OTL logfile created on: 7/19/2010 11:13:47 AM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\%username%\Desktop\Tools Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.33% Memory free 3.84 Gb Paging File | 3.42 Gb Available in Paging File | 89.04% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 140.91 Gb Total Space | 33.04 Gb Free Space | 23.44% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 8.14 Gb Total Space | 0.44 Gb Free Space | 5.37% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NEO Current User Name: USER Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009/11/03 13:58:26 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\%username%\Desktop\Tools\OTL.exe PRC - [2009/08/05 10:37:58 | 12,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/04/13 20:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/12/05 20:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2007/05/18 17:50:16 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2007/05/11 17:21:10 | 00,472,632 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2007/01/12 09:36:40 | 00,827,392 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2005/02/17 03:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2002/03/12 11:37:28 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009/11/03 13:58:26 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\%username%\Desktop\Tools\OTL.exe MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 20:12:10 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll MOD - [2008/04/13 20:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll MOD - [2008/04/13 20:11:55 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2008/04/13 20:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2006/07/11 17:35:38 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll MOD - [2005/12/21 17:58:20 | 00,294,912 | ---- | M] (Netscape Communications Corporation) -- C:\WINDOWS\system32\nspr4.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/09/14 07:57:17 | 00,380,928 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask) SRV - [2009/09/14 07:57:17 | 00,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC) SRV - [2009/04/07 07:55:02 | 00,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT) SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers) SRV - [2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ) SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2007/12/05 20:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex) SRV - [2007/11/07 09:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) SRV - [2007/05/08 12:38:46 | 00,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007/04/19 17:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007/02/06 15:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2007/02/05 07:57:24 | 00,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway) SRV - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/11/06 17:31:14 | 00,887,544 | ---- | M] (Sonic Solutions) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2006/11/01 15:17:32 | 00,073,728 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/19 00:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2006/10/17 02:01:12 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZIPM12.DLL -- (Pml Driver HPZ12) SRV - [2006/08/11 15:51:04 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc) SRV - [2006/01/12 17:22:38 | 00,294,912 | ---- | M] (SoftThinks) -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA) SRV - [2004/10/22 07:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010/05/26 10:39:08 | 00,006,144 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\2.tmp -- (MEMSWEEP2) DRV - [2010/04/29 15:39:38 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009/09/14 10:58:37 | 00,229,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm) DRV - [2008/05/08 10:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008/04/13 15:15:53 | 00,295,712 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\udspprm32.sys -- (udspprm32) DRV - [2008/04/13 14:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/10/18 21:14:32 | 00,184,080 | ---- | M] (Computer Associates) -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR) DRV - [2007/08/06 22:07:02 | 00,027,536 | ---- | M] (Computer Associates) -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY) DRV - [2007/06/21 14:03:08 | 00,513,664 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation) DRV - [2007/06/18 20:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/05/16 07:14:58 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/05/06 21:00:06 | 01,160,320 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007/04/10 19:55:28 | 00,140,808 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007/03/21 08:58:56 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007/03/01 11:13:06 | 02,203,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2007/02/27 06:21:00 | 00,160,256 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/02/14 10:21:00 | 00,067,960 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/02/14 10:20:58 | 00,868,298 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/01/29 06:20:34 | 00,059,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2007/01/12 09:04:44 | 00,201,856 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2007/01/09 11:50:24 | 00,288,768 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2006/10/27 16:53:48 | 00,043,568 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS) DRV - [2006/09/25 09:54:54 | 00,160,209 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC) DRV - [2006/09/19 12:58:58 | 00,036,608 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006/08/07 02:57:30 | 00,093,952 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio) DRV - [2006/07/24 07:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006/06/28 13:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2006/03/03 17:50:48 | 00,038,416 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM) DRV - [2005/11/22 10:51:22 | 00,018,353 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP) DRV - [2005/10/27 16:15:14 | 00,039,731 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32) DRV - [2005/10/12 13:12:18 | 00,009,297 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST) DRV - [2005/10/12 13:11:32 | 00,006,128 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) DRV - [2005/05/26 18:14:00 | 00,015,891 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER) DRV - [2005/01/03 14:51:38 | 00,020,332 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP) DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/06/01 18:19:34 | 00,027,249 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR) DRV - [2004/03/23 22:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5) DRV - [2003/02/26 14:51:18 | 00,023,232 | ---- | M] () -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP) DRV - [2002/09/11 11:42:04 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2001/08/17 16:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = bess-proxy1.edutech.org:7026 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4 FF - prefs.js..network.proxy.backup.ftp: "bess-proxy3.edutech.org" FF - prefs.js..network.proxy.backup.ftp_port: 7026 FF - prefs.js..network.proxy.backup.gopher: "bess-proxy3.edutech.org" FF - prefs.js..network.proxy.backup.gopher_port: 7026 FF - prefs.js..network.proxy.backup.socks: "bess-proxy3.edutech.org" FF - prefs.js..network.proxy.backup.socks_port: 7026 FF - prefs.js..network.proxy.backup.ssl: "bess-proxy3.edutech.org" FF - prefs.js..network.proxy.backup.ssl_port: 7026 FF - prefs.js..network.proxy.ftp: "bess-proxy3.edutech.org" FF - prefs.js..network.proxy.ftp_port: 7026 FF - prefs.js..network.proxy.gopher: "bess-proxy3.edutech.org" FF - prefs.js..network.proxy.gopher_port: 7026 FF - prefs.js..network.proxy.http: "bess-proxy3.edutech.org" FF - prefs.js..network.proxy.http_port: 7026 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "bess-proxy3.edutech.org" FF - prefs.js..network.proxy.socks_port: 7026 FF - prefs.js..network.proxy.ssl: "bess-proxy3.edutech.org" FF - prefs.js..network.proxy.ssl_port: 7026 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 10:58:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/19 09:28:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/16 13:12:15 | 00,000,000 | ---D | M] [2009/11/02 12:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\%username%\Application Data\Mozilla\Extensions [2009/11/02 12:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\%username%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/07/19 09:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\%username%\Application Data\Mozilla\Firefox\Profiles\863culh1.default\extensions [2009/11/02 13:30:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\%username%\Application Data\Mozilla\Firefox\Profiles\863culh1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/07/19 09:20:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/02 12:30:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/16 14:32:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} [2009/10/16 16:08:14 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/10/16 16:08:15 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/10/16 16:08:16 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/06/19 15:34:11 | 00,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/10/16 13:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/10/16 13:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/10/16 13:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/10/16 13:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/10/16 13:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/10/16 13:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/10/16 13:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLastUserName = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText = 2k [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: UndockWithoutLogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271432817362 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271432809440 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 (Java Plug-in 1.6.0_06) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.100.4.15 10.2.4.5 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/10/22 08:13:39 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2001/07/27 19:07:00 | 00,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/04/30 11:01:00 | 00,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{2ad63f58-e728-11dd-82e3-001f2991095e}\Shell - "" = AutoRun O33 - MountPoints2\{2ad63f58-e728-11dd-82e3-001f2991095e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2ad63f58-e728-11dd-82e3-001f2991095e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{2ad63f59-e728-11dd-82e3-001f2991095e}\Shell\AutoRun\command - "" = I:\StartPortableApps.exe -- File not found O33 - MountPoints2\{d8a85f5a-47c1-11dd-82b7-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{d8a85f5a-47c1-11dd-82b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d8a85f60-47c1-11dd-82b7-001f2991095e}\Shell\AutoRun\command - "" = BOOTEX\thumbcache_131.exe O33 - MountPoints2\{d8a85f60-47c1-11dd-82b7-001f2991095e}\Shell\explore\command - "" = BOOTEX/thumbcache_131.exe O33 - MountPoints2\{d8a85f60-47c1-11dd-82b7-001f2991095e}\Shell\open\command - "" = .////BOOTEX/thumbcache_131.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (MACHINE) - File not found O34 - HKLM BootExecute: (BootExecut) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/07/19 10:17:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\%username%\DoctorWeb [2010/07/19 10:15:59 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos [2010/07/19 09:45:49 | 01,137,360 | ---- | C] (F-Secure Corporation) -- C:\fsbl.exe [2010/07/19 08:36:41 | 00,000,000 | --SD | C] -- C:\ComboFix [2010/07/16 14:39:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2010/07/16 14:36:28 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2010/07/16 14:32:35 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\%username%\Application Data\SystemProc [2010/07/16 14:26:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/07/16 14:26:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/07/16 14:26:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/07/16 14:26:53 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/07/16 14:26:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/07/16 14:26:19 | 00,000,000 | ---D | C] -- C:\Qoobox [2010/07/16 14:09:38 | 00,000,000 | ---D | C] -- C:\Tools [2010/07/16 14:06:25 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip [2010/07/16 13:11:36 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2010/07/16 10:18:43 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/07/16 09:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\%username%\Application Data\Malwarebytes [2010/07/16 09:05:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/07/16 09:05:42 | 00,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/07/16 09:05:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/07/16 09:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/07/09 15:40:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\%username%\Application Data\InterVideo [2010/07/08 09:16:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\WinNTDlls [2010/07/08 09:16:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Win98Dlls [2010/07/08 09:16:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Press Training Kit Exam Prep [2010/06/28 09:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\%username%\Application Data\Download Manager [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/07/19 11:05:57 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\%username%\Desktop\~$rus documentation.doc [2010/07/19 10:46:27 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/19 10:45:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/19 10:45:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/19 10:45:48 | 21,383,61856 | -HS- | M] () -- C:\hiberfil.sys [2010/07/19 10:36:09 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\%username%\NTUSER.DAT [2010/07/19 10:36:06 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\%username%\ntuser.ini [2010/07/19 09:42:46 | 01,137,360 | ---- | M] (F-Secure Corporation) -- C:\fsbl.exe [2010/07/19 09:39:06 | 01,376,832 | ---- | M] () -- C:\sar_15_sfx.exe [2010/07/19 08:41:59 | 00,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI [2010/07/16 15:17:06 | 00,092,672 | ---- | M] () -- C:\Documents and Settings\%username%\Desktop\Virus documentation.doc [2010/07/16 15:06:07 | 00,000,438 | ---- | M] () -- C:\Documents and Settings\%username%\Desktop\regbackup.reg [2010/07/16 14:06:24 | 00,939,956 | ---- | M] () -- C:\Documents and Settings\%username%\Desktop\7z465.exe [2010/07/16 14:06:07 | 00,478,504 | ---- | M] () -- C:\Documents and Settings\%username%\Desktop\bootkit_remover.rar [2010/07/16 13:12:15 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/07/16 10:09:31 | 00,005,748 | ---- | M] () -- C:\Documents and Settings\%username%\My Documents\My Favorite Theme.theme [2010/07/16 09:05:46 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/13 09:06:47 | 00,294,087 | ---- | M] () -- C:\Documents and Settings\%username%\Desktop\Building a Standard Image of Windows 7 Step-by-Step Guide.doc.docx [2010/07/12 10:12:31 | 00,000,252 | ---- | M] () -- C:\Documents and Settings\%username%\Desktop\Geothermal Gradients and Subsurface Temperatures in the Northern Gulf of Mexico, by Joseph Forrest1, Ettore Marcucci and Paul Scott, #30048 (2007)..url [2010/07/12 08:23:06 | 00,114,271 | ---- | M] () -- C:\Documents and Settings\%username%\Desktop\stb0502.xls [2010/07/12 08:22:52 | 00,016,201 | ---- | M] () -- C:\Documents and Settings\%username%\Desktop\sec5_7.pdf [2010/07/09 08:01:39 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\%username%\My Documents\July 2010 Expense Form.xls [2010/07/06 15:34:47 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\%username%\My Documents\June 2010 Expense Form.xls [2010/07/01 09:26:48 | 04,167,652 | ---- | M] () -- C:\Documents and Settings\%username%\Desktop\BFX_Sport_OM_RevB_web.pdf [2010/06/28 10:09:19 | 24,004,54656 | ---- | M] () -- C:\7600.16385.090713-1255_x86fre_enterprise_en-us_EVAL_Eval_Enterprise-GRMCENEVAL_EN_DVD.iso [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/07/19 11:05:57 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\%username%\Desktop\~$rus documentation.doc [2010/07/19 10:36:54 | 21,383,61856 | -HS- | C] () -- C:\hiberfil.sys [2010/07/19 09:45:45 | 01,376,832 | ---- | C] () -- C:\sar_15_sfx.exe [2010/07/16 15:17:04 | 00,092,672 | ---- | C] () -- C:\Documents and Settings\%username%\Desktop\Virus documentation.doc [2010/07/16 15:06:07 | 00,000,438 | ---- | C] () -- C:\Documents and Settings\%username%\Desktop\regbackup.reg [2010/07/16 14:26:53 | 00,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/07/16 14:26:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/07/16 14:26:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/07/16 14:26:53 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/07/16 14:26:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/07/16 14:06:20 | 00,939,956 | ---- | C] () -- C:\Documents and Settings\%username%\Desktop\7z465.exe [2010/07/16 14:06:05 | 00,478,504 | ---- | C] () -- C:\Documents and Settings\%username%\Desktop\bootkit_remover.rar [2010/07/16 10:09:31 | 00,005,748 | ---- | C] () -- C:\Documents and Settings\%username%\My Documents\My Favorite Theme.theme [2010/07/16 09:05:46 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/13 09:06:47 | 00,294,087 | ---- | C] () -- C:\Documents and Settings\%username%\Desktop\Building a Standard Image of Windows 7 Step-by-Step Guide.doc.docx [2010/07/12 10:12:31 | 00,000,252 | ---- | C] () -- C:\Documents and Settings\%username%\Desktop\Geothermal Gradients and Subsurface Temperatures in the Northern Gulf of Mexico, by Joseph Forrest1, Ettore Marcucci and Paul Scott, #30048 (2007)..url [2010/07/12 08:23:06 | 00,114,271 | ---- | C] () -- C:\Documents and Settings\%username%\Desktop\stb0502.xls [2010/07/12 08:22:51 | 00,016,201 | ---- | C] () -- C:\Documents and Settings\%username%\Desktop\sec5_7.pdf [2010/07/09 08:01:39 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\%username%\My Documents\July 2010 Expense Form.xls [2010/07/01 09:26:36 | 04,167,652 | ---- | C] () -- C:\Documents and Settings\%username%\Desktop\BFX_Sport_OM_RevB_web.pdf [2010/06/28 09:39:03 | 24,004,54656 | ---- | C] () -- C:\7600.16385.090713-1255_x86fre_enterprise_en-us_EVAL_Eval_Enterprise-GRMCENEVAL_EN_DVD.iso [2009/11/02 12:04:48 | 00,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2009/11/02 12:04:48 | 00,000,141 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2009/11/02 12:04:20 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll [2009/11/02 12:01:58 | 00,000,744 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/03/25 09:39:52 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\support.dll [2009/03/25 09:39:52 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AdapterId.dll [2009/03/25 09:39:06 | 00,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI [2008/07/03 14:39:49 | 00,100,440 | ---- | C] () -- C:\Documents and Settings\%username%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/07/03 09:40:11 | 05,368,542 | -H-- | C] () -- C:\Documents and Settings\%username%\Local Settings\Application Data\IconCache.db [2008/07/03 09:40:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\%username%\Application Data\desktop.ini [2008/07/03 09:40:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\%username%\Local Settings\Application Data\QSwitch.txt [2008/07/03 09:40:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\%username%\Local Settings\Application Data\DSwitch.txt [2008/07/03 09:40:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\%username%\Local Settings\Application Data\AtStart.txt [2008/07/01 19:05:37 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/07/01 19:05:37 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/07/01 19:05:37 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/07/01 19:05:37 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/07/01 19:05:37 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/07/01 19:05:37 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/07/01 14:46:17 | 00,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI [2008/07/01 14:06:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpmnwun.ini [2008/07/01 11:19:42 | 00,000,597 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/07/01 11:16:25 | 00,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll [2008/07/01 11:16:25 | 00,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll [2008/07/01 11:16:24 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll [2008/07/01 11:16:22 | 00,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini [2008/07/01 11:16:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll [2008/07/01 11:16:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll [2008/07/01 11:16:19 | 00,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll [2008/07/01 11:16:17 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll [2008/01/23 05:10:43 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/01/23 05:10:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2007/10/12 23:20:06 | 00,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007/08/16 16:17:50 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2007/05/16 07:48:42 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll [2007/05/16 07:14:58 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007/02/06 15:20:00 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/02/06 14:55:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007/01/19 10:30:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/19 03:02:40 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/19 03:02:40 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/06/13 18:04:58 | 00,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll [2006/06/13 16:21:04 | 00,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll [2006/06/13 15:37:18 | 00,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL [2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005/12/21 17:57:04 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2005/12/21 17:54:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll [2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2004/08/07 09:19:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/08/07 09:12:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/07 09:03:10 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/07 01:53:36 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini [2004/08/07 01:53:14 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2004/07/09 10:31:18 | 00,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll < End of report >