Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE 7 will not open [Closed]

Started by newportnews , Apr 13 2009 07:02 PM

  • This topic is locked This topic is locked

#1
newportnews
Posted 13 April 2009 - 07:02 PM

newportnews

    Member

  • Member
  • PipPip
  • 47 posts
G'day - a few days back i decided to upgrade to IE 8. When I did, internet explorer stopped working. When I clicked the IE icon it would open a white empty box for a couple of seconds and then close. On a website shortcut from my desktop it would react the same of it may actually connect and open for a second but there is no toolbar at the top. I uninstalled IE 8 to see if IE 7 would come back; it did not. I tried to restore to an earlier time; it did not work. Firefox works fine. I then uninstalled Firefox and then installing IE 7 and removed obvious browser add ons thinking there may be a problem; still did not work. Installed Firefox and here I am. IE 7 not working. I also noticed under 'Control Panel' the 'internet options' icon is shown but the words 'Internet Options' is not and clicking on the icon does nothing. I tried to do the suggested fixes at Microsoft but no help. I could not run any updates since Microsoft was requiring IE to download updates.


I have completed all the steps / scans in the topic "Malware and Spyware Cleaning Guide, Please read before starting a new topic"


Rooter log -----------------------------------------------------------------

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:183868 Mo/Free:2840 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Network] (Total:0 Mo/Free:0 Mo)
J:\ [Network] (Total:0 Mo/Free:0 Mo)
K:\ [Network] (Total:0 Mo/Free:0 Mo)
M:\ [Network] (Total:0 Mo/Free:0 Mo)
P:\ [Network] (Total:0 Mo/Free:0 Mo)
S:\ [Network] (Total:0 Mo/Free:0 Mo)
T:\ [Network] (Total:0 Mo/Free:0 Mo)
V:\ [Network] (Total:0 Mo/Free:0 Mo)
X:\ [Network] (Total:0 Mo/Free:0 Mo)
Y:\ [Network] (Total:0 Mo/Free:0 Mo)

Mon 04/13/2009|20:28

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
---------- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
---------- C:\Program Files\ROC\Output Management\EasyClient\ezcserv.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
---------- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
---------- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Common Files\Objectif Lune\PlanetPress Suite 6\Messenger\MessengerService.exe
---------- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
---------- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
---------- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
---------- C:\WINDOWS\system32\STacSV.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Webroot\Client\commagent.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
---------- C:\Program Files\Webroot\Client\spysweeper.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\WINDOWS\OEM02Mon.exe
---------- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
---------- C:\WINDOWS\system32\WLTRAY.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
---------- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
---------- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
---------- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
---------- C:\WINDOWS\system32\KADxMain.exe
---------- C:\Program Files\Dell\MediaDirect\PCMService.exe
---------- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
---------- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
---------- C:\Program Files\Webroot\Client\SpySweeperUI.exe
---------- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
---------- C:\Program Files\McAfee\Common Framework\udaterui.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\McAfee\Common Framework\McTray.exe
---------- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
---------- C:\Program Files\Symantec\Mobile Essentials\nme.exe
---------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
---------- C:\Program Files\WinZip\WZQKPICK.EXE
---------- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
---------- C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
---------- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
---------- C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe
---------- C:\WINDOWS\system32\wbem\unsecapp.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 04/13/2009|20:28

----------------------\\ Scan completed at 20:28






OTListIt ----------------------------------------------------------------------------

OTListIt logfile created on: 4/13/2009 8:42:24 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\mas.MIS\My Documents\My Received Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.14% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.56 Gb Total Space | 54.77 Gb Free Space | 30.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASLAPTOPXPS
Current User Name: MAS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\ROC\Output Management\EasyClient\ezcserv.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Objectif Lune\PlanetPress Suite 6\Messenger\MessengerService.exe (Objectif Lune Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\STacSV.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Webroot\Client\commagent.exe (Webroot Software, Inc.)
PRC - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe (VERITAS Software Corporation)
PRC - C:\Program Files\Webroot\Client\spysweeper.exe (Webroot Software, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Webroot\Client\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Symantec\Mobile Essentials\nme.exe ()
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
PRC - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (PCTEL)
PRC - C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe (Sierra Wireless, Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\mas.MIS\My Documents\My Received Files\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BackupExecAgentAccelerator [Auto | Running]) -- C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe (VERITAS Software Corporation)
SRV - (BcmSqlStartupSvc [Auto | Running]) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EasyClientPrintService [Auto | Running]) -- C:\Program Files\ROC\Output Management\EasyClient\ezcserv.exe ()
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FTPPut6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\FTPPutService.exe (Objectif Lune Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HTTP6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\HTTPService.exe (Objectif Lune Inc.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ [On_Demand | Stopped]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PPFax6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Fax\PPFaxService.exe (Objectif Lune Inc.)
SRV - (PPImage6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Image\PPImageService.exe (Objectif Lune Inc.)
SRV - (PPLpd6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\LPDService.exe (Objectif Lune Inc.)
SRV - (PPLpr6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\LPRService.exe (Objectif Lune Inc.)
SRV - (PPMessenger5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Objectif Lune\PlanetPress Suite 5\Messenger\MessengerService.exe (Objectif Lune Inc.)
SRV - (PPMessenger6 [Auto | Running]) -- C:\Program Files\Common Files\Objectif Lune\PlanetPress Suite 6\Messenger\MessengerService.exe (Objectif Lune Inc.)
SRV - (PPSerial6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\SerialService.exe (Objectif Lune Inc.)
SRV - (PPTelnet6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\TelnetService.exe (Objectif Lune Inc.)
SRV - (PPWatch6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\PPWatchService.exe (Objectif Lune Inc.)
SRV - (RampartSvc [On_Demand | Stopped]) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (RCConnector [On_Demand | Stopped]) -- C:\Program Files\TVNCPro\bin\connector.exe (Tridia Corporation)
SRV - (RCController [On_Demand | Stopped]) -- C:\Program Files\TVNCPro\bin\processor.exe (Tridia Corporation)
SRV - (SprintRcAppSvc [On_Demand | Running]) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (PCTEL)
SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- C:\WINDOWS\system32\STacSV.exe (SigmaTel, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WebrootCommAgentService [Auto | Running]) -- C:\Program Files\Webroot\Client\commagent.exe (Webroot Software, Inc.)
SRV - (WebrootSpySweeperService [On_Demand | Running]) -- C:\Program Files\Webroot\Client\spysweeper.exe (Webroot Software, Inc.)
SRV - (winvnc [On_Demand | Stopped]) -- C:\Program Files\TVNCPro\bin\WinVNC.exe (Tridia Corporation)
SRV - (wltrysvc [Auto | Stopped]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corp.)
DRV - (btaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTSERIAL [Auto | Running]) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (btwmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DXEC02 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\dxec02.sys (Knowles Acoustics)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mircap [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mircap.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mtpaudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mtpaudio.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (Nbf [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nbf.sys (Microsoft Corporation)
DRV - (Nmea [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\pctnullport.sys (PCTEL Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NWADI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NWADIenum.sys (Novatel Wireless Inc)
DRV - (OEM02Afx [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\OEM02Afx.sys (Creative Technology Ltd.)
DRV - (OEM02Dev [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (PCASp50 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCTINDIS5 [On_Demand | Running]) -- C:\WINDOWS\system32\PCTINDIS5.SYS (PCTEL Inc.)
DRV - (physX32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\physX32.sys (AGEIA Technologies, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RCFOX [System | Running]) -- C:\WINDOWS\system32\Drivers\RCFOX.sys (SonicWALL, Inc.)
DRV - (rcvpn [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rcvpn.sys (SonicWALL, Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (rismxdp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (seccap [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\seccap.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SSFS0BB9 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BB9.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSHRMD [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSIDRV [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com))
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (swmsflt [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (swmx00 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\swmx00.sys (Sierra Wireless Inc.)
DRV - (SWNC5E00 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/06 10:22:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/10 10:58:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/13 17:34:15 | 00,000,000 | ---D | M]

[2009/04/10 10:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mas.MIS\Application Data\mozilla\Extensions
[2009/04/10 10:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mas.MIS\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/10 10:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mas.MIS\Application Data\mozilla\Firefox\Profiles\cdm2hnxc.default\extensions
[2009/04/13 17:52:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/10 10:58:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/02 10:06:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/06 10:22:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/31 16:46:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1063 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 205.34.101.70 Robox3.robertsoxygen.com
O1 - Hosts: 205.34.101.99 Robox1.robertsoxygen.com
O1 - Hosts: 205.34.101.14 Robox2.robertsoxygen.com
O1 - Hosts: 205.34.101.2 Commercial
O1 - Hosts: 205.34.101.3 RHM
O1 - Hosts: 205.34.101.5 Kronos
O1 - Hosts: 205.34.101.6 Robox6
O1 - Hosts: 205.34.101.7 Robox7
O1 - Hosts: 205.34.101.8 onramp
O1 - Hosts: 205.34.101.12 Imageserver2
O1 - Hosts: 205.34.120.180 Germserver
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" (Logitech Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a (Sprint)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WebrootClientUI] "C:\Program Files\Webroot\Client\SpySweeperUI.exe" (Webroot Software, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Mobile Essentials.lnk = C:\Program Files\Symantec\Mobile Essentials\nme.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\mas.MIS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} http://205.34.101.12...t/IrcViewer.cab (CompositeView Control)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.micr...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1208347017534 (MUWebControl Class)
O16 - DPF: {89F1C7A1-B54C-406D-8CD6-901D277F6388} http://205.34.101.12...rcResultSet.cab (Interactive Client Result Set Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://idsdocs.webe...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = robertsoxygen.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 205.34.101.14,209.130.136.2,205.34.120.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{52910206-6FD1-4CEE-8314-2D5BF2ED1A95}\\NameServer = 205.34.101.14,209.130.136.2,205.34.120.180
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APITRAP.DLL) - C:\WINDOWS\system32\APITRAP.DLL (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\system32\nmegina.dll) - C:\WINDOWS\system32\nmegina.dll ()
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNtf.DLL - C:\WINDOWS\system32\WRLogonNtf.DLL (Webroot Software, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{8f885e8e-4eaa-11dd-88c7-001e4ce40060}\Shell - "" = AutoRun
O33 - MountPoints2\{8f885e8e-4eaa-11dd-88c7-001e4ce40060}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/13 20:32:15 | 00,193,075 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Word Document (4).docx
[2009/04/13 20:26:11 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/13 18:02:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mas.MIS\Application Data\Malwarebytes
[2009/04/13 18:02:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/13 18:02:21 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 18:02:18 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/13 18:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/13 18:02:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 17:58:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/13 17:57:43 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 17:57:29 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\NTREGOPT.lnk
[2009/04/13 17:57:29 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\ERUNT.lnk
[2009/04/13 17:57:29 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/13 13:48:32 | 00,037,281 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\DENIAL OF PRIMARY CHARGES.pdf
[2009/04/13 13:46:32 | 00,037,270 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\DENIAL OF SECONDARY CHARGES.pdf
[2009/04/13 12:59:34 | 00,042,509 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\UNDERPAYMENT.pdf
[2009/04/10 13:46:20 | 00,046,080 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\Issues from Demo 2009-09.doc
[2009/04/10 12:58:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2009/04/10 12:40:37 | 00,000,000 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Word Document (3).docx
[2009/04/10 12:16:06 | 00,000,035 | ---- | C] () -- C:\WINDOWS\md.sec
[2009/04/10 12:15:25 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexch35.dll
[2009/04/10 12:15:24 | 01,238,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjt4jlt.dll
[2009/04/10 12:15:24 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxbse35.dll
[2009/04/10 12:15:24 | 00,252,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexcl35.dll
[2009/04/10 12:15:24 | 00,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspdox35.dll
[2009/04/10 12:15:24 | 00,170,865 | ---- | C] () -- C:\WINDOWS\System32\Odbcjet.hlp
[2009/04/10 12:15:24 | 00,168,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msltus35.dll
[2009/04/10 12:15:24 | 00,166,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstext35.dll
[2009/04/10 12:15:24 | 00,006,902 | ---- | C] () -- C:\WINDOWS\System32\Odbcjet.cnt
[2009/04/10 12:15:23 | 00,415,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll
[2009/04/10 12:15:23 | 00,044,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrpfs35.dll
[2009/04/10 12:15:23 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\JETCOMP.exe
[2009/04/10 12:15:22 | 00,438,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSHFLXGD.OCX
[2009/04/10 12:15:22 | 00,238,512 | ---- | C] (ComponenetOne) -- C:\WINDOWS\System32\SizerOne.ocx
[2009/04/10 12:15:22 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2009/04/10 12:15:22 | 00,103,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMM32.OCX
[2009/04/10 12:15:20 | 00,237,620 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6h.dll
[2009/04/10 12:15:20 | 00,098,816 | ---- | C] () -- C:\WINDOWS\System32\MRWScript.dll
[2009/04/10 12:15:20 | 00,086,016 | ---- | C] (Sun Microsystems) -- C:\WINDOWS\System32\bss6j.dll
[2009/04/10 12:15:20 | 00,077,824 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6ix.dll
[2009/04/10 12:15:20 | 00,077,824 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6i.dll
[2009/04/10 12:15:20 | 00,073,728 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6h1.dll
[2009/04/10 12:15:20 | 00,053,248 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6s.dll
[2009/04/10 12:15:20 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Bss6k.dll
[2009/04/10 12:15:20 | 00,003,808 | ---- | C] () -- C:\WINDOWS\System32\BSS616.DLL
[2009/04/10 12:15:18 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2009/04/10 12:15:16 | 00,000,457 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Assistant.lnk
[2009/04/10 12:15:16 | 00,000,000 | ---D | C] -- C:\MfaxProg
[2009/04/10 10:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mas.MIS\Application Data\Mozilla
[2009/04/10 10:58:31 | 00,001,602 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/04/09 15:05:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mas.MIS\Application Data\Reallusion
[2009/04/09 15:04:09 | 00,202,827 | ---- | C] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2009/04/09 09:53:36 | 00,330,645 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Word Document (2).docx
[2009/04/08 14:22:41 | 00,039,424 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\POLICY_HISTORY_CONVERSION_EXCEPTION_REPORT_OIOI_20090408.xls
[2009/04/08 14:21:41 | 00,083,968 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\Policy History Conversion Exception Report-OIOI.doc
[2009/04/08 13:38:46 | 00,162,816 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\Policy History Conversion Exception Report.doc
[2009/04/08 13:31:59 | 01,935,872 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\POLICY_HISTORY_CONVERSION_EXCEPTION_REPORT_20090408.xls
[2009/04/07 15:13:37 | 01,710,701 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\CMNS_ALL_EMDEON.pp6
[2009/04/06 12:57:45 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\HijackThis.lnk
[2009/04/06 12:57:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/04 14:37:17 | 00,068,608 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\dso inst revenue.xls
[2009/04/04 14:35:50 | 00,022,016 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\dsoinstar.xls
[2009/04/04 04:00:19 | 00,206,602 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\BEX04961.htm
[2009/04/03 16:19:35 | 00,000,000 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Word Document.docx
[2009/04/03 15:15:08 | 00,008,714 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Excel Worksheet (2).xlsx
[2009/04/03 10:35:19 | 00,294,584 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\VA_INVOICE_20090403.pdf
[2009/04/02 14:24:18 | 00,122,368 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life 2009-04-02_raw.xls
[2009/04/02 14:13:24 | 00,104,960 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life 2009-04-02.xls
[2009/04/01 14:40:38 | 00,025,535 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\cmn report detail.xmod
[2009/04/01 14:24:46 | 00,049,773 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\REV008.pdf
[2009/03/31 17:36:53 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Application Data\Launch Internet Explorer Browser.lnk
[2009/03/31 15:30:53 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/03/31 11:44:54 | 00,299,008 | ---- | C] (American Systems) -- C:\WINDOWS\amuninst.exe
[2009/03/30 17:53:00 | 00,105,233 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\732.pdf
[2009/03/30 17:26:37 | 00,060,810 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\job00Z8I5A7WPK7T5E6C49E9B1.pdf
[2009/03/30 17:23:49 | 00,093,047 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\job00Z8I59CIIT137F6C47042D.pdf
[2009/03/30 17:15:21 | 00,019,260 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\ARUMNEWSTART!01066635.pdf
[2009/03/30 15:22:08 | 00,020,226 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\INTAKE1.pdf
[2009/03/30 12:56:55 | 00,000,000 | ---D | C] -- C:\Program Files\American Systems
[2009/03/30 10:57:18 | 00,033,808 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\RESP_T00000320090330_104821_0._01
[2009/03/30 09:02:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/30 08:55:59 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/27 09:25:47 | 00,140,480 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\Dana Newsletter 2009-03-27.pdf
[2009/03/27 07:40:41 | 06,016,000 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\Policy History 3.ppt
[2009/03/26 18:33:06 | 00,057,856 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life 2009-03-23.xls
[2009/03/26 18:27:37 | 02,764,288 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\36 Month HMA Documentation - Revised 20090326.doc
[2009/03/26 15:10:07 | 00,051,207 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\22.pdf
[2009/03/25 09:40:56 | 00,093,905 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\C__Documents and Settings_mas.MIS_Local Settings_Tempora.pdf
[2009/03/24 17:33:45 | 05,633,536 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\Policy History_MARKS_EDITS-COMMENTS.ppt
[2009/03/24 13:00:45 | 00,146,913 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\DEL_TICK_LC_SAMPLE.pdf
[2009/03/24 12:47:53 | 00,015,671 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\cheats-2.docx
[2009/03/23 17:27:40 | 00,064,455 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\ABN_BLANK_FILL_IN.pdf
[2009/03/23 13:46:15 | 00,045,869 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\ABN_BLANK.pdf
[2009/03/20 09:03:03 | 07,263,103 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\doc cleanup.xlsx
[2009/03/16 15:43:06 | 00,518,656 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\Copy of 2009-03-16.xls
[2009/03/16 11:01:32 | 00,018,432 | ---- | C] () -- C:\DOCUME~1\mas.MIS\Desktop\cylinder count-o2 exception report.xls
[2008/09/19 10:33:43 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2008/09/19 10:33:41 | 00,000,709 | ---- | C] () -- C:\WINDOWS\LMAAX2DD.ini
[2008/07/17 08:50:28 | 00,002,131 | ---- | C] () -- C:\WINDOWS\pw5.ini
[2008/05/27 11:25:48 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\ezmonitor.dll
[2008/04/23 14:20:33 | 00,000,227 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/23 14:18:13 | 01,626,112 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/04/22 07:28:14 | 00,000,156 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/04/18 17:46:36 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2008/04/16 12:03:56 | 00,052,736 | ---- | C] () -- C:\WINDOWS\System32\nmeginaalt.dll
[2008/04/16 12:03:56 | 00,052,736 | ---- | C] () -- C:\WINDOWS\System32\nmegina.dll
[2008/04/16 07:28:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\omnithread_rt.dll
[2008/04/09 05:39:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/09 05:24:23 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/04/09 05:10:19 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/04/09 05:10:18 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/09 04:40:20 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/09 04:40:20 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/09 04:40:19 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/09 04:40:19 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/09 04:40:04 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/04/09 04:38:37 | 00,001,116 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/05 15:41:58 | 00,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/19 09:59:36 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 08:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/24 19:16:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 13:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/11 18:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:37 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 18:00:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/13 20:32:39 | 00,193,075 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Word Document (4).docx
[2009/04/13 20:32:12 | 00,065,173 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/04/13 20:18:51 | 00,623,690 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/13 20:18:51 | 00,514,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/13 20:18:51 | 00,097,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/13 20:16:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/13 20:13:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/13 20:13:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 20:13:56 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\nmegina.test
[2009/04/13 18:02:21 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 17:57:43 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 17:57:29 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\NTREGOPT.lnk
[2009/04/13 17:57:29 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\ERUNT.lnk
[2009/04/13 16:41:50 | 00,015,671 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\cheats-2.docx
[2009/04/13 13:48:32 | 00,037,281 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\DENIAL OF PRIMARY CHARGES.pdf
[2009/04/13 13:46:32 | 00,037,270 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\DENIAL OF SECONDARY CHARGES.pdf
[2009/04/13 13:28:34 | 00,002,475 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\PlanetPress Design 6.lnk
[2009/04/13 13:04:17 | 00,042,509 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\UNDERPAYMENT.pdf
[2009/04/12 16:52:49 | 00,002,521 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Microsoft Office Outlook 2007.lnk
[2009/04/10 13:54:46 | 00,046,080 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Issues from Demo 2009-09.doc
[2009/04/10 12:40:37 | 00,000,000 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Word Document (3).docx
[2009/04/10 12:16:06 | 00,000,035 | ---- | M] () -- C:\WINDOWS\md.sec
[2009/04/10 12:15:16 | 00,000,457 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Assistant.lnk
[2009/04/10 11:43:27 | 00,330,645 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Word Document (2).docx
[2009/04/10 10:58:31 | 00,001,602 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/04/09 15:04:09 | 00,202,827 | ---- | M] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2009/04/08 14:22:42 | 00,039,424 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\POLICY_HISTORY_CONVERSION_EXCEPTION_REPORT_OIOI_20090408.xls
[2009/04/08 14:21:42 | 00,083,968 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Policy History Conversion Exception Report-OIOI.doc
[2009/04/08 14:18:24 | 00,162,816 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Policy History Conversion Exception Report.doc
[2009/04/08 13:31:59 | 01,935,872 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\POLICY_HISTORY_CONVERSION_EXCEPTION_REPORT_20090408.xls
[2009/04/07 20:37:10 | 06,016,000 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Policy History 3.ppt
[2009/04/07 15:13:44 | 01,710,701 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\CMNS_ALL_EMDEON.pp6
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 12:57:45 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\HijackThis.lnk
[2009/04/04 14:37:17 | 00,068,608 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\dso inst revenue.xls
[2009/04/04 14:35:50 | 00,022,016 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\dsoinstar.xls
[2009/04/04 04:00:19 | 00,206,602 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\BEX04961.htm
[2009/04/03 16:19:35 | 00,000,000 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Word Document.docx
[2009/04/03 15:15:08 | 00,008,714 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\New Microsoft Office Excel Worksheet (2).xlsx
[2009/04/03 13:35:05 | 00,040,960 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\ME Js ME Partition.xls
[2009/04/03 10:35:19 | 00,294,584 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\VA_INVOICE_20090403.pdf
[2009/04/02 17:18:45 | 02,764,288 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\36 Month HMA Documentation - Revised 20090326.doc
[2009/04/02 17:13:57 | 00,104,960 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life 2009-04-02.xls
[2009/04/02 14:24:18 | 00,122,368 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life 2009-04-02_raw.xls
[2009/04/02 13:23:21 | 00,060,690 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\cap36b.xmod
[2009/04/01 14:24:46 | 00,049,773 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\REV008.pdf
[2009/04/01 09:53:42 | 00,002,267 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Active Directory Users and Computers.lnk
[2009/03/31 17:36:53 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Application Data\Launch Internet Explorer Browser.lnk
[2009/03/31 17:31:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/31 15:37:43 | 00,000,074 | -HS- | M] () -- C:\DOCUME~1\mas.MIS\My Documents\desktop.ini
[2009/03/30 17:53:00 | 00,105,233 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\732.pdf
[2009/03/30 17:26:37 | 00,060,810 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\job00Z8I5A7WPK7T5E6C49E9B1.pdf
[2009/03/30 17:23:49 | 00,093,047 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\job00Z8I59CIIT137F6C47042D.pdf
[2009/03/30 17:15:21 | 00,019,260 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\ARUMNEWSTART!01066635.pdf
[2009/03/30 15:22:08 | 00,020,226 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\INTAKE1.pdf
[2009/03/30 10:57:18 | 00,033,808 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\RESP_T00000320090330_104821_0._01
[2009/03/27 09:25:47 | 00,140,480 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Dana Newsletter 2009-03-27.pdf
[2009/03/26 18:41:09 | 00,057,856 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life 2009-03-23.xls
[2009/03/26 16:26:53 | 02,613,760 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\36 Month HMA Documentation 2.doc
[2009/03/26 15:10:07 | 00,051,207 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\22.pdf
[2009/03/26 11:44:31 | 00,065,173 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/03/25 09:42:59 | 00,063,647 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\GERM SERVER BACK UP.xlsx
[2009/03/25 09:40:56 | 00,093,905 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\C__Documents and Settings_mas.MIS_Local Settings_Tempora.pdf
[2009/03/24 18:03:01 | 00,168,448 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\testing 2009-20-23_WHOS_DOIN_UPDATE.xls
[2009/03/24 18:02:38 | 07,263,103 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\doc cleanup.xlsx
[2009/03/24 17:33:46 | 05,633,536 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Policy History_MARKS_EDITS-COMMENTS.ppt
[2009/03/24 13:00:46 | 00,146,913 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\DEL_TICK_LC_SAMPLE.pdf
[2009/03/23 17:32:43 | 00,064,455 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\ABN_BLANK_FILL_IN.pdf
[2009/03/23 13:46:15 | 00,045,869 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\ABN_BLANK.pdf
[2009/03/20 11:58:09 | 00,062,452 | ---- | M] () -- C:\WINDOWS\System32\tsmmc.msc
[2009/03/20 11:57:47 | 00,001,730 | -H-- | M] () -- C:\DOCUME~1\mas.MIS\My Documents\Default.rdp
[2009/03/20 11:41:50 | 00,002,185 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Remote Desktops.lnk
[2009/03/19 09:25:13 | 00,007,893 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\germserver_data.xmod
[2009/03/17 13:52:26 | 00,026,112 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\WBM instructions.xls
[2009/03/17 11:37:53 | 00,518,656 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\Copy of 2009-03-16.xls
[2009/03/16 11:01:33 | 00,018,432 | ---- | M] () -- C:\DOCUME~1\mas.MIS\Desktop\cylinder count-o2 exception report.xls
[2009/03/16 08:59:31 | 00,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
< End of report >




Extras log ---------------------------------------------------------

OTListIt Extras logfile created on: 4/13/2009 8:44:14 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\mas.MIS\My Documents\My Received Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.14% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.56 Gb Total Space | 54.77 Gb Free Space | 30.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASLAPTOPXPS
Current User Name: MAS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\FacetCorp\FacetWin\fwagent.exe:*:Enabled:FacetWin Agent (FacetCorp)
C:\Program Files\FacetCorp\FacetWin\fwt.exe:*:Enabled:fwt ()
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe:*:Enabled:beremote.exe (VERITAS Software Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client (SonicWALL, Inc.)
C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Panasonic\Wireless Manager ME3\WM.exe:*:Enabled:Wireless Manager GUI (Matsushita Electric Industrial Co.,LTD.)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\ePOAgent\FrameworkService.exe:*:Enabled:McAfee Framework Service File not found
C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program (CyberLink Corp.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\FacetCorp\FacetWin\fwt.exe:*:Enabled:fwt ()
C:\Program Files\Panasonic\Wireless Manager ME3\WM.exe:*:Enabled:Wireless Manager GUI (Matsushita Electric Industrial Co.,LTD.)
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client (SonicWALL, Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux (Sierra Wireless, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0DE78325-A3DD-42CD-AF53-DF5CC35D4BFE}" = PlanetPress 5 Documentation
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}" = Sprint SmartView
"{15CC2798-0A39-409C-8DD6-8B2F310EF713}" = PlanetPress Suite 6
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{1AEAEC27-EA5B-11D5-9F66-0002E31CFDCB}" = TridiaVNC
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2083C8AB-1CBB-4885-A197-7F0D0145AE55}" = Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{27B3563C-561C-4924-8C0E-EA102264873F}" = Windows Server 2003 Service Pack 1 Administration Tools Pack
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0150130}" = J2SE Runtime Environment 5.0 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3BD37A69-4FA2-11D5-9F21-0001031E06E2}" = TridiaVNC Pro
"{3E33367C-4B87-4286-9E98-EDCF2F26CBE8}" = Monarch Pro 9.01
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client 4.0.0.830
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5E98EE22-F59B-4ED0-82BE-010A6F886C3E}" = VERITAS Backup Exec Remote Agent for Windows Servers
"{64658686-0CD4-4CF6-983D-0A6BE32007DB}" = Business Complete Care Services Agreement
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F67B6C-B3F9-4853-AE5C-0AC372DDEBF1}" = Wireless Manager mobile edition 3.0
"{6E2D57A4-E70E-4117-9046-3A1B4F2949E1}" = PlanetPress Suite 6 English Documentation
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7FC021F5-EA46-4B31-A23A-30C38433E2AD}" = PlanetPress 5
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D4B411F-42F9-4566-9621-13D3A969F871}" = Redistributable_MM
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}" = AGEIA PhysX v7.06.26
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B53D7D6B-9BB0-4EA8-82B9-9293CB41FCE1}" = MySQL Connector/ODBC 3.51
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD53CCA4-83BA-4D0E-96E2-AF559B0AFF92}" = Documentation de PlanetPress Suite 6
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{DDD66BB0-7C9F-4030-84DB-435E5B6C7457}" = EasyClient
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F02B977E-F031-406A-A624-B8EF87BBDE45}" = PlanetPress Suite 6 Dokumentationen
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"{FE7D7E78-B9FD-4CAE-B223-10C6E5B307E7}" = Webroot® Client
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"CodeWright Libraries" = CodeWright Libraries
"CodeWright70" = CodeWright 7.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EditPlus 3" = EditPlus 3
"ERUNT_is1" = ERUNT 1.1j
"FacetWinV1" = FacetWin
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{67F67B6C-B3F9-4853-AE5C-0AC372DDEBF1}" = Wireless Manager mobile edition 3.0
"InstallShield_{DDD66BB0-7C9F-4030-84DB-435E5B6C7457}" = EasyClient
"Lexmark_HostCD" = Lexmark Software Uninstall
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Essentials" = Symantec Mobile Essentials
"Money2006a" = MSN Money Investment Toolbox
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton CleanSweep" = Norton CleanSweep
"NVIDIA Drivers" = NVIDIA Drivers
"odbcdL4" = odbcdL4 1.2
"PremiumSoft Navicat 8.0 Lite for MySQL_is1" = PremiumSoft Navicat 8.0 Lite for MySQL
"PremiumSoft Navicat_is1" = PremiumSoft Navicat
"Procomm Plus" = Symantec Procomm Plus
"PROHYBRIDR" = 2007 Microsoft Office system
"PuTTY_is1" = PuTTY version 0.60
"SearchAssist" = SearchAssist
"Snapshot Viewer" = Snapshot Viewer
"SynTPDeinstKey" = Dell Touchpad
"U.S. Robotics V.92 USB Modem" = U.S. Robotics V.92 USB Modem
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winscp3_is1" = WinSCP 4.0.7
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2009 5:54:54 PM | Computer Name = MASLAPTOPXPS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module msvcrt.dll, version 7.0.2600.5512, fault address 0x00037168.

Error - 4/13/2009 5:54:57 PM | Computer Name = MASLAPTOPXPS | Source = Application Error | ID = 1001
Description = Fault bucket 1138675279.

Error - 4/13/2009 6:08:15 PM | Computer Name = MASLAPTOPXPS | Source = nview_info | ID = 11141121
Description =

Error - 4/13/2009 6:14:00 PM | Computer Name = MASLAPTOPXPS | Source = Userenv | ID = 1097
Description = Windows cannot find the machine account, No authority could be contacted
for authentication. .

Error - 4/13/2009 6:14:00 PM | Computer Name = MASLAPTOPXPS | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 4/13/2009 6:14:52 PM | Computer Name = MASLAPTOPXPS | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007003a). The specified server cannot perform the requested
operation. Enrollment will not be performed.

Error - 4/13/2009 6:18:14 PM | Computer Name = MASLAPTOPXPS | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 4/13/2009 8:14:17 PM | Computer Name = MASLAPTOPXPS | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/13/2009 8:14:23 PM | Computer Name = MASLAPTOPXPS | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 4/13/2009 8:15:57 PM | Computer Name = MASLAPTOPXPS | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ OSession Events ]
Error - 5/5/2008 9:50:24 AM | Computer Name = MASLAPTOPXPS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2245
seconds with 600 seconds of active time. This session ended with a crash.

Error - 10/15/2008 9:56:39 AM | Computer Name = MASLAPTOPXPS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2211
seconds with 360 seconds of active time. This session ended with a crash.

Error - 11/21/2008 1:41:05 PM | Computer Name = MASLAPTOPXPS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 142
seconds with 120 seconds of active time. This session ended with a crash.

Error - 3/19/2009 5:09:59 PM | Computer Name = MASLAPTOPXPS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1275
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/12/2009 5:44:36 PM | Computer Name = MASLAPTOPXPS | Source = NetBT | ID = 4321
Description = The name "MIS :1d" could not be registered on the Interface
with IP address 205.34.101.153. The machine with the IP address 205.34.101.14 did
not allow the name to be claimed by this machine.

Error - 4/12/2009 5:49:46 PM | Computer Name = MASLAPTOPXPS | Source = NetBT | ID = 4321
Description = The name "MIS :1d" could not be registered on the Interface
with IP address 205.34.101.153. The machine with the IP address 205.34.101.14 did
not allow the name to be claimed by this machine.

Error - 4/12/2009 6:45:20 PM | Computer Name = MASLAPTOPXPS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/12/2009 7:01:06 PM | Computer Name = MASLAPTOPXPS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 4/13/2009 6:12:19 PM | Computer Name = MASLAPTOPXPS | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MIS due to the following:
%%1722. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/13/2009 6:12:19 PM | Computer Name = MASLAPTOPXPS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/13/2009 6:12:19 PM | Computer Name = MASLAPTOPXPS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/13/2009 6:13:59 PM | Computer Name = MASLAPTOPXPS | Source = Kerberos | ID = 7
Description = The kerberos subsystem encountered a PAC verification failure. This
indicates that the PAC from the client MASLAPTOPXPS$ in realm ROBERTSOXYGEN.COM
had a PAC which failed to verify or was modified. Contact your system administrator.

Error - 4/13/2009 8:14:16 PM | Computer Name = MASLAPTOPXPS | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MIS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/13/2009 8:20:37 PM | Computer Name = MASLAPTOPXPS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >



Thanks in advance.
  • 0

Advertisements

#2
Extremeboy
Posted 20 April 2009 - 04:35 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Hello.

Let's do the following.

Download and Run HostsXpert

Some infections will put malicious lines into your hosts files. We will reset your hosts file with HostsXpert.

  • Please down load HostsXpert.zip to your desktop.
  • unzip the file by right-clicking and select Extract All...
  • A folder named HostsXpert will be created. Open it and run HostsXpert.exe by double clicking it.
  • Click on the botton Make Writeable? .
  • Click Restore Microsoft's Hosts File.
  • Close out of the window.
Note: If your Hosts file no longer exists, you will get a warning similar to "HOSTS file does not exist, Press OK to create HOSTS file". Please select Ok if that is the case.
2Note:If you have added modifications to your hosts file, they will need to be re-added

Update MBAM and run a quick scan. Post the log once it's done.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes..
  • When it's done scanning, you may receive another notice. Click OK if prompted.
  • Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
  • If you receive no notice, click on the Scan button near the bottom.
  • It will start scanning again like before.
  • When it is done, Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running

Important!:Please do not select the Show all checkbox during the scan.

After that re-run OTlistIT2 and post back with the log.

For your next reply I will need to see:
-MBAM log
-GMER log
-New OTListIT2 log
-What symptoms do you still have?

With Regards,
Extremeboy
  • 0

#3
newportnews
Posted 21 April 2009 - 03:22 PM

newportnews

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Thank for your help on this. Here are the results of your instructions.

When I ran GMER; after clicking 'restore MS Hosts File'; I received a error; Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts; after which i clicked OK.

I am still getting the same results when I click the IE7 icon or website. it opens for a couple of seconds and then closes.

MBAM log----------------------------------------

Malwarebytes' Anti-Malware 1.36
Database version: 1978
Windows 5.1.2600 Service Pack 3

4/21/2009 5:06:18 PM
mbam-log-2009-04-21 (17-06-18).txt

Scan type: Quick Scan
Objects scanned: 91520
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\mas.MIS\Desktop\services (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.




GMER log--------------------------------------------------------------------

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-21 16:50:47
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAF779AB3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAF779B07]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAF779A27]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAF779AC7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAF779B1D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAF779AF1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Ip 87CC48A0

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Tcp 87CC48A0

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Udp 87CC48A0

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\RawIp 87CC48A0

AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----



OTListIT2 log ------------------------------------

OTListIt logfile created on: 4/21/2009 4:54:38 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\mas.MIS\My Documents\My Received Files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.10% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 83.02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.56 Gb Total Space | 53.85 Gb Free Space | 29.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 42.00 Gb Total Space | 8.20 Gb Free Space | 19.52% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Drive J: | 91.93 Gb Total Space | 54.34 Gb Free Space | 59.11% Space Free | Partition Type: NTFS
Drive K: | 42.00 Gb Total Space | 5.99 Gb Free Space | 14.25% Space Free | Partition Type: FAT
Drive M: | 42.00 Gb Total Space | 4.51 Gb Free Space | 10.74% Space Free | Partition Type: FAT
Drive P: | 148.93 Gb Total Space | 80.38 Gb Free Space | 53.97% Space Free | Partition Type: NTFS
Drive S: | 87.00 Gb Total Space | 26.04 Gb Free Space | 29.93% Space Free | Partition Type: FAT
Drive T: | 39.00 Gb Total Space | 6.41 Gb Free Space | 16.44% Space Free | Partition Type: FAT
Drive V: | 15.00 Gb Total Space | 5.23 Gb Free Space | 34.88% Space Free | Partition Type: FAT
Drive X: | 34.17 Gb Total Space | 3.27 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
Drive Y: | 42.00 Gb Total Space | 8.24 Gb Free Space | 19.61% Space Free | Partition Type: FAT

Computer Name: MASLAPTOPXPS
Current User Name: MAS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\ROC\Output Management\EasyClient\ezcserv.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Objectif Lune\PlanetPress Suite 6\Messenger\MessengerService.exe (Objectif Lune Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\STacSV.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Webroot\Client\commagent.exe (Webroot Software, Inc.)
PRC - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe (VERITAS Software Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Webroot\Client\spysweeper.exe (Webroot Software, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe (Logitech Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Webroot\Client\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Symantec\Mobile Essentials\nme.exe ()
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
PRC - C:\Program Files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe (American Systems)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Documents and Settings\mas.MIS\My Documents\My Received Files\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BackupExecAgentAccelerator [Auto | Running]) -- C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe (VERITAS Software Corporation)
SRV - (BcmSqlStartupSvc [Auto | Running]) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EasyClientPrintService [Auto | Running]) -- C:\Program Files\ROC\Output Management\EasyClient\ezcserv.exe ()
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FTPPut6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\FTPPutService.exe (Objectif Lune Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HTTP6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\HTTPService.exe (Objectif Lune Inc.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McAfeeFramework [Unknown | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ [On_Demand | Stopped]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PPFax6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Fax\PPFaxService.exe (Objectif Lune Inc.)
SRV - (PPImage6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Image\PPImageService.exe (Objectif Lune Inc.)
SRV - (PPLpd6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\LPDService.exe (Objectif Lune Inc.)
SRV - (PPLpr6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\LPRService.exe (Objectif Lune Inc.)
SRV - (PPMessenger5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Objectif Lune\PlanetPress Suite 5\Messenger\MessengerService.exe (Objectif Lune Inc.)
SRV - (PPMessenger6 [Auto | Running]) -- C:\Program Files\Common Files\Objectif Lune\PlanetPress Suite 6\Messenger\MessengerService.exe (Objectif Lune Inc.)
SRV - (PPSerial6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\SerialService.exe (Objectif Lune Inc.)
SRV - (PPTelnet6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\TelnetService.exe (Objectif Lune Inc.)
SRV - (PPWatch6 [On_Demand | Stopped]) -- C:\Program Files\PlanetPress Suite 6\PlanetPress Watch\Bin\PPWatchService.exe (Objectif Lune Inc.)
SRV - (RampartSvc [On_Demand | Stopped]) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (RCConnector [On_Demand | Stopped]) -- C:\Program Files\TVNCPro\bin\connector.exe (Tridia Corporation)
SRV - (RCController [On_Demand | Stopped]) -- C:\Program Files\TVNCPro\bin\processor.exe (Tridia Corporation)
SRV - (SprintRcAppSvc [On_Demand | Stopped]) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (PCTEL)
SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- C:\WINDOWS\system32\STacSV.exe (SigmaTel, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WebrootCommAgentService [Auto | Running]) -- C:\Program Files\Webroot\Client\commagent.exe (Webroot Software, Inc.)
SRV - (WebrootSpySweeperService [On_Demand | Running]) -- C:\Program Files\Webroot\Client\spysweeper.exe (Webroot Software, Inc.)
SRV - (winvnc [On_Demand | Stopped]) -- C:\Program Files\TVNCPro\bin\WinVNC.exe (Tridia Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corp.)
DRV - (btaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTSERIAL [Auto | Running]) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (btwmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DXEC02 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\dxec02.sys (Knowles Acoustics)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (mfeapfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mircap [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mircap.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mtpaudio [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mtpaudio.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (Nbf [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nbf.sys (Microsoft Corporation)
DRV - (Nmea [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\pctnullport.sys (PCTEL Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NWADI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NWADIenum.sys (Novatel Wireless Inc)
DRV - (OEM02Afx [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\OEM02Afx.sys (Creative Technology Ltd.)
DRV - (OEM02Dev [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (PCASp50 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCTINDIS5 [On_Demand | Running]) -- C:\WINDOWS\system32\PCTINDIS5.SYS (PCTEL Inc.)
DRV - (physX32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\physX32.sys (AGEIA Technologies, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RCFOX [System | Running]) -- C:\WINDOWS\system32\Drivers\RCFOX.sys (SonicWALL, Inc.)
DRV - (rcvpn [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rcvpn.sys (SonicWALL, Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (rismxdp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (seccap [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\seccap.sys (Matsushita Electric Industrial Co., Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SSFS0BB9 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0BB9.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSHRMD [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSIDRV [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com))
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (swmsflt [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (swmx00 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\swmx00.sys (Sierra Wireless Inc.)
DRV - (SWNC5E00 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 169.254.*.*;

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/06 10:22:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/10 10:58:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/13 17:34:15 | 00,000,000 | ---D | M]

[2009/04/10 10:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mas.MIS\Application Data\mozilla\Extensions
[2009/04/10 10:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mas.MIS\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/10 10:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mas.MIS\Application Data\mozilla\Firefox\Profiles\cdm2hnxc.default\extensions
[2009/04/21 09:30:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/10 10:58:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/02 10:06:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/06 10:22:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/31 16:46:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1063 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 205.34.101.70 Robox3.robertsoxygen.com
O1 - Hosts: 205.34.101.99 Robox1.robertsoxygen.com
O1 - Hosts: 205.34.101.14 Robox2.robertsoxygen.com
O1 - Hosts: 205.34.101.2 Commercial
O1 - Hosts: 205.34.101.3 RHM
O1 - Hosts: 205.34.101.5 Kronos
O1 - Hosts: 205.34.101.6 Robox6
O1 - Hosts: 205.34.101.7 Robox7
O1 - Hosts: 205.34.101.8 onramp
O1 - Hosts: 205.34.101.12 Imageserver2
O1 - Hosts: 205.34.120.180 Germserver
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" (Logitech Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a (Sprint)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WebrootClientUI] "C:\Program Files\Webroot\Client\SpySweeperUI.exe" (Webroot Software, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Mobile Essentials.lnk = C:\Program Files\Symantec\Mobile Essentials\nme.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\mas.MIS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\mas.MIS\Start Menu\Programs\Startup\Print Screen Deluxe.lnk = C:\Program Files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe (American Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} http://205.34.101.12...t/IrcViewer.cab (CompositeView Control)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.micr...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1208347017534 (MUWebControl Class)
O16 - DPF: {89F1C7A1-B54C-406D-8CD6-901D277F6388} http://205.34.101.12...rcResultSet.cab (Interactive Client Result Set Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://idsdocs.webe...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = robertsoxygen.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 205.34.101.14,209.130.136.2,205.34.120.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{52910206-6FD1-4CEE-8314-2D5BF2ED1A95}\\NameServer = 205.34.101.14,209.130.136.2,205.34.120.180
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APITRAP.DLL) - C:\WINDOWS\system32\APITRAP.DLL (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\system32\nmegina.dll) - C:\WINDOWS\system32\nmegina.dll ()
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNtf.DLL - C:\WINDOWS\system32\WRLogonNtf.DLL (Webroot Software, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - P:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - File not found - [ FAT ]
O33 - MountPoints2\{8f885e8e-4eaa-11dd-88c7-001e4ce40060}\Shell - "" = AutoRun
O33 - MountPoints2\{8f885e8e-4eaa-11dd-88c7-001e4ce40060}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/21 16:49:23 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\gmer.exe
[2009/04/21 16:47:54 | 00,278,161 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\gmer.zip
[2009/04/21 16:31:42 | 00,007,116 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\services
[2009/04/21 16:31:42 | 00,003,683 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\lmhosts.sam
[2009/04/21 16:31:42 | 00,001,063 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\lmhosts
[2009/04/21 16:31:42 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\protocol
[2009/04/21 16:31:42 | 00,000,407 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\networks
[2009/04/21 16:31:11 | 00,001,063 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\hosts
[2009/04/21 15:12:23 | 00,545,120 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D8AEC1.ps.bak
[2009/04/21 14:49:28 | 00,246,438 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D93F49.ps
[2009/04/21 14:49:06 | 00,245,887 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D93B61.ps
[2009/04/21 14:48:48 | 00,545,671 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D8B2A9.ps
[2009/04/21 14:48:34 | 00,545,120 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D8AEC1.ps
[2009/04/17 14:28:03 | 00,008,714 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Excel Worksheet (4).xlsx
[2009/04/17 09:25:58 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Ltdlgfile15u.INI
[2009/04/17 09:23:59 | 00,000,901 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\Print Screen Deluxe.lnk
[2009/04/17 09:23:57 | 00,000,913 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Start Menu\Programs\Startup\Print Screen Deluxe.lnk
[2009/04/17 09:23:56 | 00,005,578 | ---- | C] () -- C:\WINDOWS\unpsd.ini
[2009/04/16 11:39:22 | 02,765,312 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month HMA Documentation - Revised 20090416.doc
[2009/04/15 10:11:12 | 00,008,714 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Excel Worksheet (3).xlsx
[2009/04/15 08:32:46 | 00,002,794 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life.xprj
[2009/04/15 08:28:56 | 00,105,472 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life.xls
[2009/04/15 07:17:30 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 07:17:30 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 07:17:30 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 07:17:30 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/15 07:17:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 07:17:28 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 07:17:27 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 07:17:25 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 07:17:25 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 07:17:24 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 07:14:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 07:14:16 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 07:14:12 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/13 20:32:15 | 00,193,075 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Word Document (4).docx
[2009/04/13 20:26:11 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/13 18:02:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mas.MIS\Application Data\Malwarebytes
[2009/04/13 18:02:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/13 18:02:18 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/13 18:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/13 18:02:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 17:58:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/13 17:57:43 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 17:57:29 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/13 13:48:32 | 00,037,281 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\DENIAL OF PRIMARY CHARGES.pdf
[2009/04/13 13:46:32 | 00,037,270 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\DENIAL OF SECONDARY CHARGES.pdf
[2009/04/13 12:59:34 | 00,042,509 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\UNDERPAYMENT.pdf
[2009/04/10 13:46:20 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\Issues from Demo 2009-09.doc
[2009/04/10 12:58:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2009/04/10 12:40:37 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Word Document (3).docx
[2009/04/10 12:16:06 | 00,000,035 | ---- | C] () -- C:\WINDOWS\md.sec
[2009/04/10 12:15:25 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexch35.dll
[2009/04/10 12:15:24 | 01,238,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjt4jlt.dll
[2009/04/10 12:15:24 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxbse35.dll
[2009/04/10 12:15:24 | 00,252,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexcl35.dll
[2009/04/10 12:15:24 | 00,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspdox35.dll
[2009/04/10 12:15:24 | 00,170,865 | ---- | C] () -- C:\WINDOWS\System32\Odbcjet.hlp
[2009/04/10 12:15:24 | 00,168,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msltus35.dll
[2009/04/10 12:15:24 | 00,166,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstext35.dll
[2009/04/10 12:15:24 | 00,006,902 | ---- | C] () -- C:\WINDOWS\System32\Odbcjet.cnt
[2009/04/10 12:15:23 | 00,415,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll
[2009/04/10 12:15:23 | 00,044,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrpfs35.dll
[2009/04/10 12:15:23 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\JETCOMP.exe
[2009/04/10 12:15:22 | 00,438,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSHFLXGD.OCX
[2009/04/10 12:15:22 | 00,238,512 | ---- | C] (ComponenetOne) -- C:\WINDOWS\System32\SizerOne.ocx
[2009/04/10 12:15:22 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2009/04/10 12:15:22 | 00,103,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMM32.OCX
[2009/04/10 12:15:20 | 00,237,620 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6h.dll
[2009/04/10 12:15:20 | 00,098,816 | ---- | C] () -- C:\WINDOWS\System32\MRWScript.dll
[2009/04/10 12:15:20 | 00,086,016 | ---- | C] (Sun Microsystems) -- C:\WINDOWS\System32\bss6j.dll
[2009/04/10 12:15:20 | 00,077,824 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6ix.dll
[2009/04/10 12:15:20 | 00,077,824 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6i.dll
[2009/04/10 12:15:20 | 00,073,728 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6h1.dll
[2009/04/10 12:15:20 | 00,053,248 | ---- | C] (Boston Software Systems, Inc.) -- C:\WINDOWS\System32\Bss6s.dll
[2009/04/10 12:15:20 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Bss6k.dll
[2009/04/10 12:15:20 | 00,003,808 | ---- | C] () -- C:\WINDOWS\System32\BSS616.DLL
[2009/04/10 12:15:18 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2009/04/10 12:15:16 | 00,000,457 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Assistant.lnk
[2009/04/10 12:15:16 | 00,000,000 | ---D | C] -- C:\MfaxProg
[2009/04/10 10:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mas.MIS\Application Data\Mozilla
[2009/04/10 10:58:31 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/09 15:05:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mas.MIS\Application Data\Reallusion
[2009/04/09 15:04:09 | 00,202,827 | ---- | C] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2009/04/09 09:53:36 | 00,330,645 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Word Document (2).docx
[2009/04/08 14:22:41 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\POLICY_HISTORY_CONVERSION_EXCEPTION_REPORT_OIOI_20090408.xls
[2009/04/08 14:21:41 | 00,083,968 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\Policy History Conversion Exception Report-OIOI.doc
[2009/04/08 13:38:46 | 00,162,816 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\Policy History Conversion Exception Report.doc
[2009/04/08 13:31:59 | 01,935,872 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\POLICY_HISTORY_CONVERSION_EXCEPTION_REPORT_20090408.xls
[2009/04/06 12:57:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/04 14:37:17 | 00,068,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\dso inst revenue.xls
[2009/04/04 14:35:50 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\dsoinstar.xls
[2009/04/03 16:19:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Word Document.docx
[2009/04/03 15:15:08 | 00,008,714 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Excel Worksheet (2).xlsx
[2009/04/03 10:35:19 | 00,294,584 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\VA_INVOICE_20090403.pdf
[2009/04/02 14:13:24 | 00,104,960 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life 2009-04-02.xls
[2009/04/01 14:40:38 | 00,025,535 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\cmn report detail.xmod
[2009/04/01 14:24:46 | 00,049,773 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\REV008.pdf
[2009/03/31 17:36:53 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Application Data\Launch Internet Explorer Browser.lnk
[2009/03/31 15:30:53 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/03/31 11:44:54 | 00,299,008 | ---- | C] (American Systems) -- C:\WINDOWS\amuninst.exe
[2009/03/30 17:53:00 | 00,105,233 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\732.pdf
[2009/03/30 17:26:37 | 00,060,810 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\job00Z8I5A7WPK7T5E6C49E9B1.pdf
[2009/03/30 17:23:49 | 00,093,047 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\job00Z8I59CIIT137F6C47042D.pdf
[2009/03/30 17:15:21 | 00,019,260 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\ARUMNEWSTART!01066635.pdf
[2009/03/30 15:22:08 | 00,020,226 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\INTAKE1.pdf
[2009/03/30 12:56:55 | 00,000,000 | ---D | C] -- C:\Program Files\American Systems
[2009/03/30 10:57:18 | 00,033,808 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\RESP_T00000320090330_104821_0._01
[2009/03/30 09:02:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/30 08:55:59 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/27 07:40:41 | 06,016,000 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\Policy History 3.ppt
[2009/03/26 18:27:37 | 02,764,288 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month HMA Documentation - Revised 20090326.doc
[2009/03/25 09:40:56 | 00,093,905 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\C__Documents and Settings_mas.MIS_Local Settings_Tempora.pdf
[2009/03/24 17:33:45 | 05,633,536 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\Policy History_MARKS_EDITS-COMMENTS.ppt
[2009/03/24 13:00:45 | 00,146,913 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\DEL_TICK_LC_SAMPLE.pdf
[2009/03/24 12:47:53 | 00,018,994 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\cheats-2.docx
[2009/03/23 17:27:40 | 00,064,455 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\ABN_BLANK_FILL_IN.pdf
[2009/03/23 13:46:15 | 00,045,869 | ---- | C] () -- C:\Documents and Settings\mas.MIS\Desktop\ABN_BLANK.pdf
[2008/09/19 10:33:43 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2008/09/19 10:33:41 | 00,000,709 | ---- | C] () -- C:\WINDOWS\LMAAX2DD.ini
[2008/07/17 08:50:28 | 00,002,131 | ---- | C] () -- C:\WINDOWS\pw5.ini
[2008/05/27 11:25:48 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\ezmonitor.dll
[2008/04/23 14:20:33 | 00,000,227 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/23 14:18:13 | 01,626,112 | ---- | C] () -- C:\WINDOWS\System32\myodbc5S.dll
[2008/04/22 07:28:14 | 00,000,156 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/04/18 17:46:36 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll
[2008/04/16 12:03:56 | 00,052,736 | ---- | C] () -- C:\WINDOWS\System32\nmeginaalt.dll
[2008/04/16 12:03:56 | 00,052,736 | ---- | C] () -- C:\WINDOWS\System32\nmegina.dll
[2008/04/16 07:28:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\omnithread_rt.dll
[2008/04/09 05:39:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/09 05:24:23 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008/04/09 05:10:19 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/04/09 05:10:18 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/09 04:40:20 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/04/09 04:40:20 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/04/09 04:40:19 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/09 04:40:19 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/04/09 04:40:04 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/04/09 04:38:37 | 00,001,116 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/03/05 15:41:58 | 00,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/19 09:59:36 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 08:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 08:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/24 19:16:22 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 13:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/11 18:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:37 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 18:00:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/21 16:47:55 | 00,278,161 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\gmer.zip
[2009/04/21 16:24:11 | 00,018,994 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\cheats-2.docx
[2009/04/21 15:39:54 | 00,065,173 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/04/21 15:12:23 | 00,545,120 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D8AEC1.ps
[2009/04/21 15:10:14 | 00,545,120 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D8AEC1.ps.bak
[2009/04/21 14:49:28 | 00,246,438 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D93F49.ps
[2009/04/21 14:49:06 | 00,245,887 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D93B61.ps
[2009/04/21 14:48:48 | 00,545,671 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\job5D8B2A9.ps
[2009/04/21 10:24:13 | 00,002,475 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PlanetPress Design 6.lnk
[2009/04/21 08:37:30 | 00,514,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/21 08:37:30 | 00,097,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/21 08:37:29 | 00,623,690 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/21 08:33:17 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/21 08:32:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/21 08:32:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/21 08:32:41 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\nmegina.test
[2009/04/20 13:25:05 | 00,105,472 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life.xls
[2009/04/20 13:08:33 | 00,002,794 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life.xprj
[2009/04/20 13:07:59 | 00,060,937 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\cap36b.xmod
[2009/04/20 11:52:36 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\Active Directory Users and Computers.lnk
[2009/04/17 14:28:03 | 00,008,714 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Excel Worksheet (4).xlsx
[2009/04/17 09:27:49 | 00,000,059 | ---- | M] () -- C:\WINDOWS\Ltdlgfile15u.INI
[2009/04/17 09:23:59 | 00,000,901 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\Print Screen Deluxe.lnk
[2009/04/17 09:23:57 | 00,005,578 | ---- | M] () -- C:\WINDOWS\unpsd.ini
[2009/04/17 09:23:57 | 00,000,913 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Start Menu\Programs\Startup\Print Screen Deluxe.lnk
[2009/04/16 11:39:23 | 02,765,312 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month HMA Documentation - Revised 20090416.doc
[2009/04/15 18:15:00 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\Microsoft Office Outlook 2007.lnk
[2009/04/15 17:38:58 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 10:11:12 | 00,008,714 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Excel Worksheet (3).xlsx
[2009/04/14 14:30:51 | 00,065,173 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/04/13 20:32:39 | 00,193,075 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Word Document (4).docx
[2009/04/13 17:57:43 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 13:48:32 | 00,037,281 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\DENIAL OF PRIMARY CHARGES.pdf
[2009/04/13 13:46:32 | 00,037,270 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\DENIAL OF SECONDARY CHARGES.pdf
[2009/04/13 13:04:17 | 00,042,509 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\UNDERPAYMENT.pdf
[2009/04/10 13:54:46 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\Issues from Demo 2009-09.doc
[2009/04/10 12:40:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Word Document (3).docx
[2009/04/10 12:16:06 | 00,000,035 | ---- | M] () -- C:\WINDOWS\md.sec
[2009/04/10 12:15:16 | 00,000,457 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Assistant.lnk
[2009/04/10 11:43:27 | 00,330,645 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Word Document (2).docx
[2009/04/10 10:58:31 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/09 15:04:09 | 00,202,827 | ---- | M] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2009/04/08 14:22:42 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\POLICY_HISTORY_CONVERSION_EXCEPTION_REPORT_OIOI_20090408.xls
[2009/04/08 14:21:42 | 00,083,968 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\Policy History Conversion Exception Report-OIOI.doc
[2009/04/08 14:18:24 | 00,162,816 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\Policy History Conversion Exception Report.doc
[2009/04/08 13:31:59 | 01,935,872 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\POLICY_HISTORY_CONVERSION_EXCEPTION_REPORT_20090408.xls
[2009/04/07 20:37:10 | 06,016,000 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\Policy History 3.ppt
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/04 14:37:17 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\dso inst revenue.xls
[2009/04/04 14:35:50 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\dsoinstar.xls
[2009/04/03 16:19:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Word Document.docx
[2009/04/03 15:15:08 | 00,008,714 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\New Microsoft Office Excel Worksheet (2).xlsx
[2009/04/03 13:35:05 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\ME Js ME Partition.xls
[2009/04/03 10:35:19 | 00,294,584 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\VA_INVOICE_20090403.pdf
[2009/04/02 17:18:45 | 02,764,288 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month HMA Documentation - Revised 20090326.doc
[2009/04/02 17:13:57 | 00,104,960 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month Cap & 60 Month Useful Life 2009-04-02.xls
[2009/04/01 14:24:46 | 00,049,773 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\REV008.pdf
[2009/03/31 17:36:53 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Application Data\Launch Internet Explorer Browser.lnk
[2009/03/31 15:37:43 | 00,000,074 | -HS- | M] () -- C:\Documents and Settings\mas.MIS\My Documents\desktop.ini
[2009/03/30 17:53:00 | 00,105,233 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\732.pdf
[2009/03/30 17:26:37 | 00,060,810 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\job00Z8I5A7WPK7T5E6C49E9B1.pdf
[2009/03/30 17:23:49 | 00,093,047 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\job00Z8I59CIIT137F6C47042D.pdf
[2009/03/30 17:15:21 | 00,019,260 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\ARUMNEWSTART!01066635.pdf
[2009/03/30 15:22:08 | 00,020,226 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\INTAKE1.pdf
[2009/03/30 10:57:18 | 00,033,808 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\RESP_T00000320090330_104821_0._01
[2009/03/27 16:36:48 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\gmer.exe
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/26 16:26:53 | 02,613,760 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\36 Month HMA Documentation 2.doc
[2009/03/25 09:42:59 | 00,063,647 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\GERM SERVER BACK UP.xlsx
[2009/03/25 09:40:56 | 00,093,905 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\C__Documents and Settings_mas.MIS_Local Settings_Tempora.pdf
[2009/03/24 18:03:01 | 00,168,448 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\testing 2009-20-23_WHOS_DOIN_UPDATE.xls
[2009/03/24 18:02:38 | 07,263,103 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\doc cleanup.xlsx
[2009/03/24 17:33:46 | 05,633,536 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\Policy History_MARKS_EDITS-COMMENTS.ppt
[2009/03/24 13:00:46 | 00,146,913 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\DEL_TICK_LC_SAMPLE.pdf
[2009/03/23 17:32:43 | 00,064,455 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\ABN_BLANK_FILL_IN.pdf
[2009/03/23 13:46:15 | 00,045,869 | ---- | M] () -- C:\Documents and Settings\mas.MIS\Desktop\ABN_BLANK.pdf
< End of report >
  • 0

#4
Extremeboy
Posted 21 April 2009 - 07:49 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Hello.

I am still getting the same results when I click the IE7 icon or website. it opens for a couple of seconds and then closes.

You might want to reinstall it, see if it helps at all..

Regarding the HOSTS, let's see what we can find out.

Create and Run batch script

  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".

    @Echo off

    Dir "C:\WINDOWS\system32\DRIVERS\ETC" > C:\etclook.txt
    Notepad etclook

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input look.bat.
  • Hit OK.
When done properly, the icon should look like Posted Image for the .bat file.

Double click on look.bat to run it. If you are using Windows Vista, please right-click and Run As Administrator...

A Black DOS window shall appear and then notepad shall open. Please post the contents of notepad in your next reply please.

See if reinstalling IE helps, if you need instructions on doing so let me know.

With Regards,
Extremeboy
  • 0

#5
newportnews
Posted 22 April 2009 - 07:19 AM

newportnews

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I downloaded IE7 and installed. I tried to uninstall IE7 first but don't see a way to do it. After just the install it still is acting the same way.

Creating and clicking the look.bat file gave me the following error: \Desktop\look.bat is not a valid Win32 application. No dos window opened. Nothing to post back here.
  • 0

#6
Extremeboy
Posted 22 April 2009 - 03:19 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Hello.

Run this script instead, made a minor error.

Create and Run batch script

  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".

    @Echo off

    Dir "C:\WINDOWS\system32\DRIVERS\ETC" > C:\etclook.txt
    Notepad C:\etclook

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input look.bat.
  • Hit OK.
When done properly, the icon should look like Posted Image for the .bat file.

Double click on look.bat to run it. If you are using Windows Vista, please right-click and Run As Administrator...

A Black DOS window shall appear and then notepad shall open. Please post the contents of notepad in your next reply please.

If it still doesn't work let me know..

Run this tool as well.

Download and Run DDS

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

-- Note: The screen instructions indicate the attach.txt must be zipped before attaching (not posted) to your forum post. Instead, we want you to include attach.txt as an attachment to upload using the "Browse" button in the text editor when making your reply.

To confirm, the only problem you have right now is regaring IE7 is opening and then closing? Also, are you posting to this forum, from another computer?

With Regards,
Extremeboy
  • 0

#7
newportnews
Posted 22 April 2009 - 03:47 PM

newportnews

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Yes the only problem I am having is using IE7. I click on the IE icon; it flashes open then shuts. I also mentioned that under 'control panel' the Internet Options icon does not work either. The icon shows but there is no text with it and clicking it does nothing. Unfortunately, some of our apps require IE to use. I am posting using the problem PC using Firefox browser.


look.bat log---------------------------------

Volume in drive C has no label.
Volume Serial Number is AC4C-B63B

Directory of C:\WINDOWS\system32\DRIVERS\ETC

06/24/2008 07:57 AM <DIR> .
06/24/2008 07:57 AM <DIR> ..
08/05/2008 08:39 AM 1,063 hosts
06/24/2008 07:57 AM 1,063 lmhosts
08/04/2004 06:00 AM 3,683 lmhosts.sam
08/04/2004 06:00 AM 407 networks
08/04/2004 06:00 AM 799 protocol
08/04/2004 06:00 AM 7,116 services
6 File(s) 14,131 bytes
2 Dir(s) 57,517,547,520 bytes free


attach log ------------------------------------------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/15/2008 3:24:12 PM
System Uptime: 4/22/2009 8:37:24 AM (9 hours ago)

Motherboard: Dell Inc. | | 0KX412
Processor: Intel® Core™2 Duo CPU T7700 @ 2.40GHz | Microprocessor | 2394/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 180 GiB total, 53.575 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP156: 1/19/2009 2:07:11 PM - System Checkpoint
RP157: 1/21/2009 5:49:04 PM - System Checkpoint
RP158: 1/22/2009 6:06:07 PM - System Checkpoint
RP159: 1/24/2009 11:21:26 AM - System Checkpoint
RP160: 1/26/2009 10:02:53 AM - System Checkpoint
RP161: 1/27/2009 2:25:58 PM - System Checkpoint
RP162: 1/28/2009 3:11:15 PM - System Checkpoint
RP163: 1/29/2009 5:02:49 PM - System Checkpoint
RP164: 1/30/2009 5:55:31 PM - System Checkpoint
RP165: 2/3/2009 2:01:06 PM - System Checkpoint
RP166: 2/6/2009 8:48:22 AM - System Checkpoint
RP167: 2/9/2009 1:47:42 PM - System Checkpoint
RP168: 2/11/2009 11:30:04 AM - System Checkpoint
RP169: 2/12/2009 1:12:02 PM - System Checkpoint
RP170: 2/13/2009 4:59:32 PM - System Checkpoint
RP171: 2/13/2009 6:34:06 PM - Software Distribution Service 3.0
RP172: 2/16/2009 5:36:40 PM - System Checkpoint
RP173: 2/18/2009 10:44:22 AM - System Checkpoint
RP174: 2/23/2009 8:31:48 AM - System Checkpoint
RP175: 2/24/2009 8:55:12 AM - System Checkpoint
RP176: 2/26/2009 11:35:43 AM - System Checkpoint
RP177: 2/26/2009 6:21:02 PM - Software Distribution Service 3.0
RP178: 3/3/2009 7:13:45 PM - System Checkpoint
RP179: 3/5/2009 2:18:26 PM - System Checkpoint
RP180: 3/6/2009 9:21:41 AM - Removed Java™ 6 Update 10
RP181: 3/6/2009 9:22:18 AM - Installed Java™ 6 Update 12
RP182: 3/9/2009 1:39:49 PM - System Checkpoint
RP183: 3/11/2009 9:10:07 AM - System Checkpoint
RP184: 3/16/2009 8:50:51 AM - Software Distribution Service 3.0
RP185: 3/18/2009 6:01:04 PM - Software Distribution Service 3.0
RP186: 3/20/2009 10:09:34 AM - System Checkpoint
RP187: 3/23/2009 5:40:46 PM - Software Distribution Service 3.0
RP188: 3/25/2009 8:22:29 AM - System Checkpoint
RP189: 3/27/2009 5:26:39 PM - System Checkpoint
RP190: 3/30/2009 9:00:11 AM - Installed Windows Internet Explorer 8.
RP191: 3/30/2009 9:01:50 AM - Software Distribution Service 3.0
RP192: 3/31/2009 11:20:25 AM - Restore Operation
RP193: 3/31/2009 3:32:24 PM - Installed Windows Internet Explorer 8.
RP194: 3/31/2009 3:33:19 PM - Software Distribution Service 3.0
RP195: 3/31/2009 4:45:39 PM - Installed Java™ 6 Update 13
RP196: 3/31/2009 5:10:14 PM - Installed Uninstall Internet Explorer 8
RP197: 3/31/2009 5:31:07 PM - Installed Windows XP KB915865.
RP198: 3/31/2009 5:31:53 PM - Installed Windows NLSDownlevelMapping.
RP199: 3/31/2009 5:32:22 PM - Installed Windows IDNMitigationAPIs.
RP200: 3/31/2009 5:32:34 PM - Installed Windows Internet Explorer 7.
RP201: 3/31/2009 6:01:51 PM - Software Distribution Service 3.0
RP202: 4/1/2009 12:34:59 PM - Installed Windows XP KB915865.
RP203: 4/1/2009 12:35:47 PM - Installed Windows NLSDownlevelMapping.
RP204: 4/1/2009 12:36:18 PM - Installed Windows IDNMitigationAPIs.
RP205: 4/1/2009 12:36:33 PM - Installed Windows Internet Explorer 7.
RP206: 4/2/2009 7:51:42 PM - System Checkpoint
RP207: 4/2/2009 9:05:41 PM - Software Distribution Service 3.0
RP208: 4/6/2009 2:09:56 PM - System Checkpoint
RP209: 4/7/2009 5:03:27 PM - System Checkpoint
RP210: 4/9/2009 10:22:52 AM - System Checkpoint
RP211: 4/10/2009 10:35:22 AM - before uninstall
RP212: 4/10/2009 10:47:45 AM - Installed Windows XP KB915865.
RP213: 4/10/2009 10:48:27 AM - Installed Windows NLSDownlevelMapping.
RP214: 4/10/2009 10:48:55 AM - Installed Windows IDNMitigationAPIs.
RP215: 4/10/2009 10:49:10 AM - Installed Windows Internet Explorer 7.
RP216: 4/10/2009 12:15:16 PM - Installed Assistant
RP217: 4/12/2009 5:00:17 PM - Software Distribution Service 3.0
RP218: 4/13/2009 5:18:44 PM - System Checkpoint
RP219: 4/13/2009 5:30:13 PM - Removed Microsoft Silverlight
RP220: 4/13/2009 5:30:50 PM - Removed Musicmatch for Windows Media Player
RP221: 4/13/2009 5:56:00 PM - Automatic Restore Point
RP222: 4/15/2009 5:30:59 PM - Software Distribution Service 3.0
RP223: 4/17/2009 9:17:33 AM - System Checkpoint
RP224: 4/21/2009 4:34:55 PM - Automatic Restore Point
RP225: 4/21/2009 4:46:48 PM - Automatic Restore Point
RP226: 4/22/2009 8:25:19 AM - Automatic Restore Point
RP227: 4/22/2009 8:31:30 AM - Installed Windows XP KB915865.
RP228: 4/22/2009 8:32:15 AM - Installed Windows NLSDownlevelMapping.
RP229: 4/22/2009 8:32:46 AM - Installed Windows IDNMitigationAPIs.
RP230: 4/22/2009 8:33:04 AM - Installed Windows Internet Explorer 7.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Advanced Audio FX Engine
Advanced Video FX Engine
AGEIA PhysX v7.06.26
Assistant
Broadcom Management Programs
Business Complete Care Services Agreement
Business Contact Manager for Outlook 2007 SP1
CodeWright 7.0
CodeWright Libraries
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Support Center (Support Software)
Dell System Restore
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Documentation & Support Launcher
Documentation de PlanetPress Suite 6
EasyClient
EditPlus 3
ERUNT 1.1j
FacetWin
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
IntelliSonic Speech Enhancement
Internet Service Offers Launcher
Ipswitch WS_FTP Professional 2007
J2SE Runtime Environment 5.0 Update 12
J2SE Runtime Environment 5.0 Update 13
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 13
Java™ 6 Update 5
Java™ 6 Update 7
Laptop Integrated Webcam Driver (1.04.01.1011)
Lexmark Software Uninstall
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LiveAdvisor (Symantec Corporation)
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Logitech Gaming LCD Software 1.04
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Monarch Pro 9.01
Mozilla Firefox (3.0.9)
MSN Money Investment Toolbox
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MySQL Connector/ODBC 3.51
Norton CleanSweep
NVIDIA Drivers
odbcdL4 1.2
OutlookAddinSetup
PlanetPress 5
PlanetPress 5 Documentation
PlanetPress Suite 6
PlanetPress Suite 6 Dokumentationen
PlanetPress Suite 6 English Documentation
PremiumSoft Navicat
PremiumSoft Navicat 8.0 Lite for MySQL
Print Screen Deluxe
PuTTY version 0.60
QualxServ Service Agreement
QuickSet
Redistributable_MM
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Snapshot Viewer
SonicWALL Global VPN Client 4.0.0.830
Spelling Dictionaries Support For Adobe Reader 8
Sprint SmartView
Symantec Mobile Essentials
Symantec Procomm Plus
TridiaVNC
TridiaVNC Pro
U.S. Robotics V.92 USB Modem
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VERITAS Backup Exec Remote Agent for Windows Servers
WebFldrs XP
Webroot® Client
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows Server 2003 Service Pack 1 Administration Tools Pack
Windows XP Service Pack 3
WinSCP 4.0.7
WinZip
Wireless Manager mobile edition 3.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

4/22/2009 8:26:58 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.13.
4/22/2009 8:26:53 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.6000.16827.
4/21/2009 7:24:04 PM, error: NetBT [4321] - The name "MIS :1d" could not be registered on the Interface with IP address 205.34.101.151. The machine with the IP address 205.34.101.14 did not allow the name to be claimed by this machine.
4/21/2009 5:08:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
4/20/2009 9:52:46 AM, error: Kerberos [4] - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/robox1.robertsoxygen.com. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (ROBERTSOXYGEN.COM), and the client realm. Please contact your system administrator.
4/20/2009 8:24:19 PM, error: NetBT [4321] - The name "MIS :1d" could not be registered on the Interface with IP address 205.34.101.164. The machine with the IP address 205.34.101.14 did not allow the name to be claimed by this machine.
4/16/2009 8:40:06 AM, error: NETLOGON [5719] - No Domain Controller is available for domain MIS due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
4/15/2009 9:55:57 PM, error: Dhcp [1002] - The IP address lease 192.168.1.113 for the Network Card with network address 001644B4C2F9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/15/2009 9:52:10 PM, error: NetBT [4321] - The name "MIS :1d" could not be registered on the Interface with IP address 205.34.101.165. The machine with the IP address 205.34.101.14 did not allow the name to be claimed by this machine.
4/15/2009 8:19:08 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
4/15/2009 7:09:36 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2009 7:09:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
4/15/2009 6:35:44 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is ROBOX1.
4/15/2009 6:14:41 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 006073E43296. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/15/2009 6:09:32 PM, error: NETLOGON [5719] - No Domain Controller is available for domain MIS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
4/15/2009 6:02:25 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 006073E43296. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/15/2009 5:27:12 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.

==== End Of File ===========================



DDS log ---------------------------------------------------


DDS (Ver_09-03-16.01) - NTFSx86
Run by MAS at 17:38:08.71 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1191 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ROC\Output Management\EasyClient\ezcserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Objectif Lune\PlanetPress Suite 6\Messenger\MessengerService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Client\commagent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\Program Files\Webroot\Client\spysweeper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Webroot\Client\SpySweeperUI.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Symantec\Mobile Essentials\nme.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\American Systems\Print Screen Deluxe\PrintScreenDeluxe.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mas.MIS\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uInternet Settings,ProxyOverride = 169.254.*.*;
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\LCDMon.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WebrootClientUI] "c:\program files\webroot\client\SpySweeperUI.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\mas.mis\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\mas.mis\startm~1\programs\startup\prints~1.lnk - c:\program files\american systems\print screen deluxe\PrintScreenDeluxe.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\symantec\mobile essentials\nme.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-system: DisableChangePassword = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} - hxxp://205.34.101.12/appxtender/client/IrcViewer.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208347017534
DPF: {89F1C7A1-B54C-406D-8CD6-901D277F6388} - hxxp://205.34.101.12/appxtender/client/IrcResultSet.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://idsdocs.webex.com/client/T26L/webex/ieatgpc.cab
TCP: NameServer = 205.34.101.14,209.130.136.2,205.34.120.180
TCP: {52910206-6FD1-4CEE-8314-2D5BF2ED1A95} = 205.34.101.14,209.130.136.2,205.34.120.180
Notify: WRNotifier - WRLogonNtf.DLL
AppInit_DLLs: APITRAP.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mas.mis\applic~1\mozilla\firefox\profiles\cdm2hnxc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-5-22 31816]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2008-6-24 101528]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 EasyClientPrintService;ROC EasyClient Print Service;c:\program files\roc\output management\easyclient\ezcserv.exe [2005-7-12 73728]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-5-22 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-5-22 54608]
R2 PPMessenger6;PlanetPress Suite Messenger 6;c:\program files\common files\objectif lune\planetpress suite 6\messenger\MessengerService.exe [2008-5-30 1149440]
R2 WebrootCommAgentService;Webroot CommAgent Service;c:\program files\webroot\client\CommAgent.exe [2008-7-16 714656]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-3-10 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-3-10 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-3-10 174952]
R3 mircap;mircap;c:\windows\system32\drivers\mircap.sys [2006-11-22 4608]
R3 mtpaudio;Panasonic Projector Audio Device Driver;c:\windows\system32\drivers\mtpaudio.sys [2006-11-22 12800]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [2008-4-9 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-4-9 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-4-9 7424]
R3 physX32;physX32;c:\windows\system32\drivers\physX32.sys [2008-4-9 117888]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2008-6-24 24876]
R3 seccap;seccap;c:\windows\system32\drivers\seccap.sys [2006-11-22 5632]
R3 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\client\SPYSWEEPER.EXE [2008-7-16 3582832]
S3 FTPPut6;PlanetPress Watch 6 FTPPut Client;c:\program files\planetpress suite 6\planetpress watch\bin\FTPPutService.exe [2008-5-30 682496]
S3 HTTP6;PlanetPress Watch 6 HTTP Service;c:\program files\planetpress suite 6\planetpress watch\bin\HTTPService.exe [2008-5-30 781824]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 PPFax6;PlanetPress Fax 6;c:\program files\planetpress suite 6\planetpress fax\PPFaxService.exe [2008-5-30 1123840]
S3 PPImage6;PlanetPress Image 6;c:\program files\planetpress suite 6\planetpress image\PPImageService.exe [2008-5-30 1826816]
S3 PPLpd6;PlanetPress Watch 6 LPD Server;c:\program files\planetpress suite 6\planetpress watch\bin\LPDService.exe [2008-5-30 638976]
S3 PPLpr6;PlanetPress Watch 6 LPR Client;c:\program files\planetpress suite 6\planetpress watch\bin\LPRService.exe [2008-5-30 638464]
S3 PPMessenger5;PlanetPress Suite Messenger 5;c:\program files\common files\objectif lune\planetpress suite 5\messenger\MessengerService.exe [2005-9-6 1086976]
S3 PPSerial6;PlanetPress Watch 6 Serial Capture;c:\program files\planetpress suite 6\planetpress watch\bin\SerialService.exe [2008-5-30 763904]
S3 PPTelnet6;PlanetPress Watch 6 Telnet Capture;c:\program files\planetpress suite 6\planetpress watch\bin\TelnetService.exe [2008-5-30 766464]
S3 PPWatch6;PlanetPress Watch 6;c:\program files\planetpress suite 6\planetpress watch\bin\PPWatchService.exe [2008-5-30 3899904]
S3 RCConnector;TridiaVNC Pro Connector Direct;c:\program files\tvncpro\bin\connector.exe [2008-4-16 114688]
S3 RCController;TridiaVNC Pro Controller;c:\program files\tvncpro\bin\processor.exe [2008-4-16 147456]

=============== Created Last 30 ================

2009-04-17 09:25 59 a------- c:\windows\Ltdlgfile15u.INI
2009-04-17 09:23 5,578 a------- c:\windows\unpsd.ini
2009-04-15 07:17 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 07:17 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 07:17 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 07:17 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-15 07:17 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-15 07:17 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 07:17 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 07:17 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 07:17 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-15 07:17 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-15 07:14 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 07:14 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 07:14 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-13 20:26 <DIR> --d----- C:\Rooter$
2009-04-13 18:02 <DIR> --d----- c:\docume~1\mas.mis\applic~1\Malwarebytes
2009-04-13 18:02 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-13 18:02 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 18:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-13 18:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-10 12:58 <DIR> --d----- c:\windows\SchCache
2009-04-10 12:16 35 a------- c:\windows\md.sec
2009-04-09 15:05 <DIR> --d----- c:\docume~1\mas.mis\applic~1\Reallusion
2009-04-09 15:04 202,827 a------- c:\windows\system32\atasnt40.dll
2009-04-06 12:57 <DIR> --d----- c:\program files\Trend Micro
2009-03-31 16:59 <DIR> --dsh--- c:\documents and settings\mas.mis\IECompatCache
2009-03-31 15:30 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-31 11:44 299,008 a------- c:\windows\amuninst.exe
2009-03-30 12:56 <DIR> --d----- c:\program files\American Systems
2009-03-30 09:06 <DIR> --dsh--- c:\documents and settings\mas.mis\IETldCache
2009-03-30 09:02 <DIR> --d----- c:\windows\ie8updates
2009-03-30 08:55 105,984 -------- c:\windows\system32\dllcache\iecompat.dll

==================== Find3M ====================

2009-04-14 14:30 65,173 a------- c:\windows\system32\nvModes.dat
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-07-30 08:59 60,744 a------- c:\documents and settings\mas.mis\g2mdlhlpx.exe
2008-04-09 05:08 76 ---shr-- c:\windows\CT4CET.bin
2008-05-09 11:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050920080510\index.dat

============= FINISH: 17:38:33.81 ===============
  • 0

#8
Extremeboy
Posted 22 April 2009 - 04:09 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Hello.

The log looks fine and the other scans were clean as well, and therefore, there doesn't appear to be a malware issue right now.

All I have is: Try IE8. If that doesn't help then I suggest you start a topic in this forum.

You can remove your older versions of Java except Java 6 update 12.

Sorry, I couldn't be more of a help, but this forum is only for malware removal only and right now I don't see anything in the logs that is causing this.

With Regards,
Extremeboy
  • 0

#9
Extremeboy
Posted 27 April 2009 - 02:37 PM

Extremeboy

    Malware Removal Staff

  • Retired Staff
  • 824 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP