Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
11/17/2009 9:28:56 AM
mbam-log-2009-11-17 (09-28-56).txt
Scan type: Full Scan (C:\|)
Objects scanned: 157278
Time elapsed: 17 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 11/17/2009 1:31:21 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\SNIPED\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
997.23 Mb Total Physical Memory | 442.81 Mb Available Physical Memory | 44.40% Memory free
2.34 Gb Paging File | 1.91 Gb Available in Paging File | 81.65% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 60.76 Gb Free Space | 81.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive P: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive R: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive S: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive X: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive Z: | 9.70 Gb Total Space | 6.03 Gb Free Space | 62.18% Space Free | Partition Type: NWFS
Computer Name: JFS384519
Current User Name: SNIPED
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/17 13:29:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SNIPED\Desktop\OTL.exe
PRC - [2009/06/29 03:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/05/08 02:37:18 | 00,192,570 | ---- | M] (Novell, Inc.) -- C:\novell\GroupWise\notify.exe
PRC - [2009/02/19 07:48:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/19 07:48:15 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/10/20 14:43:58 | 00,057,344 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntlgn.exe
PRC - [2008/10/20 14:42:22 | 00,053,248 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntctl.exe
PRC - [2008/08/26 10:34:28 | 00,061,440 | ---- | M] () -- C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
PRC - [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/10 05:39:32 | 01,036,288 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/06/13 12:56:06 | 00,142,104 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/06/13 12:56:04 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/06/13 12:55:56 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/06/13 12:55:46 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/03/14 18:49:02 | 00,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 18:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/03/14 18:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 18:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/01/10 15:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 16:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 16:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 16:38:28 | 00,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/04 20:02:52 | 00,053,248 | ---- | M] () -- Z:\CLNTRUST.EXE
PRC - [2006/10/30 08:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/06/13 06:57:32 | 00,151,104 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WM.EXE
PRC - [2006/06/13 06:57:30 | 00,012,224 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
PRC - [2006/06/13 06:52:18 | 00,113,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
PRC - [2006/06/13 06:51:24 | 00,389,632 | ---- | M] (Novell, Inc) -- C:\Program Files\Novell\ZENworks\NalAgent.exe
PRC - [2006/05/09 09:59:00 | 00,167,936 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
PRC - [2006/05/02 08:17:16 | 00,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\novell\xtagent.exe
PRC - [2004/10/22 14:34:58 | 00,094,208 | ---- | M] (Captaris, Inc.) -- C:\Program Files\RightFax\Client\FAXCTRL.exe
PRC - [2004/06/09 13:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2004/05/17 13:27:28 | 00,032,859 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\dpmw32.exe
PRC - [2002/04/17 09:49:16 | 00,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 09:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2002/03/12 10:37:28 | 00,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe
========== Modules (SafeList) ==========
MOD - [2009/11/17 13:29:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SNIPED\Desktop\OTL.exe
MOD - [2008/04/14 04:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 04:42:12 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 04:42:04 | 00,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 04:42:04 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 04:42:04 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 04:42:02 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/14 04:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/14 04:41:54 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 04:41:52 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2006/06/02 08:36:28 | 00,847,954 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\novnpnt.dll
MOD - [2006/05/24 14:56:54 | 00,478,172 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nls\ENGLISH\novnpntr.dll
MOD - [2006/05/24 14:12:44 | 00,245,843 | ---- | M] () -- C:\WINDOWS\system32\nwshlxnt.dll
MOD - [2006/01/27 10:38:34 | 00,173,056 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\calwin32.dll
MOD - [2005/11/30 09:01:44 | 00,289,792 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\netwin32.dll
MOD - [2005/11/30 09:01:40 | 00,169,984 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\ncpwin32.dll
MOD - [2005/11/30 09:01:38 | 00,118,272 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\locwin32.dll
MOD - [2005/11/30 09:01:34 | 00,027,648 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\clxwin32.dll
MOD - [2005/11/30 09:01:32 | 00,071,168 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\clnwin32.dll
MOD - [2005/03/08 14:22:34 | 00,233,554 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\mapbase.dll
MOD - [2004/07/30 15:07:16 | 00,116,520 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nls\ENGLISH\mapbaser.dll
MOD - [2004/07/30 15:05:24 | 00,121,660 | ---- | M] () -- C:\WINDOWS\system32\nls\ENGLISH\nwshlxnr.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/02/19 07:48:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 04:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/03/14 18:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 18:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 18:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/01/10 15:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 16:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 16:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/01 10:17:32 | 00,073,728 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/02 15:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/06/13 06:57:32 | 00,151,104 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WM.EXE -- (ZFDWM)
SRV - [2006/06/13 06:52:18 | 00,113,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
SRV - [2006/05/09 09:59:00 | 00,167,936 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent)
SRV - [2006/05/02 08:17:16 | 00,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\novell\xtagent.exe -- (XTAgent)
SRV - [2005/01/18 08:17:56 | 00,036,864 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2002/10/18 19:04:10 | 00,101,136 | ---- | M] () -- C:\oradev6i\BIN\ONRSD80.EXE -- (OracleClientCache80)
SRV - [2002/04/26 18:34:38 | 00,242,328 | ---- | M] () -- C:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://innerweb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://innerweb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://innerweb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <LOCAL>;*.GOV;WPAGODO.*;WPAGODJ.*;*ODJFS*;*OHIOMEANSJOBS.COM;10.*;*AREA7WORKFORCE.ORG;INTRANET*
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = PROXYCIN:8080
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/19 07:48:15 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe (Silanis Technology Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Client Trust] z:\CLNTRUST.EXE ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PtLiveUpdate] C:\Program Files\Common Files\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\Client\FAXCTRL.exe (Captaris, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [ScrewDrivers RDP Plugin] C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe (Novell, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GroupWise Notify.lnk = C:\novell\GroupWise\notify.exe (Novell, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\JOB_Startup_OB_VER_VP_RF.lnk = R:\PUBLIC\DocImg\Scripts\JOB_Startup_OB_VER_VP_RF.bat ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\SNIPED\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\SNIPED\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (palmOne/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDeskopOn = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = administrative tools
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKLM\..Trusted Domains: 10.80.120.10 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 10.80.120.11 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 10.80.120.12 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 10.80.120.13 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 10.80.120.14 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ms-montg-co04 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ms-montg-co14 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ms-montg-co15 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ms-montg-co16 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ms-montg-co17 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: ondemand.teamnorthwoods.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: teamnorthwoods.com ([ondemand] http in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 10.80.120.10 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: 10.80.120.11 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: 10.80.120.12 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: 10.80.120.13 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: 10.80.120.14 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: innerweb ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ms-montg-co04 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: ms-montg-co14 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: ms-montg-co15 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: ms-montg-co16 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: ms-montg-co16.odjfs.state.oh.us/* ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: ms-montg-co17 ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: ohio.gov ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: state.oh.us ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: teamnorthwoods.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.100.10.100 10.0.1.100
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/17 14:57:21 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7f97f800-d06b-11de-a733-00215a2d19c0}\Shell\AutoRun\command - "" = E:\CA_EdgeLitemobile.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/17 10:49:43 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
Cannot create restore point. Unable to start SRService service!
========== Files/Folders - Created Within 14 Days ==========
[2009/11/17 13:29:55 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SNIPED\Desktop\OTL.exe
[2009/11/17 13:24:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/17 09:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/16 15:33:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SNIPED\Application Data\Malwarebytes
[2009/11/16 15:32:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/16 15:32:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/16 15:32:41 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/16 15:32:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/13 15:47:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SNIPED\Local Settings\Application Data\Threat Expert
[2009/11/13 15:41:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/11/13 15:40:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/05 09:21:59 | 00,000,000 | ---D | C] -- C:\~ROXTMP
[2009/11/05 09:19:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SNIPED\My Documents\HALLOWEEN
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2009/11/17 13:29:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SNIPED\Desktop\OTL.exe
[2009/11/17 13:25:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\SNIPED\Desktop\settings.dat
[2009/11/17 13:24:42 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\SNIPED\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/17 13:24:38 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\SNIPED\Desktop\NTREGOPT.lnk
[2009/11/17 13:24:38 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\SNIPED\Desktop\ERUNT.lnk
[2009/11/17 13:19:48 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/17 13:19:48 | 00,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/17 13:19:48 | 00,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/17 13:18:18 | 00,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2009/11/17 13:17:17 | 00,002,076 | ---- | M] () -- C:\Documents and Settings\SNIPED\Desktop\Rumba32 - AS400.nal
[2009/11/17 13:17:17 | 00,002,076 | ---- | M] () -- C:\Documents and Settings\SNIPED\Desktop\Message Screen.nal
[2009/11/17 13:17:17 | 00,002,076 | ---- | M] () -- C:\Documents and Settings\SNIPED\Desktop\Mainframe Display.nal
[2009/11/17 13:17:10 | 00,000,290 | ---- | M] () -- C:\WINDOWS\onbase.ini
[2009/11/17 13:16:55 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/11/17 13:16:21 | 00,030,508 | RHS- | M] () -- C:\Documents and Settings\SNIPED\ntuser.pol
[2009/11/17 13:16:19 | 00,008,232 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/11/17 13:15:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/17 13:15:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 13:15:03 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\SNIPED\NTUSER.DAT
[2009/11/17 13:14:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\SNIPED\ntuser.ini
[2009/11/17 10:53:20 | 00,022,592 | ---- | M] () -- C:\Documents and Settings\SNIPED\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/17 10:51:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/16 15:32:49 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 14:37:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2009/11/13 11:52:38 | 00,432,301 | ---- | M] () -- C:\Documents and Settings\SNIPED\My Documents\Presentation1.pdf
[2009/11/13 08:01:30 | 00,022,592 | ---- | M] () -- C:\Documents and Settings\SNIPED\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/13 07:48:46 | 00,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/09 07:38:47 | 00,000,759 | ---- | M] () -- C:\Documents and Settings\SNIPED\Start Menu\Programs\Startup\palmOne Registration.lnk
[2009/11/05 14:41:17 | 00,009,098 | ---- | M] () -- C:\Documents and Settings\SNIPED\My Documents\attach=1&id=RgAA.pdf
[2009/11/05 14:36:03 | 00,096,256 | ---- | M] () -- C:\Documents and Settings\SNIPED\My Documents\P90x.xls
[2009/11/04 10:24:06 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\SNIPED\Desktop\weekly time record 1.xls
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/11/17 13:25:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\SNIPED\Desktop\settings.dat
[2009/11/17 13:24:42 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\SNIPED\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/17 13:24:38 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\SNIPED\Desktop\NTREGOPT.lnk
[2009/11/17 13:24:38 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\SNIPED\Desktop\ERUNT.lnk
[2009/11/17 13:17:17 | 00,002,076 | ---- | C] () -- C:\Documents and Settings\SNIPED\Desktop\Rumba32 - AS400.nal
[2009/11/17 13:17:17 | 00,002,076 | ---- | C] () -- C:\Documents and Settings\SNIPED\Desktop\Message Screen.nal
[2009/11/17 13:17:17 | 00,002,076 | ---- | C] () -- C:\Documents and Settings\SNIPED\Desktop\Mainframe Display.nal
[2009/11/16 15:32:49 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 14:37:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/11/13 11:52:38 | 00,432,301 | ---- | C] () -- C:\Documents and Settings\SNIPED\My Documents\Presentation1.pdf
[2009/11/05 14:41:17 | 00,009,098 | ---- | C] () -- C:\Documents and Settings\SNIPED\My Documents\attach=1&id=RgAA.pdf
[2009/05/08 02:38:58 | 00,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2009/05/08 02:37:32 | 00,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2009/05/08 02:15:42 | 00,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2009/05/08 00:14:48 | 00,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2009/04/01 10:15:47 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\SNIPED\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/10 15:45:30 | 00,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2008/10/28 14:41:17 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/28 14:41:17 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/28 14:41:17 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/28 14:41:17 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/28 14:41:17 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/28 14:41:17 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/26 10:32:21 | 00,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2008/08/21 07:34:22 | 00,022,592 | ---- | C] () -- C:\Documents and Settings\SNIPED\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/20 09:18:48 | 00,008,576 | ---- | C] () -- C:\Documents and Settings\SNIPED\Local Settings\Application Data\WT61US.UWL
[2008/08/20 08:21:17 | 00,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2008/07/31 14:20:08 | 00,000,053 | ---- | C] () -- C:\WINDOWS\System32\vprinter.ini
[2008/07/31 14:19:05 | 00,000,290 | ---- | C] () -- C:\WINDOWS\onbase.ini
[2008/07/31 13:03:25 | 00,022,592 | ---- | C] () -- C:\Documents and Settings\SNIPED\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/07/31 12:40:59 | 00,000,022 | ---- | C] () -- C:\WINDOWS\WDSPAWN.INI
[2008/07/31 12:26:39 | 04,888,748 | -H-- | C] () -- C:\Documents and Settings\SNIPED\Local Settings\Application Data\IconCache.db
[2008/07/31 12:23:13 | 00,367,254 | -H-- | C] () -- C:\Program Files\ODJFS login.bmp
[2008/07/31 12:22:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\SNIPED\Application Data\desktop.ini
[2008/07/31 07:05:18 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/07/31 07:04:34 | 00,034,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2008/07/31 07:03:11 | 00,000,875 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/31 06:55:29 | 00,000,469 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/21 08:57:54 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/17 17:39:27 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008/07/17 17:38:14 | 00,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2008/07/17 17:38:14 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2008/07/17 17:38:13 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2008/07/17 17:38:13 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2008/07/17 17:38:13 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2008/07/17 17:38:11 | 00,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2008/07/17 17:38:09 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2008/07/17 17:38:09 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2008/07/17 17:38:08 | 00,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2008/07/17 17:37:10 | 00,001,620 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/07/17 17:37:05 | 00,000,250 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/07/17 10:52:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/07/08 13:46:16 | 00,008,225 | ---- | C] () -- C:\WINDOWS\kvsdk.ini
[2007/12/18 09:19:22 | 00,012,800 | ---- | C] () -- C:\WINDOWS\System32\dmport.dll
[2007/07/03 14:22:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/05/03 17:25:42 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\mzVerity55.dll
[2006/09/24 22:02:34 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/24 22:02:34 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/09/26 11:57:30 | 00,001,130 | R--- | C] () -- C:\WINDOWS\System32\IITOnBasehandler.ini
[2004/03/17 02:39:12 | 00,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
[2004/03/17 02:38:26 | 00,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll
[2003/11/04 09:54:52 | 01,929,216 | ---- | C] () -- C:\WINDOWS\System32\PdfDll32.dll
[2003/07/29 07:07:00 | 00,000,218 | ---- | C] () -- C:\WINDOWS\ORAODBC.INI
[2003/02/25 18:19:56 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/04/17 13:21:44 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2000/10/22 14:20:10 | 00,254,464 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT2X.DLL
[1999/08/07 00:05:16 | 00,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
========== LOP Check ==========
[2008/07/31 14:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Griaule
[2008/08/26 10:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/03/09 08:08:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\infoUSA Security
[2008/11/20 14:22:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2008/08/26 07:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/11/17 09:53:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/17 10:51:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\.oit
[2008/11/04 11:20:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\Helios
[2008/08/26 10:19:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\HotSync
[2008/10/28 14:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\InterVideo
[2008/08/26 10:29:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\Leadertech
[2008/07/31 13:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\OrgPlus5
[2008/09/19 06:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\PureEdge
[2008/11/20 14:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\Sony
[2008/08/26 07:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\Sony Setup
[2009/04/28 12:06:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SNIPED\Application Data\webex
[2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/17 13:15:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\SP3_Backup\$ntservicepackuninstall$\eventlog.dll
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\SP3_Backup\$ntservicepackuninstall$\scecli.dll
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\SP3_Backup\$ntservicepackuninstall$\netlogon.dll
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\SP3_Backup\$ntservicepackuninstall$\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\SP3_Backup\$ntservicepackuninstall$\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
OTL Extras logfile created on: 11/17/2009 1:31:21 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\SNIPED\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
997.23 Mb Total Physical Memory | 442.81 Mb Available Physical Memory | 44.40% Memory free
2.34 Gb Paging File | 1.91 Gb Available in Paging File | 81.65% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 60.76 Gb Free Space | 81.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive P: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive R: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive S: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive X: | 397.28 Gb Total Space | 157.25 Gb Free Space | 39.58% Space Free | Partition Type: NWFS
Drive Z: | 9.70 Gb Total Space | 6.03 Gb Free Space | 62.18% Space Free | Partition Type: NWFS
Computer Name: JFS384519
Current User Name: SNIPED
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.wsf [@ = WallData.FileAS400DisplayDocument.2] -- C:\Program Files\WallData\System\Wddsppag.Bin (Wall Data Incorporated)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{153629A2-C4BE-47DC-B284-F3A3D10C5F42}" = GroupWise
"{1D71528D-D340-4975-8D30-11E3117EC3D4}" = RssReader
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3300059D-1AC8-40F5-82D6-E5C537A61743}" = OnBase Virtual Print Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{37EAD3B6-15F3-4292-AA85-41CADD54E964}" = RightFax Product Suite
"{3E270C95-8327-4C2F-A8E1-902CC2604A20}" = HP Photo and Imaging 2.3 - Scanjet 4600 Series
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{563763D9-0F41-42BF-8695-4E1C48664849}" = Oracle Developer 6i
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7878B1D4-B2CB-4EA8-9A0A-7E0575D23B96}" = ZENworks Desktop Management Agent
"{7C984822-C353-428F-8DC8-082449F17687}" = MIP Accounting
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84181388-5437-4E5F-BB3C-D42EB33FE55A}" = ScrewDrivers Client v4 (rdp only)
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BB453052-5327-4941-90A6-3A23CD3EB6B1}" = Windows Messaging for NT
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C260F28A-DA81-49B6-B477-1BDFA4AEF921}" = Send Certified for GroupWise
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC34F9FB-34B4-4224-A09B-95432AE34EB9}" = HumanConcepts OrgPlus 5
"{E92C4253-6E84-43E8-8DCC-F9766908C904}" = Verity Client Files
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
"{F3770CBA-371E-4F7B-AB4E-A33665EEB0D6}" = Northwoods Dependencies
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"CallPilot Desktop Messaging for Novell GroupWise" = CallPilot Desktop Messaging for Novell GroupWise
"Employer Database" = Employer Database
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HumanConcepts OrgViewer 5" = HumanConcepts OrgViewer 5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Intellisync" = Intellisync Desktop
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"Novell iPrint Client" = Novell iPrint Client v05.12.00
"PROSet" = Intel® PRO Network Connections Drivers
"Pumatech LiveUpdate Client" = Pumatech LiveUpdate Client (remove only)
"RUMBA 95 NT DeinstKey" = RUMBA 95 NT
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/17 13:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA0BD000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B45000 Size: 8192 File Visible: No Signed: -
Status: -
Name: nwfilter.sys
Image Path: nwfilter.sys
Address: 0xF79FF000 Size: 15808 File Visible: No Signed: -
Status: -
Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xA97AF000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa4f1350
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0x867e5950
#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x866f2158
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa4f1580
==EOF==
Edited by pchelpplease, 17 November 2009 - 12:46 PM.