\MBR.dat"[/FONT]
[FONT=Calibri]21:56:57.069 The log file has been saved successfully to "C:\Documents and Settings\qu54112\Desktop\aswMBR.txt"[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
 
Please do NOT change font in your replies.

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-09-26.02 - QU54112 09/26/2012 14:37:25.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3241.2606 [GMT -4:00]
Running from: c:\documents and settings\qu54112\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
C:\Install.exe
c:\windows\$NtUninstallKB31108$
c:\windows\$NtUninstallKB31108$\1887111679\@
c:\windows\$NtUninstallKB31108$\1887111679\cfg.ini
c:\windows\$NtUninstallKB31108$\1887111679\Desktop.ini
c:\windows\$NtUninstallKB31108$\1887111679\L\diweszan
c:\windows\$NtUninstallKB31108$\1887111679\U\00000001.@
c:\windows\$NtUninstallKB31108$\1887111679\U\00000002.@
c:\windows\$NtUninstallKB31108$\1887111679\U\00000004.@
c:\windows\$NtUninstallKB31108$\1887111679\U\80000000.@
c:\windows\$NtUninstallKB31108$\1887111679\U\80000004.@
c:\windows\$NtUninstallKB31108$\1887111679\U\80000032.@
c:\windows\$NtUninstallKB31108$\1887111679\version
c:\windows\$NtUninstallKB31108$\3413047790
c:\windows\EventSystem.log
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET35F.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET365.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 00:21 . 2012-09-26 00:21 -------- d-----w- c:\documents and settings\qu54112\Application Data\Malwarebytes
2012-09-26 00:20 . 2012-09-26 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-26 00:20 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 14:35 . 2012-05-01 12:48 109056 ----a-w- c:\windows\system32\EPUICpl.cpl
2012-09-13 14:34 . 2012-05-01 13:30 139504 ----a-w- c:\windows\system32\eps.sys
2012-09-13 14:34 . 2012-05-01 13:30 139504 ----a-w- c:\windows\system32\drivers\eps.sys
2012-09-13 14:33 . 2012-09-13 14:42 -------- d-----w- c:\program files\Lumension
2012-09-13 14:33 . 2012-09-13 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lumension
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 00:24 . 2012-05-16 13:18 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24 . 2010-08-19 19:45 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 22:39 . 2012-05-16 13:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-22 12:13 . 2012-05-08 10:16 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 12:13 . 2011-10-04 21:42 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-04-13 23:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-08-19 17:53 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-13 23:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-04-13 23:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-13 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-13 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-13 23:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 20:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2011-05-09 19:04 1056888 ----a-w- c:\windows\system32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 20:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2012-08-16 407632]
"PTOneClick"="c:\program files\WebEx\Productivity Tools\ptoneclk.exe" [2012-08-16 368720]
"Akamai NetSession Interface"="c:\documents and settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-08-10 4440896]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntellisyncLotus"="/J" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-07 536668]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-04 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-04 176152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-04 145944]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 488816]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-12-03 112152]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-12-27 2879488]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-05-15 5164120]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-10-07 1086760]
"SAP_WUS_UNT"="c:\program files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe" [2010-02-25 226672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2009-07-10 766632]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-01 124224]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\documents and settings\qu54112\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-6 1469296]
GRIP Desktop.lnk - c:\windows\Installer\{58D3349D-849E-4215-870E-66349CEC47F9}\_188652DA885AB9DE3230E7.exe [2011-12-6 3638]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= 386.exe
"2"= chrome.exe
"3"= ChromeSetup.exe
"4"= Elite.exe
"5"= Explorer32.exe
"6"= googledesktop.exe
"7"= usb.exe
"8"= usb32.exe
"9"= windrvl32.exe
"10"= winshost.exe
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 15:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
Notification Packages REG_MULTI_SZ scecli PGPpwflt
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-507921405-113007714-1801674531-102151\Scripts\Logon\0\0]
"Script"=\\naatlncscelfs1\Shared\Corporate\Software\PGP\PGPDesktop.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eps.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Avaya\\Avaya one-X Communicator\\SparkEmulator.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"1399:TCP"= 1399:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [6/29/2010 2:56 PM 218112]
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [6/29/2010 2:56 PM 48140]
R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [6/29/2010 2:56 PM 204800]
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [6/29/2010 2:56 PM 187960]
R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [6/29/2010 2:56 PM 19200]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [5/9/2011 3:04 PM 136824]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [5/9/2011 3:04 PM 13432]
R0 sisraid4;sisraid4;c:\windows\system32\drivers\sisraid4.sys [6/29/2010 2:56 PM 63872]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [7/7/2011 7:06 AM 17648]
R1 EPS;EPS;c:\windows\system32\drivers\eps.sys [9/13/2012 10:34 AM 139504]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/24/2011 5:30 PM 89624]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [10/25/2010 8:33 AM 826272]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [10/25/2010 8:33 AM 32160]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [1/6/2011 11:56 AM 378224]
R2 DDM Usage Monitoring;DDM Usage Monitoring;c:\svctools\pkg\SLM-Usage\eSMARTUM.exe [7/15/2011 1:14 PM 52224]
R2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe -service --> c:\windows\system32\dleacoms.exe -service [?]
R2 LEMSS Agent;LEMSS Agent;c:\program files\Lumension\LEMSSAgent\LMAgent.exe [5/1/2012 9:29 AM 467280]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [5/12/2011 12:48 PM 324928]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [8/31/2011 8:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/14/2011 5:34 PM 148520]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [8/20/2010 2:55 PM 263536]
R2 PGP RDD Service;PGP RDD Service;c:\program files\PGP Corporation\PGP Desktop\RDDService.exe [5/9/2011 3:04 PM 166520]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [7/7/2011 9:00 AM 2656280]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [7/7/2011 8:34 AM 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/7/2011 7:04 AM 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [7/7/2011 8:23 AM 33832]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c5132.sys [7/7/2011 7:04 AM 174248]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [7/7/2011 7:04 AM 260864]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [7/7/2011 7:04 AM 41088]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfvst.sys [7/7/2011 7:04 AM 60904]
R3 Patch Agent;Patch Agent;c:\program files\Lumension\Patch Agent\GravitixService.exe [9/20/2011 5:23 PM 95584]
S0 cerc6;cerc6; [x]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleaserv.exe [7/26/2011 1:25 PM 98984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/8/2012 6:16 AM 250568]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [11/4/2011 1:18 PM 352256]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [11/4/2011 1:18 PM 33792]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys --> c:\windows\system32\DRIVERS\e1y5132.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/14/2011 5:34 PM 87808]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MSTAPE
snapman380
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 12:14]
.
.
------- Supplementary Scan -------
.
uWindow Title = Microsoft Internet Explorer provided by Newell-Rubbermaid
uStart Page = hxxp://www-I.nwlconnect.com/
uDefault_Page_URL = hxxp://www-I.nwlconnect.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: appreciatehub.com
Trusted Zone: btslearning.com\www
Trusted Zone: Contentserver.elementh.com
Trusted Zone: Dell.com
Trusted Zone: my-totalrewards.com
Trusted Zone: newellco.com
Trusted Zone: newellcotraining.com
Trusted Zone: octanner.com\*.recognition
Trusted Zone: outlook.com
Trusted Zone: retireonline.com\www
Trusted Zone: scorm.com
Trusted Zone: Staples.com
Trusted Zone: staplesadvantage.com
Trusted Zone: taleo.net
Trusted Zone: unisourcelink.com
Trusted Zone: workforcehosting.com
TCP: DhcpNameServer = 10.5.153.22 10.5.153.23
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://qc.newellco.com:8080/qcbin/ALM-Platform-Loader.11.cab
DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://mqc.sap.newellco.com:8080/qcbin/Spider10.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-msbui - (no file)
HKLM-Run-wpcof - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-26 14:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1656)
c:\program files\Common Files\SPBA\homefus2.dll
c:\program files\Common Files\SPBA\infql2.dll
c:\program files\Common Files\SPBA\homepass.dll
c:\program files\Common Files\SPBA\bio.dll
c:\program files\Common Files\SPBA\qlbase.dll
c:\program files\Common Files\SPBA\vtapipql.dll
.
- - - - - - - > 'lsass.exe'(1712)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
c:\windows\system32\PGPlsp.dll
.
- - - - - - - > 'explorer.exe'(5200)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\System32\PGPfsshl.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\IDT\WDM\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\dleacoms.exe
c:\windows\SYSTEM32\DNTUS26.EXE
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Avaya\Avaya one-X Communicator\QosServM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\PGPserv.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lumension\LEMSSAgent\epui\epui.exe
c:\program files\Lumension\Patch Agent\pddm.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\WebEx\Productivity Tools\ptSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Jordan Lawrence\GRIP Desktop\GRIP Desktop.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lumension\Patch Agent\DAGENT.EXE
.
**************************************************************************
.
Completion time: 2012-09-26 14:58:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-26 18:57
.
Pre-Run: 158,742,073,344 bytes free
Post-Run: 159,599,824,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A3AF2988627D85C577FB04D8FCD8CC3D
 
Looks good :)

Any current issues?

=======================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Things seem to be working
[FONT=Calibri]OTL logfile created on: 9/26/2012 3:08:08 PM - Run 1[/FONT]
[FONT=Calibri]OTL by OldTimer - Version 3.2.68.0 Folder = C:\Documents and Settings\qu54112\Desktop[/FONT]
[FONT=Calibri]Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation[/FONT]
[FONT=Calibri]Internet Explorer (Version = 8.0.6001.18702)[/FONT]
[FONT=Calibri]Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]3.16 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 74.30% Memory free[/FONT]
[FONT=Calibri]5.00 Gb Paging File | 4.31 Gb Available in Paging File | 86.12% Paging File free[/FONT]
[FONT=Calibri]Paging file location(s): C:\pagefile.sys 2046 4092 [binary data][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files[/FONT]
[FONT=Calibri]Drive C: | 232.88 Gb Total Space | 148.67 Gb Free Space | 63.84% Space Free | Partition Type: NTFS[/FONT]
[FONT=Calibri]Drive H: | 132874.10 Gb Total Space | 41830.93 Gb Free Space | 31.48% Space Free | Partition Type: NTFS[/FONT]
[FONT=Calibri]Drive S: | 132874.10 Gb Total Space | 41830.93 Gb Free Space | 31.48% Space Free | Partition Type: NTFS[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]Computer Name: NC-ATL14010 | User Name: QU54112 | NOT logged in as Administrator.[/FONT]
[FONT=Calibri]Boot Mode: Normal | Scan Mode: All users | Quick Scan[/FONT]
[FONT=Calibri]Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Processes (SafeList) ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]PRC - [2012/09/26 15:06:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\qu54112\Desktop\OTL.exe[/FONT]
[FONT=Calibri]PRC - [2012/08/16 13:08:40 | 000,097,360 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptsrv.exe[/FONT]
[FONT=Calibri]PRC - [2012/08/16 13:08:38 | 000,368,720 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe[/FONT]
[FONT=Calibri]PRC - [2012/08/16 13:08:37 | 000,407,632 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptim.exe[/FONT]
[FONT=Calibri]PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe[/FONT]
[FONT=Calibri]PRC - [2012/05/01 09:29:46 | 000,191,304 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files\Lumension\LEMSSAgent\EPUI\EPUI.exe[/FONT]
[FONT=Calibri]PRC - [2012/05/01 09:29:28 | 000,467,280 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe[/FONT]
[FONT=Calibri]PRC - [2012/04/12 18:51:46 | 000,683,080 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[/FONT]
[FONT=Calibri]PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[/FONT]
[FONT=Calibri]PRC - [2011/11/17 18:03:00 | 000,052,224 | ---- | M] () -- c:\SvcTools\pkg\SLM-Usage\eSMARTUM.exe[/FONT]
[FONT=Calibri]PRC - [2011/09/20 17:23:46 | 000,439,648 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files\Lumension\Patch Agent\pddm.exe[/FONT]
[FONT=Calibri]PRC - [2011/09/20 17:23:42 | 000,095,584 | ---- | M] (Lumension Security, Inc.) -- C:\Program Files\Lumension\Patch Agent\GravitixService.exe[/FONT]
[FONT=Calibri]PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[/FONT]
[FONT=Calibri]PRC - [2011/08/31 20:07:00 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe[/FONT]
[FONT=Calibri]PRC - [2011/08/31 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe[/FONT]
[FONT=Calibri]PRC - [2011/08/31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe[/FONT]
[FONT=Calibri]PRC - [2011/08/31 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe[/FONT]
[FONT=Calibri]PRC - [2011/05/19 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[/FONT]
[FONT=Calibri]PRC - [2011/05/19 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe[/FONT]
[FONT=Calibri]PRC - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe[/FONT]
[FONT=Calibri]PRC - [2011/05/19 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe[/FONT]
[FONT=Calibri]PRC - [2011/05/12 12:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe[/FONT]
[FONT=Calibri]PRC - [2011/05/10 20:07:00 | 000,150,032 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[/FONT]
[FONT=Calibri]PRC - [2011/05/09 15:04:44 | 000,166,520 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe[/FONT]
[FONT=Calibri]PRC - [2011/05/09 15:04:44 | 000,135,288 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPserv.exe[/FONT]
[FONT=Calibri]PRC - [2011/01/06 21:32:52 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe[/FONT]
[FONT=Calibri]PRC - [2011/01/06 21:32:52 | 000,266,322 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe[/FONT]
[FONT=Calibri]PRC - [2011/01/06 12:00:18 | 001,469,296 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe[/FONT]
[FONT=Calibri]PRC - [2011/01/06 11:56:30 | 000,378,224 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe[/FONT]
[FONT=Calibri]PRC - [2011/01/05 10:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe[/FONT]
[FONT=Calibri]PRC - [2010/12/22 15:53:06 | 000,081,920 | ---- | M] (Jordan Lawrence Group) -- C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP Desktop.exe[/FONT]
[FONT=Calibri]PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[/FONT]
[FONT=Calibri]PRC - [2010/12/15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe[/FONT]
[FONT=Calibri]PRC - [2010/12/03 17:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[/FONT]
[FONT=Calibri]PRC - [2010/12/03 17:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[/FONT]
[FONT=Calibri]PRC - [2010/11/09 23:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe[/FONT]
[FONT=Calibri]PRC - [2010/10/25 08:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe[/FONT]
[FONT=Calibri]PRC - [2010/10/25 08:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe[/FONT]
[FONT=Calibri]PRC - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe[/FONT]
[FONT=Calibri]PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[/FONT]
[FONT=Calibri]PRC - [2010/07/07 15:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe[/FONT]
[FONT=Calibri]PRC - [2010/05/31 16:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe[/FONT]
[FONT=Calibri]PRC - [2010/02/25 08:04:00 | 000,263,536 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe[/FONT]
[FONT=Calibri]PRC - [2010/02/25 08:04:00 | 000,226,672 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe[/FONT]
[FONT=Calibri]PRC - [2010/02/10 19:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\drivers\o2flash.exe[/FONT]
[FONT=Calibri]PRC - [2009/10/07 05:12:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[/FONT]
[FONT=Calibri]PRC - [2009/07/10 10:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe[/FONT]
[FONT=Calibri]PRC - [2009/07/10 10:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe[/FONT]
[FONT=Calibri]PRC - [2009/07/07 04:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe[/FONT]
[FONT=Calibri]PRC - [2009/07/01 09:13:31 | 000,602,792 | ---- | M] ( ) -- C:\WINDOWS\system32\dleacoms.exe[/FONT]
[FONT=Calibri]PRC - [2009/03/12 05:00:26 | 000,233,472 | ---- | M] (AVAYA Communication) -- C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe[/FONT]
[FONT=Calibri]PRC - [2008/07/23 18:36:20 | 000,114,688 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DNTUS26.EXE[/FONT]
[FONT=Calibri]PRC - [2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe[/FONT]
[FONT=Calibri]PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Modules (No Company Name) ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]MOD - [2012/06/15 13:33:41 | 001,356,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/06/15 13:33:11 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/06/14 15:22:58 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/06/14 15:22:47 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/11 08:31:18 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/11 08:28:10 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/11 08:28:02 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/11 08:27:50 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/11 08:27:28 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/11 08:27:21 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/11 08:15:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/11 08:13:31 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/11 08:12:50 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/01 08:45:04 | 000,072,192 | ---- | M] () -- C:\Program Files\Lumension\LEMSSAgent\tinyxml.dll[/FONT]
[FONT=Calibri]MOD - [2012/05/01 08:44:10 | 000,111,616 | ---- | M] () -- C:\Program Files\Lumension\LEMSSAgent\pugixml-vc90-32.dll[/FONT]
[FONT=Calibri]MOD - [2011/11/17 18:03:00 | 000,052,224 | ---- | M] () -- c:\SvcTools\pkg\SLM-Usage\eSMARTUM.exe[/FONT]
[FONT=Calibri]MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll[/FONT]
[FONT=Calibri]MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll[/FONT]
[FONT=Calibri]MOD - [2011/05/19 16:05:00 | 000,070,976 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll[/FONT]
[FONT=Calibri]MOD - [2011/02/04 13:17:20 | 000,111,616 | R--- | M] () -- C:\Program Files\Lumension\LEMSSAgent\EPUI\pugixml-vc90-32.dll[/FONT]
[FONT=Calibri]MOD - [2010/12/27 18:23:16 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll[/FONT]
[FONT=Calibri]MOD - [2010/12/27 18:23:05 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll[/FONT]
[FONT=Calibri]MOD - [2010/12/22 15:53:04 | 000,053,760 | ---- | M] () -- C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP.Desktop.Business.dll[/FONT]
[FONT=Calibri]MOD - [2010/12/22 15:53:04 | 000,023,040 | ---- | M] () -- C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP.Core.dll[/FONT]
[FONT=Calibri]MOD - [2010/12/22 15:53:04 | 000,018,944 | ---- | M] () -- C:\Program Files\Jordan Lawrence\GRIP Desktop\GRIP.Desktop.UI.dll[/FONT]
[FONT=Calibri]MOD - [2010/12/15 10:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe[/FONT]
[FONT=Calibri]MOD - [2010/02/22 10:16:06 | 000,839,680 | ---- | M] () -- C:\Program Files\Lumension\LEMSSAgent\EPUI\js3250.dll[/FONT]
[FONT=Calibri]MOD - [2009/07/10 10:06:49 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe[/FONT]
[FONT=Calibri]MOD - [2009/07/10 10:06:46 | 000,766,632 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe[/FONT]
[FONT=Calibri]MOD - [2009/06/22 09:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epoemdll.dll[/FONT]
[FONT=Calibri]MOD - [2009/06/22 09:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epstring.dll[/FONT]
[FONT=Calibri]MOD - [2009/06/22 09:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizres.dll[/FONT]
[FONT=Calibri]MOD - [2009/06/22 09:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizard.dll[/FONT]
[FONT=Calibri]MOD - [2009/06/22 09:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\customui.dll[/FONT]
[FONT=Calibri]MOD - [2009/06/22 09:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epfunct.dll[/FONT]
[FONT=Calibri]MOD - [2009/06/22 09:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\eputil.dll[/FONT]
[FONT=Calibri]MOD - [2009/06/22 09:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\imagutil.dll[/FONT]
[FONT=Calibri]MOD - [2009/06/19 04:58:00 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dleadrpp.dll[/FONT]
[FONT=Calibri]MOD - [2009/05/29 10:09:48 | 001,159,168 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleadrs.dll[/FONT]
[FONT=Calibri]MOD - [2009/05/29 10:08:53 | 000,389,120 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleascw.dll[/FONT]
[FONT=Calibri]MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dleadatr.dll[/FONT]
[FONT=Calibri]MOD - [2009/05/26 16:17:13 | 000,086,118 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\DLEAcfg.dll[/FONT]
[FONT=Calibri]MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\iptk.dll[/FONT]
[FONT=Calibri]MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacaps.dll[/FONT]
[FONT=Calibri]MOD - [2009/03/05 13:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacnv4.dll[/FONT]
[FONT=Calibri]MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleaptp.dll[/FONT]
[FONT=Calibri]MOD - [2009/02/20 04:50:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\DLEAsmr.dll[/FONT]
[FONT=Calibri]MOD - [2009/02/20 04:49:37 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\DLEAsm.dll[/FONT]
[FONT=Calibri]MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll[/FONT]
[FONT=Calibri]MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll[/FONT]
[FONT=Calibri]MOD - [2007/04/03 16:18:26 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll[/FONT]
[FONT=Calibri]MOD - [2003/02/25 17:19:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Services (SafeList) ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]SRV - File not found [Auto | Stopped] -- %systemroot%\system32\statusagent4.dll -- (MSTAPE)[/FONT]
[FONT=Calibri]SRV - [2012/08/22 08:14:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)[/FONT]
[FONT=Calibri]SRV - [2012/05/01 09:29:28 | 000,467,280 | ---- | M] (Lumension Security, Inc.) [Auto | Running] -- C:\Program Files\Lumension\LEMSSAgent\LMAgent.exe -- (LEMSS Agent)[/FONT]
[FONT=Calibri]SRV - [2012/04/12 18:51:46 | 000,683,080 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)[/FONT]
[FONT=Calibri]SRV - [2011/11/17 18:03:00 | 000,052,224 | ---- | M] () [Auto | Running] -- c:\SvcTools\pkg\SLM-Usage\eSMARTUM.exe -- (DDM Usage Monitoring)[/FONT]
[FONT=Calibri]SRV - [2011/09/20 17:23:42 | 000,095,584 | ---- | M] (Lumension Security, Inc.) [On_Demand | Running] -- C:\Program Files\Lumension\Patch Agent\GravitixService.exe -- (Patch Agent)[/FONT]
[FONT=Calibri]SRV - [2011/08/31 20:07:00 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)[/FONT]
[FONT=Calibri]SRV - [2011/08/31 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)[/FONT]
[FONT=Calibri]SRV - [2011/08/31 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)[/FONT]
[FONT=Calibri]SRV - [2011/05/19 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)[/FONT]
[FONT=Calibri]SRV - [2011/05/12 12:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)[/FONT]
[FONT=Calibri]SRV - [2011/05/10 20:07:00 | 000,150,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)[/FONT]
[FONT=Calibri]SRV - [2011/05/09 15:04:44 | 000,166,520 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe -- (PGP RDD Service)[/FONT]
[FONT=Calibri]SRV - [2011/05/09 15:04:44 | 000,135,288 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\WINDOWS\system32\PGPserv.exe -- (PGPserv)[/FONT]
[FONT=Calibri]SRV - [2011/01/06 21:32:52 | 000,266,322 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)[/FONT]
[FONT=Calibri]SRV - [2011/01/06 11:56:30 | 000,378,224 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)[/FONT]
[FONT=Calibri]SRV - [2010/12/03 17:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)[/FONT]
[FONT=Calibri]SRV - [2010/12/03 17:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)[/FONT]
[FONT=Calibri]SRV - [2010/11/03 16:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)[/FONT]
[FONT=Calibri]SRV - [2010/10/25 08:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)[/FONT]
[FONT=Calibri]SRV - [2010/10/25 08:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)[/FONT]
[FONT=Calibri]SRV - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)[/FONT]
[FONT=Calibri]SRV - [2010/07/13 14:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)[/FONT]
[FONT=Calibri]SRV - [2010/02/25 08:04:00 | 000,263,536 | ---- | M] (SAP AG) [Auto | Running] -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc)[/FONT]
[FONT=Calibri]SRV - [2010/02/10 19:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)[/FONT]
[FONT=Calibri]SRV - [2009/07/01 09:13:31 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dleacoms.exe -- (dlea_device)[/FONT]
[FONT=Calibri]SRV - [2009/07/01 09:13:25 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)[/FONT]
[FONT=Calibri]SRV - [2009/03/12 05:00:26 | 000,233,472 | ---- | M] (AVAYA Communication) [Auto | Running] -- C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe -- (iClarityQoSService)[/FONT]
[FONT=Calibri]SRV - [2008/07/23 18:36:20 | 000,114,688 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\WINDOWS\system32\DNTUS26.EXE -- (DNTUS26)[/FONT]
[FONT=Calibri]SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Driver Services (SafeList) ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\vmscsi.sys -- (vmscsi)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\qu54112\LOCALS~1\Temp\mbr.sys -- (mbr)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\e1y5132.sys -- (e1yexpress)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | System | Stopped] -- -- (Changer)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)[/FONT]
[FONT=Calibri]DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)[/FONT]
[FONT=Calibri]DRV - [2012/05/01 09:30:34 | 000,139,504 | ---- | M] (Lumension Security, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eps.sys -- (EPS)[/FONT]
[FONT=Calibri]DRV - [2012/04/12 18:28:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)[/FONT]
[FONT=Calibri]DRV - [2011/08/31 20:07:00 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)[/FONT]
[FONT=Calibri]DRV - [2011/08/31 20:07:00 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)[/FONT]
[FONT=Calibri]DRV - [2011/08/31 20:07:00 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)[/FONT]
[FONT=Calibri]DRV - [2011/08/31 20:07:00 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)[/FONT]
[FONT=Calibri]DRV - [2011/08/31 20:07:00 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)[/FONT]
[FONT=Calibri]DRV - [2011/08/31 20:07:00 | 000,065,960 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)[/FONT]
[FONT=Calibri]DRV - [2011/08/31 20:07:00 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)[/FONT]
[FONT=Calibri]DRV - [2011/07/15 13:14:50 | 000,006,757 | ---- | M] () [Kernel | On_Demand | Running] -- c:\SvcTools\pkg\SLM-Usage\ProcObsrv.sys -- (ProcObsrv)[/FONT]
[FONT=Calibri]DRV - [2011/05/09 15:04:44 | 000,301,688 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PGPwded.sys -- (PGPwded)[/FONT]
[FONT=Calibri]DRV - [2011/05/09 15:04:44 | 000,243,832 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)[/FONT]
[FONT=Calibri]DRV - [2011/05/09 15:04:44 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPsdk.sys -- (PGPsdkDriver)[/FONT]
[FONT=Calibri]DRV - [2011/05/09 15:04:44 | 000,013,432 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PGPwdefs.sys -- (Pgpwdefs)[/FONT]
[FONT=Calibri]DRV - [2011/05/09 15:04:42 | 000,136,824 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PGPfsfd.sys -- (pgpfs)[/FONT]
[FONT=Calibri]DRV - [2011/01/06 21:32:52 | 001,660,451 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)[/FONT]
[FONT=Calibri]DRV - [2011/01/06 13:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)[/FONT]
[FONT=Calibri]DRV - [2011/01/04 15:43:38 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mdfvst.sys -- (O2MDFRDR)[/FONT]
[FONT=Calibri]DRV - [2010/12/27 18:23:15 | 003,360,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)[/FONT]
[FONT=Calibri]DRV - [2010/12/27 18:23:14 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)[/FONT]
[FONT=Calibri]DRV - [2010/12/13 09:33:36 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)[/FONT]
[FONT=Calibri]DRV - [2010/10/19 13:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)[/FONT]
[FONT=Calibri]DRV - [2010/10/15 04:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)[/FONT]
[FONT=Calibri]DRV - [2010/10/13 17:39:04 | 000,174,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)[/FONT]
[FONT=Calibri]DRV - [2010/08/24 14:46:00 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)[/FONT]
[FONT=Calibri]DRV - [2010/08/20 11:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stdcfltn.sys -- (stdcfltn)[/FONT]
[FONT=Calibri]DRV - [2009/10/06 09:49:48 | 000,187,960 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86)[/FONT]
[FONT=Calibri]DRV - [2009/06/03 10:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)[/FONT]
[FONT=Calibri]DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)[/FONT]
[FONT=Calibri]DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)[/FONT]
[FONT=Calibri]DRV - [2009/05/21 05:48:10 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)[/FONT]
[FONT=Calibri]DRV - [2009/04/22 00:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)[/FONT]
[FONT=Calibri]DRV - [2008/07/30 17:20:30 | 000,352,256 | R--- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BUSB2902.sys -- (BEHRINGER_2902)[/FONT]
[FONT=Calibri]DRV - [2008/07/30 17:20:30 | 000,033,792 | R--- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM)[/FONT]
[FONT=Calibri]DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)[/FONT]
[FONT=Calibri]DRV - [2007/12/19 19:25:40 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)[/FONT]
[FONT=Calibri]DRV - [2007/09/07 01:18:46 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)[/FONT]
[FONT=Calibri]DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)[/FONT]
[FONT=Calibri]DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)[/FONT]
[FONT=Calibri]DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)[/FONT]
[FONT=Calibri]DRV - [2005/05/17 20:12:40 | 000,204,800 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aarich.sys -- (aarich)[/FONT]
[FONT=Calibri]DRV - [2005/02/17 22:05:16 | 000,218,112 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a320raid.sys -- (a320raid)[/FONT]
[FONT=Calibri]DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)[/FONT]
[FONT=Calibri]DRV - [2004/04/07 16:14:30 | 000,048,140 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aac.sys -- (aac)[/FONT]
[FONT=Calibri]DRV - [2003/04/28 10:15:38 | 000,140,544 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Standard Registry (SafeList) ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Internet Explorer ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}[/FONT]
[FONT=Calibri]IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}[/FONT]
[FONT=Calibri]IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www-I.nwlconnect.com/[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes,DefaultScope = {7E8AFCFE-AEB1-4939-AAD1-DCEFFD25C6FB}[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{480F1D9C-C4E5-4A10-8E0C-9CBB98E58E55}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{526EC8C4-28E3-4E55-B762-F526B7B4FD13}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{7AAB69DC-4632-40D8-B0D0-15DD096D42B4}: "URL" = http://delicious.com/search?p={searchTerms}[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{7E8AFCFE-AEB1-4939-AAD1-DCEFFD25C6FB}: "URL" = http://www.google.com/search?q={sea...x?}&startPage={startPage}&rlz=1I7ADFA_enUS452[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{894B46F1-DC47-44E5-8407-8D8931330F5C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{9D191F83-C8D9-402A-9175-D30281C31649}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\SearchScopes\{C2DA2625-5188-44FB-B286-504D7CEC3A83}: "URL" = http://www.flickr.com/search/?q={searchTerms}[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0[/FONT]
[FONT=Calibri]IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== FireFox ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()[/FONT]
[FONT=Calibri]FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)[/FONT]
[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll (NDS)[/FONT]
[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)[/FONT]
[FONT=Calibri]FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Documents and Settings\qu54112\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2012/01/18 11:05:44 | 000,000,000 | ---D | M][/FONT]
 
[FONT=Calibri]O1 HOSTS File: ([2012/09/26 14:51:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts[/FONT]
[FONT=Calibri]O1 - Hosts: 127.0.0.1 localhost[/FONT]
[FONT=Calibri]O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()[/FONT]
[FONT=Calibri]O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)[/FONT]
[FONT=Calibri]O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)[/FONT]
[FONT=Calibri]O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)[/FONT]
[FONT=Calibri]O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)[/FONT]
[FONT=Calibri]O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)[/FONT]
[FONT=Calibri]O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)[/FONT]
[FONT=Calibri]O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()[/FONT]
[FONT=Calibri]O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)[/FONT]
[FONT=Calibri]O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)[/FONT]
[FONT=Calibri]O3 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()[/FONT]
[FONT=Calibri]O3 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [IntellisyncLotus] " /J File not found[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)[/FONT]
[FONT=Calibri]O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)[/FONT]
[FONT=Calibri]O4 - HKU\S-1-5-21-507921405-113007714-1801674531-102151..\Run: [Akamai NetSession Interface] C:\Documents and Settings\qu54112\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)[/FONT]
[FONT=Calibri]O4 - HKU\S-1-5-21-507921405-113007714-1801674531-102151..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)[/FONT]
[FONT=Calibri]O4 - HKU\S-1-5-21-507921405-113007714-1801674531-102151..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)[/FONT]
[FONT=Calibri]O4 - HKU\S-1-5-21-507921405-113007714-1801674531-102151..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)[/FONT]
[FONT=Calibri]O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)[/FONT]
[FONT=Calibri]O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GRIP Desktop.lnk = C:\WINDOWS\Installer\{58D3349D-849E-4215-870E-66349CEC47F9}\_188652DA885AB9DE3230E7.exe ()[/FONT]
[FONT=Calibri]O4 - Startup: C:\Documents and Settings\qu54112\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)[/FONT]
[FONT=Calibri]O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present[/FONT]
[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1[/FONT]
[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 1[/FONT]
[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863[/FONT]
[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323[/FONT]
[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0[/FONT]
[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1[/FONT]
[FONT=Calibri]O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0[/FONT]
[FONT=Calibri]O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]
[FONT=Calibri]O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present[/FONT]
[FONT=Calibri]O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863[/FONT]
[FONT=Calibri]O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Policies\Microsoft\Internet Explorer\Control Panel present[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Policies\Microsoft\Internet Explorer\Main present[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = 386.exe[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = chrome.exe[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = ChromeSetup.exe[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = Elite.exe[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = Explorer32.exe[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = googledesktop.exe[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = usb.exe[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = usb32.exe[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = windrvl32.exe[/FONT]
[FONT=Calibri]O7 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = winshost.exe[/FONT]
[FONT=Calibri]O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)[/FONT]
[FONT=Calibri]O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)[/FONT]
[FONT=Calibri]O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found[/FONT]
[FONT=Calibri]O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)[/FONT]
[FONT=Calibri]O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)[/FONT]
[FONT=Calibri]O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)[/FONT]
[FONT=Calibri]O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)[/FONT]
[FONT=Calibri]O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)[/FONT]
[FONT=Calibri]O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)[/FONT]
[FONT=Calibri]O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)[/FONT]
[FONT=Calibri]O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)[/FONT]
[FONT=Calibri]O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)[/FONT]
[FONT=Calibri]O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\PGPlsp.dll (PGP Corporation)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: appreciatehub.com ([]* in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: appreciatehub.com ([]http in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: btslearning.com ([www] http in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Contentserver.elementh.com ([]http in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Dell.com ([]* in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: mynwlconnect.com ([]* in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: mynwlconnect.com ([]http in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: my-totalrewards.com ([]https in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nafepncsubpm1 ([]https in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nafepncsxm01 ([]https in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([]* in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([]http in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([*.nr.ad] * in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([*.nr.ad] http in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellcotraining.com ([]* in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellrubbermaid.com ([]* in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellrubbermaid.com ([]http in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nwlconnect.com ([]* in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nwlconnect.com ([]http in Local intranet)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: octanner.com ([*.recognition] * in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: outlook.com ([]https in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: retireonline.com ([www] https in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: scorm.com ([]* in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Staples.com ([]* in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: staplesadvantage.com ([]* in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: taleo.net ([]* in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: taleo.net ([]https in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: unisourcelink.com ([]* in Trusted sites)[/FONT]
[FONT=Calibri]O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: workforcehosting.com ([]https in Trusted sites)[/FONT]
[FONT=Calibri]O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)[/FONT]
[FONT=Calibri]O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)[/FONT]
[FONT=Calibri]O16 - DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} http://mqc.sap.newellco.com:8080/qcbin/capicom.dll (Certificates Class)[/FONT]
[FONT=Calibri]O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1282248966734 (MUWebControl Class)[/FONT]
[FONT=Calibri]O16 - DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} http://community.weightwatchers.com/Scripts/ImageUploader6.cab (Image Uploader Control)[/FONT]
[FONT=Calibri]O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)[/FONT]
[FONT=Calibri]O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)[/FONT]
[FONT=Calibri]O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)[/FONT]
[FONT=Calibri]O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)[/FONT]
[FONT=Calibri]O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://newell.webex.com/client/upgradeserver/client/ptool/T27L10NSP11_ASRRLS6-4838/ieatgpc.cab (GpcContainer Class)[/FONT]
[FONT=Calibri]O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)[/FONT]
[FONT=Calibri]O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} http://qc.newellco.com:8080/qcbin/ALM-Platform-Loader.11.cab (ALM Platfrom Loader v11)[/FONT]
[FONT=Calibri]O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://bond.newellco.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)[/FONT]
[FONT=Calibri]O16 - DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} http://mqc.sap.newellco.com:8080/qcbin/Spider10.cab (Loader Class v5)[/FONT]
[FONT=Calibri]O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)[/FONT]
[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.153.22 10.5.153.23[/FONT]
[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nr.ad.newellco.com[/FONT]
[FONT=Calibri]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08D8C993-1EFD-45F3-BA04-5EF873521FF3}: DhcpNameServer = 10.5.153.22 10.5.153.23[/FONT]
[FONT=Calibri]O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)[/FONT]
[FONT=Calibri]O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)[/FONT]
[FONT=Calibri]O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)[/FONT]
[FONT=Calibri]O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)[/FONT]
[FONT=Calibri]O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)[/FONT]
[FONT=Calibri]O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)[/FONT]
[FONT=Calibri]O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)[/FONT]
[FONT=Calibri]O24 - Desktop WallPaper: C:\Documents and Settings\qu54112\Local Settings\Application Data\Microsoft\Wallpaper1.bmp[/FONT]
[FONT=Calibri]O24 - Desktop BackupWallPaper: C:\Documents and Settings\qu54112\Local Settings\Application Data\Microsoft\Wallpaper1.bmp[/FONT]
[FONT=Calibri]O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)[/FONT]
[FONT=Calibri]O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)[/FONT]
[FONT=Calibri]O32 - HKLM CDRom: AutoRun - 1[/FONT]
[FONT=Calibri]O32 - AutoRun File - [2010/08/19 13:57:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ][/FONT]
[FONT=Calibri]O34 - HKLM BootExecute: (autocheck autochk *)[/FONT]
[FONT=Calibri]O35 - HKLM\..comfile [open] -- "%1" %*[/FONT]
[FONT=Calibri]O35 - HKLM\..exefile [open] -- "%1" %*[/FONT]
[FONT=Calibri]O37 - HKLM\...com [@ = ComFile] -- "%1" %*[/FONT]
[FONT=Calibri]O37 - HKLM\...exe [@ = exefile] -- "%1" %*[/FONT]
[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)[/FONT]
[FONT=Calibri]O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Files/Folders - Created Within 30 Days ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][2012/09/26 15:06:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\qu54112\Desktop\OTL.exe[/FONT]
[FONT=Calibri][2012/09/26 14:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDVD 9.5[/FONT]
[FONT=Calibri][2012/09/26 14:24:47 | 000,000,000 | RHSD | C] -- C:\cmdcons[/FONT]
[FONT=Calibri][2012/09/26 14:22:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[/FONT]
[FONT=Calibri][2012/09/26 14:22:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[/FONT]
[FONT=Calibri][2012/09/26 14:22:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[/FONT]
[FONT=Calibri][2012/09/26 14:22:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[/FONT]
[FONT=Calibri][2012/09/26 14:21:36 | 000,000,000 | ---D | C] -- C:\Qoobox[/FONT]
[FONT=Calibri][2012/09/26 14:21:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt[/FONT]
[FONT=Calibri][2012/09/26 14:11:25 | 004,757,076 | R--- | C] (Swearware) -- C:\Documents and Settings\qu54112\Desktop\ComboFix.exe[/FONT]
[FONT=Calibri][2012/09/25 21:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\qu54112\Desktop\VirusRemoval[/FONT]
[FONT=Calibri][2012/09/25 20:58:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\qu54112\Start Menu\Programs\Administrative Tools[/FONT]
[FONT=Calibri][2012/09/25 20:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\qu54112\Application Data\Malwarebytes[/FONT]
[FONT=Calibri][2012/09/25 20:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware[/FONT]
[FONT=Calibri][2012/09/25 20:20:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[/FONT]
[FONT=Calibri][2012/09/25 20:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[/FONT]
[FONT=Calibri][2012/09/13 10:35:08 | 000,109,056 | ---- | C] (Lumension) -- C:\WINDOWS\System32\EPUICpl.cpl[/FONT]
[FONT=Calibri][2012/09/13 10:34:52 | 000,139,504 | ---- | C] (Lumension Security, Inc.) -- C:\WINDOWS\System32\eps.sys[/FONT]
[FONT=Calibri][2012/09/13 10:34:51 | 000,139,504 | ---- | C] (Lumension Security, Inc.) -- C:\WINDOWS\System32\drivers\eps.sys[/FONT]
[FONT=Calibri][2012/09/13 10:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lumension[/FONT]
[FONT=Calibri][2012/09/13 10:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lumension[/FONT]
[FONT=Calibri][5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][/FONT]
[FONT=Calibri][2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ][/FONT]
[FONT=Calibri][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Files - Modified Within 30 Days ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][2012/09/26 15:06:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\qu54112\Desktop\OTL.exe[/FONT]
[FONT=Calibri][2012/09/26 14:54:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[/FONT]
[FONT=Calibri][2012/09/26 14:53:24 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GRIP Desktop.lnk[/FONT]
[FONT=Calibri][2012/09/26 14:51:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[/FONT]
[FONT=Calibri][2012/09/26 14:51:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[/FONT]
[FONT=Calibri][2012/09/26 14:50:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[/FONT]
[FONT=Calibri][2012/09/26 14:50:23 | 3398,426,624 | -HS- | M] () -- C:\hiberfil.sys[/FONT]
[FONT=Calibri][2012/09/26 14:25:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini[/FONT]
[FONT=Calibri][2012/09/26 14:11:36 | 004,757,076 | R--- | M] (Swearware) -- C:\Documents and Settings\qu54112\Desktop\ComboFix.exe[/FONT]
[FONT=Calibri][2012/09/25 21:56:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\qu54112\Desktop\MBR.dat[/FONT]
[FONT=Calibri][2012/09/24 20:00:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[/FONT]
[FONT=Calibri][2012/09/24 16:06:31 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\qu54112\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk[/FONT]
[FONT=Calibri][2012/09/22 18:36:31 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT[/FONT]
[FONT=Calibri][2012/09/22 18:36:20 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT[/FONT]
[FONT=Calibri][2012/09/17 14:49:38 | 001,357,305 | ---- | M] () -- C:\Documents and Settings\qu54112\My Documents\OTC200BR_Exercise_2.udc[/FONT]
[FONT=Calibri][2012/09/17 14:46:57 | 001,357,264 | ---- | M] () -- C:\Documents and Settings\qu54112\My Documents\OTC250BR_Exercise_2.udc[/FONT]
[FONT=Calibri][2012/09/17 10:52:07 | 000,022,732 | RHS- | M] () -- C:\Documents and Settings\qu54112\ntuser.pol[/FONT]
[FONT=Calibri][2012/09/15 14:58:34 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\qu54112\Desktop\Shortcut to COMM215.lnk[/FONT]
[FONT=Calibri][2012/09/14 09:40:01 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT[/FONT]
[FONT=Calibri][2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[/FONT]
[FONT=Calibri][2012/09/07 11:05:45 | 000,000,216 | ---- | M] () -- C:\WINDOWS\NkMEdit.INI[/FONT]
[FONT=Calibri][2012/09/05 16:53:23 | 001,196,544 | ---- | M] () -- C:\Documents and Settings\qu54112\My Documents\BR_OTC_VT03N.udc[/FONT]
[FONT=Calibri][2012/09/05 16:00:47 | 001,269,448 | ---- | M] () -- C:\Documents and Settings\qu54112\My Documents\BR_OTC_VL06T.udc[/FONT]
[FONT=Calibri][2012/08/30 17:39:44 | 000,019,365 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol[/FONT]
[FONT=Calibri][5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][/FONT]
[FONT=Calibri][2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ][/FONT]
[FONT=Calibri][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Files Created - No Company Name ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][2012/09/26 14:25:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak[/FONT]
[FONT=Calibri][2012/09/26 14:25:00 | 000,260,272 | RHS- | C] () -- C:\cmldr[/FONT]
[FONT=Calibri][2012/09/26 14:22:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe[/FONT]
[FONT=Calibri][2012/09/26 14:22:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe[/FONT]
[FONT=Calibri][2012/09/26 14:22:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[/FONT]
[FONT=Calibri][2012/09/26 14:22:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[/FONT]
[FONT=Calibri][2012/09/26 14:22:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[/FONT]
[FONT=Calibri][2012/09/25 21:56:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\qu54112\Desktop\MBR.dat[/FONT]
[FONT=Calibri][2012/09/17 14:48:24 | 001,357,305 | ---- | C] () -- C:\Documents and Settings\qu54112\My Documents\OTC200BR_Exercise_2.udc[/FONT]
[FONT=Calibri][2012/09/17 13:45:54 | 001,357,264 | ---- | C] () -- C:\Documents and Settings\qu54112\My Documents\OTC250BR_Exercise_2.udc[/FONT]
[FONT=Calibri][2012/09/15 14:58:34 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\qu54112\Desktop\Shortcut to COMM215.lnk[/FONT]
[FONT=Calibri][2012/09/07 11:05:45 | 000,000,216 | ---- | C] () -- C:\WINDOWS\NkMEdit.INI[/FONT]
[FONT=Calibri][2012/09/05 16:05:20 | 001,196,544 | ---- | C] () -- C:\Documents and Settings\qu54112\My Documents\BR_OTC_VT03N.udc[/FONT]
[FONT=Calibri][2012/09/05 14:50:02 | 001,269,448 | ---- | C] () -- C:\Documents and Settings\qu54112\My Documents\BR_OTC_VL06T.udc[/FONT]
[FONT=Calibri][2012/06/07 00:58:11 | 001,186,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[/FONT]
[FONT=Calibri][2012/05/18 14:58:51 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat[/FONT]
[FONT=Calibri][2012/02/16 15:19:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[/FONT]
[FONT=Calibri][2012/01/30 08:01:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[/FONT]
[FONT=Calibri][2011/10/22 10:03:34 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\qu54112\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[/FONT]
[FONT=Calibri][2011/09/28 07:22:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sapshortcut.ini[/FONT]
[FONT=Calibri][2011/08/26 16:46:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sounds[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sound Effects[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\qu54112\Application Data\Smooth Strings[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\qu54112\Application Data\SingleFiles[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\qu54112\Application Data\Services[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT[/FONT]
[FONT=Calibri][2011/08/01 23:29:08 | 000,000,256 | ---- | C] () -- C:\WINDOWS\hpbafd.ini[/FONT]
[FONT=Calibri][2011/07/26 23:10:43 | 000,292,762 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-113007714-1801674531-102151-0.dat[/FONT]
[FONT=Calibri][2011/07/26 23:10:42 | 000,292,762 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat[/FONT]
[FONT=Calibri][2011/07/26 13:25:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dleavs.dll[/FONT]
[FONT=Calibri][2011/07/26 13:25:11 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoin.dll[/FONT]
[FONT=Calibri][2011/07/26 13:25:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dleagcfg.dll[/FONT]
[FONT=Calibri][2011/07/26 13:25:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dleacui.dll[/FONT]
[FONT=Calibri][2011/07/26 13:25:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dleacuir.dll[/FONT]
[FONT=Calibri][2011/07/26 13:24:24 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.dll[/FONT]
[FONT=Calibri][2011/07/26 13:24:24 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAwupd.exe[/FONT]
[FONT=Calibri][2011/07/26 13:23:15 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\DLEAhcp.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:15 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\DLEAinst.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:15 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dleainpa.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:14 | 001,056,768 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaserv.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:14 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dleausb1.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:14 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dleapmui.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:14 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaiesc.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:13 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dleahbn3.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:13 | 000,581,632 | ---- | C] ( ) -- C:\WINDOWS\System32\dlealmpm.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:13 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\dleaih.exe[/FONT]
[FONT=Calibri][2011/07/26 13:23:13 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\dleains.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:13 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\dleainsb.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dleainsr.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dleajswr.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:12 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomc.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:12 | 000,602,792 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacoms.exe[/FONT]
[FONT=Calibri][2011/07/26 13:23:12 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacomm.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:12 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\dleacu.dll[/FONT]
 
[FONT=Calibri][2011/07/26 13:23:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dleagrd.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dleacub.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dleacur.dll[/FONT]
[FONT=Calibri][2011/07/26 13:23:11 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dleacfg.exe[/FONT]
[FONT=Calibri][2011/07/26 13:23:11 | 000,086,118 | ---- | C] () -- C:\WINDOWS\System32\DLEAcfg.dll[/FONT]
[FONT=Calibri][2011/07/26 13:16:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DLEAsmr.dll[/FONT]
[FONT=Calibri][2011/07/26 13:16:48 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\DLEAsm.dll[/FONT]
[FONT=Calibri][2011/07/23 16:12:56 | 000,065,336 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat[/FONT]
[FONT=Calibri][2011/07/08 12:33:45 | 000,000,255 | ---- | C] () -- C:\WINDOWS\mercury.ini[/FONT]
[FONT=Calibri][2011/07/08 07:02:35 | 000,022,732 | RHS- | C] () -- C:\Documents and Settings\qu54112\ntuser.pol[/FONT]
[FONT=Calibri][2011/07/07 10:58:31 | 000,019,365 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol[/FONT]
[FONT=Calibri][2011/07/07 09:03:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[/FONT]
[FONT=Calibri][2011/07/07 09:01:19 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll[/FONT]
[FONT=Calibri][2011/07/07 09:01:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll[/FONT]
[FONT=Calibri][2011/07/07 09:01:19 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE[/FONT]
[FONT=Calibri][2011/07/07 09:00:57 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll[/FONT]
[FONT=Calibri][2011/07/07 08:23:47 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll[/FONT]
[FONT=Calibri][2011/07/07 08:23:06 | 000,205,192 | ---- | C] () -- C:\WINDOWS\System32\bipbsp.dll[/FONT]
[FONT=Calibri][2011/07/07 08:23:05 | 000,308,624 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll[/FONT]
[FONT=Calibri][2011/07/07 07:04:59 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin[/FONT]
[FONT=Calibri][2011/07/07 07:04:58 | 000,201,496 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin[/FONT]
[FONT=Calibri][2011/07/07 07:04:58 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin[/FONT]
[FONT=Calibri][2011/07/07 07:04:58 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll[/FONT]
[FONT=Calibri][2011/07/07 07:04:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config[/FONT]
[FONT=Calibri][2011/07/07 06:54:21 | 000,000,264 | ---- | C] () -- C:\WINDOWS\WMIInfo.ini[/FONT]
[FONT=Calibri][2011/07/07 06:53:02 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ProcessorDetector.ini[/FONT]
[FONT=Calibri][2011/05/24 12:18:10 | 000,004,231 | ---- | C] () -- C:\WINDOWS\HARDTACK.INI[/FONT]
[FONT=Calibri][2011/05/24 12:17:47 | 000,000,252 | ---- | C] () -- C:\WINDOWS\IB.ini[/FONT]
[FONT=Calibri][2011/05/20 11:50:29 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll[/FONT]
[FONT=Calibri][2011/05/20 11:50:29 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll[/FONT]
[FONT=Calibri][2011/05/20 11:50:28 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll[/FONT]
[FONT=Calibri][2011/05/20 11:50:28 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll[/FONT]
[FONT=Calibri][2011/05/20 11:50:28 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll[/FONT]
[FONT=Calibri][2011/05/09 15:04:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig[/FONT]
[FONT=Calibri][2010/10/01 15:56:28 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_th.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:28 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-HK.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sl.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:24 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sk.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hr.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:20 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:18 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:18 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:16 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:14 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:12 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:10 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:10 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:08 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:06 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:06 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:04 | 000,090,624 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:00 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll[/FONT]
[FONT=Calibri][2010/10/01 15:56:00 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll[/FONT]
[FONT=Calibri][2010/10/01 15:55:58 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll[/FONT]
[FONT=Calibri][2010/10/01 15:55:56 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll[/FONT]
[FONT=Calibri][2010/10/01 15:55:56 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll[/FONT]
[FONT=Calibri][2010/10/01 15:55:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll[/FONT]
[FONT=Calibri][2010/10/01 15:55:52 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll[/FONT]
[FONT=Calibri][2010/10/01 15:55:50 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll[/FONT]
[FONT=Calibri][2010/10/01 15:55:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll[/FONT]
[FONT=Calibri][2010/10/01 15:55:46 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll[/FONT]
[FONT=Calibri][2010/10/01 15:55:44 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll[/FONT]
[FONT=Calibri][2010/09/30 08:49:10 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== ZeroAccess Check ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][2010/08/19 16:03:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][/FONT]
[FONT=Calibri]"" = %SystemRoot%\system32\shdocvw.dll -- [2010/06/24 08:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Calibri]"ThreadingModel" = Apartment[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32][/FONT]
[FONT=Calibri]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Calibri]"ThreadingModel" = Free[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32][/FONT]
[FONT=Calibri]"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Calibri]"ThreadingModel" = Both[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== LOP Check ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri][2010/08/20 15:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications[/FONT]
[FONT=Calibri][2011/05/20 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avaya Modular Messaging[/FONT]
[FONT=Calibri][2012/04/29 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\B7E858A7000BD0CF012726D5D151FC4E[/FONT]
[FONT=Calibri][2012/05/16 17:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games[/FONT]
[FONT=Calibri][2011/07/07 08:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp[/FONT]
[FONT=Calibri][2011/07/07 11:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy[/FONT]
[FONT=Calibri][2011/07/08 20:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks[/FONT]
[FONT=Calibri][2012/09/13 10:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lumension[/FONT]
[FONT=Calibri][2012/01/21 21:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes[/FONT]
[FONT=Calibri][2011/08/28 21:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon[/FONT]
[FONT=Calibri][2011/07/07 08:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems[/FONT]
[FONT=Calibri][2011/12/07 10:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation[/FONT]
[FONT=Calibri][2012/01/16 05:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatusSheet[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportPrinters[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Image Utility[/FONT]
[FONT=Calibri][2011/08/26 15:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15[/FONT]
[FONT=Calibri][2011/07/07 08:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp[/FONT]
[FONT=Calibri][2011/07/08 10:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite[/FONT]
[FONT=Calibri][2011/07/15 16:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}[/FONT]
[FONT=Calibri][2011/05/20 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Avaya[/FONT]
[FONT=Calibri][2010/08/20 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Avaya Modular Messaging[/FONT]
[FONT=Calibri][2010/08/19 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Jolly Giant Software[/FONT]
[FONT=Calibri][2011/02/11 15:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Uniblue[/FONT]
[FONT=Calibri][2011/02/08 17:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search[/FONT]
[FONT=Calibri][2011/02/08 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Search[/FONT]
[FONT=Calibri][2011/05/20 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Avaya[/FONT]
[FONT=Calibri][2010/08/20 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Avaya Modular Messaging[/FONT]
[FONT=Calibri][2010/08/19 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Jolly Giant Software[/FONT]
[FONT=Calibri][2011/02/11 15:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Uniblue[/FONT]
[FONT=Calibri][2011/02/08 17:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Windows Desktop Search[/FONT]
[FONT=Calibri][2011/02/08 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\my14548\Application Data\Windows Search[/FONT]
[FONT=Calibri][2011/05/20 12:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Avaya[/FONT]
[FONT=Calibri][2010/08/20 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Avaya Modular Messaging[/FONT]
[FONT=Calibri][2010/08/19 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Jolly Giant Software[/FONT]
[FONT=Calibri][2011/02/11 15:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Uniblue[/FONT]
[FONT=Calibri][2011/07/07 08:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Wave Systems Corp[/FONT]
[FONT=Calibri][2011/02/08 17:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Windows Desktop Search[/FONT]
[FONT=Calibri][2011/02/08 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nrlaa\Application Data\Windows Search[/FONT]
[FONT=Calibri][2012/01/30 07:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Avaya[/FONT]
[FONT=Calibri][2010/08/20 14:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Avaya Modular Messaging[/FONT]
[FONT=Calibri][2011/10/13 21:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\com.Shutterfly.ExpressUploader[/FONT]
[FONT=Calibri][2012/04/24 03:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\DTV[/FONT]
[FONT=Calibri][2011/07/26 12:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\GARMIN[/FONT]
[FONT=Calibri][2010/08/19 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Jolly Giant Software[/FONT]
[FONT=Calibri][2012/07/09 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Juniper Networks[/FONT]
[FONT=Calibri][2012/05/24 13:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Leadertech[/FONT]
[FONT=Calibri][2012/07/14 11:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Musicnotes[/FONT]
[FONT=Calibri][2011/08/26 16:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Nikon[/FONT]
[FONT=Calibri][2011/12/07 10:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\PGP Corporation[/FONT]
[FONT=Calibri][2012/01/16 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Research In Motion[/FONT]
[FONT=Calibri][2011/09/27 03:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\RWD[/FONT]
[FONT=Calibri][2012/02/29 16:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\SAP[/FONT]
[FONT=Calibri][2011/02/11 15:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Uniblue[/FONT]
[FONT=Calibri][2012/08/15 09:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\WebEx[/FONT]
[FONT=Calibri][2012/05/08 12:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Windows Desktop Search[/FONT]
[FONT=Calibri][2011/02/08 17:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\qu54112\Application Data\Windows Search[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]========== Purity Check ==========[/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri] [/FONT]
[FONT=Calibri]< End of report >[/FONT]
OTL Extras logfile created on: 9/26/2012 3:08:08 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Documents and Settings\qu54112\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.16 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 74.30% Memory free
5.00 Gb Paging File | 4.31 Gb Available in Paging File | 86.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 148.67 Gb Free Space | 63.84% Space Free | Partition Type: NTFS
Drive H: | 132874.10 Gb Total Space | 41830.93 Gb Free Space | 31.48% Space Free | Partition Type: NTFS
Drive S: | 132874.10 Gb Total Space | 41830.93 Gb Free Space | 31.48% Space Free | Partition Type: NTFS

Computer Name: NC-ATL14010 | User Name: QU54112 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"1132:TCP" = 1132:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"1399:TCP" = 1399:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\QWS3270 PLUS\QWS3270p.exe" = C:\Program Files\QWS3270 PLUS\QWS3270p.exe:*:Enabled:QWS3270 PLUS -- (Jolly Giant Software Inc.)
"C:\Program Files\QWS3270 PLUS\lpd.exe" = C:\Program Files\QWS3270 PLUS\lpd.exe:*:Enabled:JGS Line Printer Daemon -- (Jolly Giant Software Inc.)
"C:\Program Files\QWS3270 PLUS\AutoUpdt.exe" = C:\Program Files\QWS3270 PLUS\AutoUpdt.exe:*:Enabled:JGS Automatic Update Utility -- (Jolly Giant Software Inc.)
"C:\Program Files\QWS3270 PLUS\QWS3287p.exe" = C:\Program Files\QWS3270 PLUS\QWS3287p.exe:*:Enabled:QWS3287 Printer -- (Jolly Giant Software Inc.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\WINDOWS\system32\dleacoms.exe" = C:\WINDOWS\system32\dleacoms.exe:*:Enabled:V310-V510 Series Server -- ( )
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Avaya\Avaya one-X Communicator\SparkEmulator.exe" = C:\Program Files\Avaya\Avaya one-X Communicator\SparkEmulator.exe:*:Enabled:Spark Endpoint Emulator R1.1 (14) -- (Avaya, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[FONT=Calibri] [/FONT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FC3F65-86EB-475E-881F-A5B1CF731320}" = McAfee SiteAdvisor Enterprise Plus
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13AD702E-412D-43CE-8D63-C8B1AA06310D}" = RWD uPerform Client
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1ACE4833-28F0-45BB-ACA2-4D3FF8646421}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{20EB202D-6D74-49AC-8785-C80342911940}" = LM Agent
"{242F338C-1DCE-4282-9E83-AE1DDA4C3FB2}" = Program Files
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{2833FCFE-3D65-4FB4-AB62-17937B57163E}" = Avaya one-X Communicator
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{397F4DE2-3C5A-415C-9A36-1D8C2B30B92D}" = McAfee Agent
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{45408D2E-180E-4F84-BBB1-E95090B06A1C}" = Dell Image Preparation Tool
"{48E3B002-74C0-48A6-A463-85C0F96E2D7E}" = WebEx Productivity Tools
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{542DC8F4-C0E1-4129-962C-49F2333B497A}" = NRAtlanta-DDM8
"{58D3349D-849E-4215-870E-66349CEC47F9}" = GRIP Desktop
"{5B094D3F-FAAF-454B-BA90-6230248E0743}" = QWS3270 PLUS 4.2
"{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player
"{6315D12F-EEB9-4F45-95A1-D543E810A925}" = MM Client
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{694226CF-FBE2-4015-865C-17703E06B312}" = Font - Trade Gothic 6.03-B
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BA5CB2D-F497-4AB6-8206-C24A7D67750F}" = PGP Desktop
"{7D487E97-6D60-4DCD-9B6D-A400D4069992}" = Dell Data Protection | Access | Prerequisites
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{83F46219-7837-41A4-A84D-5F9E5159FA48}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93327046-571E-4CA5-950A-9669FB47A949}" = CyberSafe TrustBroker Secure Client for Workstations
"{963FC8D7-91F9-4AB2-B580-B6E2F74F97A7}" = Lumension Patch Agent for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32F592F-AA0E-49AF-8E85-A0A25AF83314}" = Wave Infrastructure Installer
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E3142E10-4734-4425-A0CB-4CDFB436FF20}" = Dell System Manager
"{E40A8BEF-FD8B-48A4-9463-2FD7C4082F76}" = FormsWizard
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FBF81222-8404-4FCF-B76A-7CFAD7BB1451}" = PC CCID
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFE5DAD-27EF-40C8-9C13-546224F9A2D3}" = Dell ControlVault Host Components Installer
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 1.2.6
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Dell V310-V510 Series" = Dell V310-V510 Series
"DW WLAN Card Utility" = DW WLAN Card Utility
"energyXT_is1" = energyXT2.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper Network Connect 7.2.0" = Juniper Networks Network Connect 7.2.0
"LMAgent" = LM Agent
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.6.0
"Musicnotes Player_is1" = Musicnotes Player V1.31.6 and Viewer V1.19.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Picasa 3" = Picasa 3
"SAP_ECL" = ECL Viewer
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/26/2012 2:33:14 PM | Computer Name = NC-ATL14010 | Source = Application Error | ID = 1000
Description = Faulting application rmbr.3xe, version 0.0.0.0, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x00002128.

Error - 9/26/2012 2:35:00 PM | Computer Name = NC-ATL14010 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 9/26/2012 2:35:00 PM | Computer Name = NC-ATL14010 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 9/26/2012 2:35:03 PM | Computer Name = NC-ATL14010 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 9/26/2012 2:35:31 PM | Computer Name = NC-ATL14010 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\naatlncscelfs1\Shared\Corporate\Software\PGP\PGPDesktop.vbs.
The network location cannot be reached. For information about network troubleshooting,
see Windows Help. .

Error - 9/26/2012 2:37:26 PM | Computer Name = NC-ATL14010 | Source = McLogEvent | ID = 259
Description = The file C:\Documents and Settings\qu54112\Local Settings\Temp\Av-test.txt
contains the EICAR test file Test. No cleaner available, file deleted successfully.
Detected using Scan engine version 5400.1158 DAT version 6847.0000.

Error - 9/26/2012 2:50:29 PM | Computer Name = NC-ATL14010 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 9/26/2012 2:50:29 PM | Computer Name = NC-ATL14010 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 9/26/2012 2:50:32 PM | Computer Name = NC-ATL14010 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 9/26/2012 2:51:05 PM | Computer Name = NC-ATL14010 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\naatlncscelfs1\Shared\Corporate\Software\PGP\PGPDesktop.vbs.
The network location cannot be reached. For information about network troubleshooting,
see Windows Help. .

[ Lumension Events ]
Error - 9/24/2012 12:02:33 PM | Computer Name = NC-ATL14010 | Source = Lumension Detection Agent | ID = 2
Description = Error uploading inventory results - error code = -20

Error - 9/25/2012 8:21:49 AM | Computer Name = NC-ATL14010 | Source = Lumension Detection Agent | ID = 2
Description = Error uploading inventory results - error code = -20

Error - 9/25/2012 6:29:36 PM | Computer Name = NC-ATL14010 | Source = Lumension Detection Agent | ID = 2
Description = Error uploading inventory results - error code = -20

Error - 9/26/2012 9:17:01 AM | Computer Name = NC-ATL14010 | Source = Lumension Detection Agent | ID = 2
Description = Error occurred posting detection to PLUS (incremental diff) -
error code = -30 error msg = 'Error: Invalid CheckSum'

[ System Events ]
Error - 9/26/2012 2:36:05 PM | Computer Name = NC-ATL14010 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/26/2012 2:36:46 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7034
Description = The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

Error - 9/26/2012 2:37:20 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7034
Description = The DW WLAN Tray Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/26/2012 2:37:20 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7034
Description = The DDM Usage Monitoring service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/26/2012 2:50:29 PM | Computer Name = NC-ATL14010 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NRADNEWELLCO due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 9/26/2012 2:51:01 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7009
Description = Timeout (300000 milliseconds) waiting for the dleaCATSCustConnectService
service to connect.

Error - 9/26/2012 2:51:01 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7000
Description = The dleaCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 9/26/2012 2:51:01 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7023
Description = The Wtcls2k service terminated with the following error: %%126

Error - 9/26/2012 2:51:01 PM | Computer Name = NC-ATL14010 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
vmscsi

Error - 9/26/2012 2:51:41 PM | Computer Name = NC-ATL14010 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >
 
I asked before....
Please do NOT change font in your replies.
Click to expand...

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: appreciatehub.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: appreciatehub.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: btslearning.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Contentserver.elementh.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: mynwlconnect.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: mynwlconnect.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: my-totalrewards.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nafepncsubpm1 ([]https in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nafepncsxm01 ([]https in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([*.nr.ad] * in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellco.com ([*.nr.ad] http in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellcotraining.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellrubbermaid.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: newellrubbermaid.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nwlconnect.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: nwlconnect.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: octanner.com ([*.recognition] * in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: outlook.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: retireonline.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: scorm.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: Staples.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: staplesadvantage.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: taleo.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: taleo.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: unisourcelink.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-507921405-113007714-1801674531-102151\..Trusted Domains: workforcehosting.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
[2010/08/19 16:03:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/06/24 08:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

===================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I apologize - I did not change my fonts. I did cut and paste them numerous times trying to get them broke into pieces small enough to fit the 50,000 character limit - if the font was changed it was unintentional. I'm sorry.
 
Ok, here are the first few files. I was an ***** and got ahead of myself.. I ran the AdwCleaner and it rebooted but then I uninstalled the application before copying the .txt file - I looked for the C:\AdwCleaner[S1].txt but it wasn't there. Do I need to re-install AdwCleaner and do it again?

All processes killed
========== OTL ==========
HKU\S-1-5-21-507921405-113007714-1801674531-102151\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\appreciatehub.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\appreciatehub.com\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\btslearning.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Contentserver.elementh.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Dell.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mynwlconnect.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mynwlconnect.com\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-totalrewards.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nafepncsubpm1\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nafepncsxm01\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellco.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellco.com\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellco.com\*.nr.ad\ not found.
Invalid CLSID key: *.nr.ad
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellco.com\*.nr.ad\ not found.
Invalid CLSID key: *.nr.ad
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellcotraining.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellrubbermaid.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newellrubbermaid.com\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nwlconnect.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nwlconnect.com\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\octanner.com\*.recognition\ deleted successfully.
Invalid CLSID key: *.recognition
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\outlook.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\retireonline.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scorm.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Staples.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\staplesadvantage.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taleo.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taleo.net\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\unisourcelink.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-507921405-113007714-1801674531-102151\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\workforcehosting.com\ deleted successfully.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
C:\WINDOWS\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56931 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98983 bytes
->Flash cache emptied: 343 bytes

User: my14548
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: nrlaa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: qu54112
->Temp folder emptied: 5318691 bytes
->Temporary Internet Files folder emptied: 40146745 bytes
->Java cache emptied: 679264 bytes
->Flash cache emptied: 57098 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2413727 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 240640 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33775 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1899538 bytes

Total Files Cleaned = 49.00 mb


[EMPTYJAVA]

User: All Users

User: Default User
->Java cache emptied: 0 bytes

User: LocalService

User: my14548
->Java cache emptied: 0 bytes

User: NetworkService

User: nrlaa
->Java cache emptied: 0 bytes

User: qu54112
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: my14548
->Flash cache emptied: 0 bytes

User: NetworkService

User: nrlaa
->Flash cache emptied: 0 bytes

User: qu54112
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.68.0 log created on 09262012_183034

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_8f4.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
McAfee AntiSpyware Enterprise Module
McAfee SiteAdvisor Enterprise Plus
Malwarebytes Anti-Malware version 1.65.0.1400
Java(TM) 6 Update 35
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise Mcshield.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 19-09-2012
Ran by QU54112 (administrator) on 26-09-2012 at 18:41:01
Running from "C:\Documents and Settings\qu54112\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(9) Gpc(3) IPSec(5) mfetdi2k(8) mfetdik(8) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****
 
Here is the final log from ESETScan.

C:\Documents and Settings\qu54112\Local Settings\Application Data\SubSystems\jnvfxtgq.dll Win32/Kryptik.AJDT.Gen trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{9A1B4DE7-EC31-4E0F-9A3C-DA66AEC0E712}\RP299\A0053242.dll Win32/Kryptik.AJDT.Gen trojan cleaned by deleting - quarantined
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33685 bytes
->Flash cache emptied: 0 bytes

User: my14548
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: nrlaa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: qu54112
->Temp folder emptied: 37033183 bytes
->Temporary Internet Files folder emptied: 39538800 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66543 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 73.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: my14548
->Flash cache emptied: 0 bytes

User: NetworkService

User: nrlaa
->Flash cache emptied: 0 bytes

User: qu54112
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User
->Java cache emptied: 0 bytes

User: LocalService

User: my14548
->Java cache emptied: 0 bytes

User: NetworkService

User: nrlaa
->Java cache emptied: 0 bytes

User: qu54112
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.68.0 log created on 09272012_205805
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\qu54112\Local Settings\Temporary Internet Files\Content.IE5\TKLN00ZZ\bk-static[1].js not found!
C:\WINDOWS\temp\Perflib_Perfdata_858.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Hi Broni,

First, let me THANK YOU so very much. I greatly appreciate your assistance and the fact that my computer is doing very well. I have not seen any more instances of the ads from google links and have not been getting the "in private" tabs when clicking on links in Microsoft Outlook. So, thank you very much. I am NOT enjoying changing all these passwords - I may be back on here in a few days asking how to get into all my accounts since I can't remember the passwords ;)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back