Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot connect to internet after Trojan.fakeav attack

Started by KUdomon , Apr 28 2010 12:05 AM

  • Please log in to reply

#1
KUdomon
Posted 28 April 2010 - 12:05 AM

KUdomon

    New Member

  • Member
  • Pip
  • 4 posts
Around 7:45 p.m. on Saturday my system was attacked by the Trojan.fakeav virus. I was able to remove the virus (it was a painful process) using MBAM and antivirus software. However, after the attack I was unable to connect to the internet with IE7. Let me describe this problem in detail:
1. This problem happens on my home wireless network. I am not able to visit "external" sites like Yahoo and Google.
2. From home, I am able to tunnel into my work's internet using a VPN. Once in, I am able to access "internal" sites on my company's intranet. However, while in my company's VPN, I am still not able to connect to external sites like Yahoo or Google.
3. The same laptop is able to connect to my work's intranet and external sites (Yahoo and Google) at work (it is able to connect wirelessly and hard-wired).
4. My two personal laptops are still capable of accessing the internet.
5. My work laptop was able to connect to the internet using my wireless network prior to the attack.
6. When I run the network diagnostic tool I get an error message stating Settings HTTP (port 80) HTTPS port 443 FTP port 21 error message
7. I have done several things to get my internet working again at home on my work laptop, but to no avail. Right now I am in the process of installing Firefox to see if I am able to browse with it.

I hope someone can help me. Hopefully, I have provided enough details, and I can provide more if needed. I have searched the forum here, and have found posts describing a similar problem. Some of the solutions I have tried, but they did not work for me. I suspect that the Trojan hijacked a setting. Perhaps there is an expert out there that can point me in the right direction? Thanks!

OTL.Txt

OTL logfile created on: 4/27/2010 11:03:40 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = F:\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 100.23 Gb Free Space | 67.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.69 Gb Total Space | 3.44 Gb Free Space | 93.44% Space Free | Partition Type: FAT32
Drive F: | 465.11 Gb Total Space | 427.31 Gb Free Space | 91.87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WDXKU94623N87
Current User Name: ku94623
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/27 20:50:28 | 000,563,712 | ---- | M] (OldTimer Tools) -- F:\Antivirus\OTL.exe
PRC - [2010/04/25 16:14:11 | 000,818,256 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/25 16:14:10 | 001,265,264 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/12/24 17:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/12/12 01:56:46 | 005,114,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/23 22:23:08 | 007,497,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
PRC - [2009/10/23 21:16:06 | 000,476,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
PRC - [2009/10/10 16:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/08/27 11:58:32 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2009/07/30 06:26:38 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/20 15:35:20 | 001,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/12/11 08:08:52 | 003,575,808 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2008/12/10 19:34:26 | 003,456,568 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
PRC - [2008/12/10 19:34:22 | 000,224,824 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPfsd.exe
PRC - [2008/12/10 19:34:22 | 000,102,968 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPserv.exe
PRC - [2008/12/05 05:46:22 | 000,070,984 | ---- | M] (WebEx Communications Inc.) -- C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
PRC - [2008/12/05 05:46:02 | 000,042,312 | ---- | M] () -- C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
PRC - [2008/11/21 03:33:32 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/11/04 23:10:10 | 000,087,416 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2008/07/18 17:27:00 | 000,081,920 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcshelp.exe
PRC - [2008/07/18 16:19:44 | 000,954,416 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\pcs.exe
PRC - [2008/07/01 11:39:14 | 000,077,824 | ---- | M] (InfoExpress) -- C:\Program Files\CyberArmor\casvc.exe
PRC - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/06/06 15:25:22 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/06/06 15:24:22 | 000,116,928 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/06/06 15:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/06 15:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/05/29 18:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 18:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 18:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/29 18:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) -- C:\Program Files\JDRave\JDRave\iPassPeriodicUpdateApp.exe
PRC - [2006/11/29 18:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) -- C:\Program Files\JDRave\JDRave\iPassPeriodicUpdateService.exe
PRC - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2010/04/27 20:50:28 | 000,563,712 | ---- | M] (OldTimer Tools) -- F:\Antivirus\OTL.exe
MOD - [2009/12/24 17:02:28 | 000,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2008/12/10 19:34:26 | 000,084,536 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPmapih.dll
MOD - [2008/12/10 19:34:22 | 000,050,744 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPhk.dll
MOD - [2007/03/26 13:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/25 16:14:10 | 001,265,264 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/23 21:16:06 | 000,476,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe -- (DLOChangeJournalSvc)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/12/11 08:08:52 | 003,575,808 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008/12/10 19:34:22 | 000,102,968 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\WINDOWS\system32\PGPserv.exe -- (PGPserv)
SRV - [2008/11/21 03:33:32 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/11/04 23:10:10 | 000,087,416 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2008/07/01 11:39:14 | 000,077,824 | ---- | M] (InfoExpress) [Auto | Running] -- C:\Program Files\CyberArmor\casvc.exe -- (CyberArmorRunService)
SRV - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2008/05/20 04:00:00 | 000,249,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/06 15:24:22 | 000,116,928 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/06/06 15:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/06/06 15:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/05/29 18:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 18:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/03/28 20:52:18 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/30 19:09:32 | 001,310,720 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\JDRave\JDRave\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2006/11/29 18:47:28 | 000,126,976 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\JDRAVE\JDRAVE\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2006/11/29 18:47:28 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\JDRAVE\JDRAVE\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2006/09/02 17:36:34 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/05/09 18:37:50 | 000,835,584 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nortel Networks\Extranet_serv.exe -- (ExtranetAccess)
SRV - [2004/09/15 22:38:56 | 000,029,816 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\SQLLIB\BIN\db2sec.exe -- (DB2NTSECSERVER)
SRV - [2004/09/15 22:37:04 | 000,197,752 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\SQLLIB\BIN\db2jds.exe -- (DB2JDS)


========== Driver Services (SafeList) ==========

DRV - [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/11 13:36:44 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2010/02/25 00:51:10 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/16 10:30:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/12/02 12:16:05 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100426.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/02 12:15:56 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100426.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/02 21:23:52 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/31 13:55:08 | 000,184,888 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ahcix86.sys -- (ahcix86)
DRV - [2009/08/17 18:15:34 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/04 16:56:28 | 000,240,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/07/29 17:33:04 | 000,213,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/20 16:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/20 15:39:04 | 000,339,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/06/25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/03/19 12:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/03/18 14:23:00 | 006,251,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/02/13 11:18:12 | 000,017,968 | R--- | M] (VMware, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/12/10 19:34:28 | 000,040,504 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV - [2008/12/10 19:34:26 | 000,245,816 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPdisk.sys -- (PGPdisk)
DRV - [2008/12/10 19:34:22 | 000,212,024 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PGPwded.sys -- (PGPwded)
DRV - [2008/12/10 19:34:22 | 000,134,712 | ---- | M] (PGP Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\PGPfsfd.sys -- (pgpfs)
DRV - [2008/11/21 03:15:54 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/08/01 16:27:10 | 000,424,495 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexpf2k.sys -- (Viexpf2k)
DRV - [2008/07/01 11:50:34 | 000,021,504 | ---- | M] (InfoExpress) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\viexca2k.sys -- (Viexca2k)
DRV - [2008/05/23 14:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 14:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/05/20 04:00:00 | 000,023,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008/04/14 01:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 01:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 18:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/03/28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/21 13:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/28 20:51:48 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 20:51:42 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/05/09 18:47:10 | 000,024,521 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2006/05/09 18:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2006/05/09 18:46:42 | 000,155,216 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2003/06/06 15:10:40 | 000,241,065 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2002/08/14 04:37:58 | 000,032,016 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:49:42 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001/08/17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://jdonline.deere.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jdonline.deere.com/
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jdonline.deer...g/waterloo/AMS/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.dx.deere.com/proxyna.pac

========== FireFox ==========

FF - prefs.js..browser.search.update: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..network.proxy.autoconfig_url: "http://pac.dx.deere....om/firefox.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WebEx\Productivity Tools\ [2010/04/27 20:40:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 11:01:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/27 10:31:47 | 000,000,000 | ---D | M]

[2010/04/27 11:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Mozilla\Extensions
[2010/04/27 11:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Mozilla\Firefox\Profiles\tz5jjovv.default\extensions
[2010/04/27 11:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 11:01:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Program Files\Mozilla Firefox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/27 11:01:44 | 000,000,000 | ---D | M] (Web Developer) -- C:\Program Files\Mozilla Firefox\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/27 11:01:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/27 11:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/27 11:01:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staged-xpis

O1 HOSTS File: ([2010/04/26 00:24:17 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe (InfoExpress)
O4 - HKLM..\Run: [GetPrinters] C:\WINDOWS\Scripts\GetPrinters.vbe ()
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [LidPolicy] C:\Program Files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe ()
O4 - HKLM..\Run: [QWS3270 Sessions] C:\Program Files\QWS3270 PLUS\Sessions.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk = C:\WINDOWS\Installer\{8E453E1D-AE23-4A16-9A39-710A6C61306B}\Icon6560581611.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O9 - Extra 'Tools' menuitem : Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: deere.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: deere.com ([agcc] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([ascserver.jdnet] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([cceprojserver.jdnet] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([cimaps] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([dtac] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([f90casetrk.jdnet] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([f90smsprod1.jdnet] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([fcfvm001.jdnet] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([jdasintranet] https in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([jdprojects] * in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([jdqc2] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([jdsrs] * in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([pmdsweb] * in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([supportportal1] https in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([supportportal2] https in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([supportportal3] https in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([supportportal4] https in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([tirwebtop.dx] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([www.90] http in Trusted sites)
O15 - HKLM\..Trusted Domains: deere.com ([www.jdas] http in Trusted sites)
O15 - HKLM\..Trusted Domains: experian.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: fwagproj1 ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: jdisonline.com ([jdoapps] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mycatalogpool.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: navcomonline.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: phoeintl.com ([agile] https in Trusted sites)
O15 - HKLM\..Trusted Domains: reval.com ([*.r1first] * in Local intranet)
O15 - HKLM\..Trusted Domains: sap.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: sap-ag.de ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: softlinkliberty.net ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: taleo.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: deere.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: deere.com ([agcc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([ascserver.jdnet] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([cceprojserver.jdnet] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([cimaps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([dtac] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([f90casetrk.jdnet] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([f90smsprod1.jdnet] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([fcfvm001.jdnet] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([jdasintranet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([jdprojects] * in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([jdqc2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([jdsrs] * in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([pmdsweb] * in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([supportportal1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([supportportal2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([supportportal3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([supportportal4] https in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([tirwebtop.dx] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([www.90] http in Trusted sites)
O15 - HKCU\..Trusted Domains: deere.com ([www.jdas] http in Trusted sites)
O15 - HKCU\..Trusted Domains: experian.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: fwagproj1 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: jdisonline.com ([jdoapps] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mycatalogpool.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: navcomonline.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: phoeintl.com ([agile] https in Trusted sites)
O15 - HKCU\..Trusted Domains: reval.com ([*.r1first] * in Local intranet)
O15 - HKCU\..Trusted Domains: sap.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sap-ag.de ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: softlinkliberty.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: taleo.net ([]* in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1272414096144 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://qualitycenter...in/Spider91.cab (Loader Class v4)
O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_08)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {EF55A67E-D9E4-4151-B026-1BE1B535ABFD} http://LOCALHOST/ESD...omputerName.CAB (ESDComputerName.ESDGetComputerName)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.179.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jdnet.deere.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (PGPmapih.dll) - C:\WINDOWS\System32\PGPmapih.dll (PGP Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\temp\MSVDM-Desktop3.bmp
O24 - Desktop BackupWallPaper: C:\temp\MSVDM-Desktop3.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/06/06 11:00:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cf9705be-42bd-11df-b262-00216aac35b8}\Shell - "" = AutoRun
O33 - MountPoints2\{cf9705be-42bd-11df-b262-00216aac35b8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf9705be-42bd-11df-b262-00216aac35b8}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/06/06 10:44:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (63908430464679936)

========== Files/Folders - Created Within 90 Days ==========

[2010/04/27 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/27 11:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Mozilla
[2010/04/27 11:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Mozilla
[2010/04/27 09:27:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/27 09:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/26 11:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Blackberry Desktop
[2010/04/26 11:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Research In Motion
[2010/04/26 11:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/04/26 11:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2010/04/26 11:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/04/26 11:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/04/26 00:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\WinPatrol
[2010/04/26 00:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/04/26 00:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/26 00:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/04/25 16:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/25 16:15:02 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/25 16:14:50 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/25 15:58:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/25 15:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/25 15:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/25 15:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/04/25 15:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\a-squared Free
[2010/04/25 15:36:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/25 15:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Malwarebytes
[2010/04/25 15:27:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/25 15:27:43 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 15:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/25 15:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/24 12:08:49 | 000,000,000 | ---D | C] -- C:\Credit Report
[2010/04/17 12:38:18 | 000,528,384 | ---- | C] (HexaLock Ltd.) -- C:\WINDOWS\System32\HCPSMng.exe
[2010/04/16 20:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Mathsoft
[2010/04/16 15:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Desktop\Combined Environment
[2010/04/16 10:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\Meetings
[2010/04/15 09:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\GPS
[2010/04/14 09:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Desktop\EMC
[2010/04/13 10:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Mercury Interactive
[2010/04/13 10:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mercury Interactive
[2010/04/12 16:25:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/11 00:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Gael
[2010/04/11 00:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Real
[2010/04/10 23:38:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/10 23:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Sun
[2010/04/07 23:05:50 | 000,345,384 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2010/04/07 23:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Juniper Networks
[2010/04/07 22:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Western_Digital
[2010/04/07 22:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Western Digital
[2010/04/07 22:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/04/07 22:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/04/07 22:36:51 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2010/04/07 22:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/04/07 22:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Western Digital
[2010/04/07 16:45:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ms
[2010/04/07 16:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Webex
[2010/04/07 16:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Tracing
[2010/04/07 16:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\PGP Corporation
[2010/04/07 16:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\PGP Corporation
[2010/04/07 16:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\StatSoft
[2010/04/07 16:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\IconRepository
[2010/04/07 15:26:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ku94623\Application Data\Microsoft
[2010/04/07 15:26:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ku94623\SendTo
[2010/04/07 15:26:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ku94623\Recent
[2010/04/07 15:26:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ku94623\Application Data
[2010/04/07 15:26:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ku94623\Start Menu
[2010/04/07 15:26:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ku94623\My Documents\My Pictures
[2010/04/07 15:26:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ku94623\My Documents\My Music
[2010/04/07 15:26:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ku94623\My Documents
[2010/04/07 15:26:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ku94623\Favorites
[2010/04/07 15:26:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ku94623\UserData
[2010/04/07 15:26:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\ku94623\Cookies
[2010/04/07 15:26:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\ku94623\Local Settings
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Templates
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Symantec
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\SapWorkDir
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\ReliaSoft
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Productivity Tools
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\PrintHood
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\NetHood
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Microsoft Help
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Microsoft
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Mathsoft
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Macromedia
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\InstallShield
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Identities
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\HPV Solo 2007 SP2
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\FileZilla
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Desktop
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\ApplicationHistory
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Apple Computer
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Apple Computer
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Local Settings\Application Data\Adobe
[2010/04/07 15:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\Application Data\Adobe
[2010/04/07 15:24:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\EDMU
[2010/04/07 15:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/04/07 15:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/07 15:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/07 14:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Corporation
[2010/04/07 14:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/04/07 14:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/07 14:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/07 11:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\StatSoft
[2010/04/07 11:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\StatSoft
[2010/04/07 11:04:37 | 001,060,864 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf210.dll
[2010/04/07 11:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\StatSoft
[2010/04/07 10:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/07 10:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/07 10:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\PGP Corporation
[2010/04/07 10:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Symantec
[2010/03/23 23:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\SF iTC
[2010/03/21 23:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\Antenna MatLab Script
[2010/03/12 15:19:52 | 000,000,000 | ---D | C] -- C:\MATLAB
[2010/03/12 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EETS
[2010/03/12 14:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mathcadrd
[2010/03/12 14:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\TTERMPRO
[2010/03/12 14:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2010/03/12 14:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\PGP Corporation
[2010/03/12 14:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PGP Corporation
[2010/03/12 11:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mathcad
[2010/03/12 11:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ReliaSoft
[2010/03/12 11:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\ReliaSoft
[2010/03/12 11:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\FreeMind
[2010/03/12 11:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/03/12 11:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\QFTP
[2010/03/12 11:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Gael
[2010/03/12 11:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Gael
[2010/03/12 10:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ansys Inc
[2010/03/11 15:44:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\APPINSTCLEAN
[2010/03/11 13:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2010/03/11 13:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/03/11 13:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2010/03/11 13:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Juniper Networks
[2010/03/11 13:38:25 | 000,038,939 | ---- | C] (Nortel Networks) -- C:\WINDOWS\System32\eacfilt.dll
[2010/03/11 13:38:25 | 000,024,521 | ---- | C] (Nortel Networks) -- C:\WINDOWS\System32\drivers\eacfilt.sys
[2010/03/11 13:38:24 | 000,155,216 | ---- | C] (Nortel Networks NA, Inc.) -- C:\WINDOWS\System32\drivers\ipsecw2k.sys
[2010/03/11 13:38:24 | 000,032,837 | ---- | C] (Nortel Networks NA, Inc.) -- C:\WINDOWS\System32\exthook.dll
[2010/03/11 13:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Nortel Networks
[2010/03/11 13:38:15 | 000,131,072 | ---- | C] (iPass, Inc.) -- C:\WINDOWS\System32\iPassLLGina.dll
[2010/03/11 13:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iPass
[2010/03/11 13:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\JDRave
[2010/03/11 13:35:12 | 000,163,840 | ---- | C] (InfoExpress) -- C:\WINDOWS\System32\cahookd.dll
[2010/03/11 13:35:12 | 000,151,552 | ---- | C] (InfoExpress) -- C:\WINDOWS\System32\cahooknt.dll
[2010/03/11 13:35:12 | 000,065,536 | ---- | C] (InfoExpress) -- C:\WINDOWS\System32\pcsldr.exe
[2010/03/11 13:35:12 | 000,021,504 | ---- | C] (InfoExpress) -- C:\WINDOWS\System32\drivers\viexca2k.sys
[2010/03/11 13:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\CyberArmor
[2010/03/11 13:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/03/11 13:22:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CCM
[2010/03/11 13:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Imaging
[2010/03/11 13:21:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$UninstallRDC$
[2010/03/11 13:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ccmsetup
[2010/03/11 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/11 13:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/11 13:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Communicator
[2010/03/11 13:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2010/03/11 13:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/03/11 13:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/03/11 13:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/03/11 13:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/03/11 13:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2010/03/11 13:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2010/03/11 13:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\QWS3270 PLUS
[2010/03/11 11:40:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2010/03/11 11:27:11 | 000,163,840 | ---- | C] (Jorgen Bosman) -- C:\WINDOWS\poweroff.exe
[2010/03/11 11:27:11 | 000,040,960 | ---- | C] (Brett Bartholomew) -- C:\WINDOWS\Servedit.exe
[2010/03/11 11:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\JDBUILD
[2010/03/11 11:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/03/11 11:17:54 | 000,213,680 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010/03/11 11:17:53 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCtrl.dll
[2010/03/11 11:17:53 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010/03/11 11:17:53 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010/03/11 11:17:52 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\WINDOWS\System32\SynCOM.dll
[2010/03/11 11:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/03/11 11:12:12 | 000,049,152 | ---- | C] (RICOH Company, Ltd.) -- C:\WINDOWS\System32\drivers\rismc32.sys
[2010/03/11 11:12:11 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\WINDOWS\System32\rixdicon.dll
[2010/03/11 11:12:11 | 000,044,544 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rimsptsk.sys
[2010/03/11 11:12:11 | 000,038,400 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rixdptsk.sys
[2010/03/11 11:12:10 | 000,048,128 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rimmptsk.sys
[2010/03/11 11:12:08 | 000,114,688 | ---- | C] (RICOH) -- C:\WINDOWS\System32\RicohMediadriverVer.dll
[2010/03/11 11:11:30 | 000,032,356 | ---- | C] (Phoenix Technologies K.K.) -- C:\WINDOWS\System32\pusbfd1.sys
[2010/03/11 11:11:30 | 000,000,000 | ---D | C] -- C:\swsetup
[2010/03/11 11:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/03/11 11:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\hpqLog
[2010/03/11 11:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/03/11 11:09:48 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/03/11 11:08:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/03/11 11:08:51 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/03/11 11:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/03/11 11:08:41 | 000,000,000 | ---D | C] -- C:\Intel
[2010/03/11 11:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/03/11 10:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/03/11 10:59:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/03/09 10:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\Satellite
[2010/03/03 15:39:49 | 001,822,720 | ---- | C] (Advanced Software Engineering Limited) -- C:\Documents and Settings\ku94623\Desktop\chartdir41.dll
[2010/02/27 13:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\New Folder
[2010/02/25 06:08:03 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\drivers\mraid35x.sys
[2010/02/25 06:08:03 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/02/25 06:04:02 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\sparrow.sys
[2010/02/25 06:04:02 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/02/25 05:49:50 | 000,017,968 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmscsi.sys
[2010/02/25 02:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/02/25 02:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/25 00:50:56 | 000,110,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/25 00:50:56 | 000,048,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/25 00:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/25 00:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/02/25 00:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2010/02/25 00:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/02/25 00:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/25 00:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/02/25 00:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Viewer Central Inc
[2010/02/25 00:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/02/25 00:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/02/25 00:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/02/25 00:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/02/25 00:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/25 00:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/25 00:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/25 00:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/02/25 00:13:35 | 000,056,832 | ---- | C] (Graphitti) -- C:\WINDOWS\System32\grfcxl32.dll
[2010/02/25 00:13:35 | 000,034,816 | ---- | C] (Graphitti) -- C:\WINDOWS\System32\grsapx32.dll
[2010/02/25 00:13:29 | 003,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2010/02/25 00:13:28 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2010/02/25 00:13:27 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2010/02/25 00:13:27 | 000,253,952 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\vrfc32.dll
[2010/02/25 00:13:27 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[2010/02/25 00:12:42 | 000,068,640 | ---- | C] (MicroHelp, Inc.) -- C:\WINDOWS\System32\Gauge32.OCX
[2010/02/25 00:12:36 | 000,102,400 | ---- | C] (SAP AG) -- C:\WINDOWS\System32\libsapu16vc80.dll
[2010/02/25 00:12:35 | 004,251,648 | ---- | C] (SAP AG) -- C:\WINDOWS\System32\librfc32u.dll
[2010/02/25 00:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ESRI
[2010/02/25 00:12:14 | 001,228,800 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\wdba.dll
[2010/02/25 00:11:00 | 000,483,328 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\sapfcpl.cpl
[2010/02/25 00:10:14 | 000,114,688 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System32\h5dlg32.dll
[2010/02/25 00:10:06 | 001,654,784 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\SAPbtmp.dll
[2010/02/25 00:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SAP Shared
[2010/02/25 00:09:38 | 000,533,504 | ---- | C] (VisualTools Inc.) -- C:\WINDOWS\System32\vtssdl32.dll
[2010/02/25 00:09:36 | 003,796,992 | ---- | C] (SAP AG) -- C:\WINDOWS\System32\librfc32.dll
[2010/02/25 00:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\SAP
[2010/02/24 23:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/02/24 23:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/02/24 23:36:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/02/24 23:34:57 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/02/24 23:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/02/24 23:26:57 | 000,000,000 | ---D | C] -- C:\Oracle
[2010/02/24 23:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/02/24 23:14:22 | 000,000,000 | ---D | C] -- C:\SQLLIB
[2010/02/24 23:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/02/24 23:07:25 | 000,048,832 | ---- | C] (Tracker Software Products Ltd.) -- C:\WINDOWS\System32\pxc40pm.dll
[2010/02/24 23:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/02/24 23:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\HyperSnap 6
[2010/02/24 22:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/02/24 22:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/02/24 22:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/19 20:43:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\ku94623\My Documents\SharePoint Drafts
[2010/02/16 21:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\MyTIData
[2010/02/14 22:40:39 | 000,241,065 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\a320raid.sys
[2010/02/12 04:01:05 | 001,203,776 | ---- | C] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys
[2010/02/12 04:01:05 | 000,054,824 | ---- | C] (Agere Systems) -- C:\WINDOWS\agrsmdel.exe
[2010/02/12 04:01:05 | 000,013,312 | ---- | C] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
[2010/02/12 04:01:04 | 000,013,312 | ---- | C] (Agere Systems) -- C:\WINDOWS\System32\agrscoin.dll
[2010/02/12 03:17:53 | 000,024,064 | ---- | C] (Sonic Focus, Inc) -- C:\WINDOWS\System32\drivers\sfaudio.sys
[2010/02/05 11:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\OneNote Notebooks
[2010/02/02 19:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ku94623\My Documents\Standards

========== Files - Modified Within 90 Days ==========

[2010/04/27 23:05:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BCB4E4B4-2706-48F1-99F2-B0C7A043A95C}.job
[2010/04/27 23:05:00 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2565804A-B63C-41E5-9AC3-9E68E9039160}.job
[2010/04/27 23:00:48 | 000,000,475 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/04/27 22:59:36 | 000,000,256 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/04/27 22:58:48 | 000,332,521 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/27 22:56:58 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
[2010/04/27 22:56:44 | 000,039,848 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/04/27 22:56:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 22:56:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 21:45:28 | 000,332,521 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/04/27 20:52:15 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\ku94623\NTUSER.DAT
[2010/04/27 20:26:16 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/27 20:26:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ku94623\ntuser.ini
[2010/04/27 19:00:02 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\PGPStatus.job
[2010/04/27 18:11:11 | 002,639,138 | -H-- | M] () -- C:\Documents and Settings\ku94623\Local Settings\Application Data\IconCache.db
[2010/04/27 18:00:01 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\BrowserConfig.job
[2010/04/27 16:52:34 | 000,015,875 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SM Bi-weekly Status Report 2010-04-28.docx
[2010/04/27 11:17:55 | 000,249,285 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/27 11:17:53 | 000,161,508 | RHS- | M] () -- C:\Documents and Settings\ku94623\ntuser.pol
[2010/04/27 10:31:48 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/27 09:29:23 | 000,000,834 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/27 08:25:15 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/26 17:40:34 | 000,028,082 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Kana's 2010 Performance Management.pdf
[2010/04/26 15:43:05 | 000,000,419 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\lhhquyhxzckhyqvhncnoqop1272314584973-351194074.ics
[2010/04/26 11:27:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/04/26 00:24:17 | 000,000,734 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/25 16:14:43 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/25 16:14:40 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/25 15:58:45 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/24 10:15:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/23 10:32:38 | 000,285,696 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\MWG Antenna Bench Handling Shock Raw Data.doc
[2010/04/23 10:25:46 | 000,117,587 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\SAT MODULE DPFR Updated.xlsm
[2010/04/23 10:06:21 | 002,148,236 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\AeroAntenna L1 GPS GSM combination antenna Hardware Test Plan rev 4.0.docx
[2010/04/23 09:45:59 | 000,014,446 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\GPS GSM Antenna Reliability versus Time.WMF
[2010/04/23 09:39:03 | 000,039,856 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Iridium Antenna QCP.jpg
[2010/04/23 09:37:46 | 000,014,656 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Iridium Antenna Reliability versus Time.WMF
[2010/04/23 09:10:31 | 000,043,369 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\GPS GSM Antenna QCP.jpg
[2010/04/22 22:10:46 | 005,458,944 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Satellite Module HW DB 1B Test Plan ver 1.0.doc
[2010/04/22 13:55:32 | 000,000,952 | ---- | M] () -- C:\Documents and Settings\ku94623\Application Data\MT.dat
[2010/04/21 16:52:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/21 14:49:08 | 003,710,464 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\AeroAntenna L1 GPS GSM combination antenna Hardware Test Plan rev 4.0.doc
[2010/04/17 13:01:37 | 000,014,000 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\Follow up meeting on connector containimation.docx
[2010/04/17 12:38:18 | 000,528,384 | ---- | M] (HexaLock Ltd.) -- C:\WINDOWS\System32\HCPSMng.exe
[2010/04/17 12:38:18 | 000,307,200 | ---- | M] () -- C:\WINDOWS\System32\HCPSTool.dll
[2010/04/17 12:38:18 | 000,086,016 | ---- | M] () -- C:\WINDOWS\System32\HCPS98Tool.dll
[2010/04/16 15:57:13 | 002,372,355 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Combined Environment.zip
[2010/04/14 09:36:22 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\EMC Flowchart.vsd
[2010/04/14 09:36:22 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\ku94623\My Documents\~$$EMC Flowchart.~vsd
[2010/04/14 09:11:01 | 000,113,470 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Iridium Satellite Antenna HW Test Plan_Status_Rev 2.xlsx
[2010/04/13 16:34:32 | 000,016,009 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SM Bi-weekly Status Report 2010-04-14.docx
[2010/04/13 12:54:22 | 000,000,169 | ---- | M] () -- C:\WINDOWS\mercury.ini
[2010/04/12 21:45:52 | 000,046,335 | ---- | M] () -- C:\Functional Analysis.pdf
[2010/04/11 14:19:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\ku94623\My Documents\~$reless key.doc
[2010/04/07 16:46:10 | 000,527,398 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/07 16:46:10 | 000,446,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/07 16:46:10 | 000,072,882 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/07 16:46:10 | 000,004,764 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 16:46:10 | 000,000,621 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.h
[2010/04/07 16:17:21 | 000,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/07 11:05:02 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\STATISTICA.lnk
[2010/04/07 10:18:32 | 000,001,908 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/06 16:45:03 | 000,004,819 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\LMS8013329-60027954.vcs
[2010/04/06 09:05:54 | 000,010,680 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SharePoint woes.docx
[2010/04/06 08:40:02 | 000,928,926 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Satellite Module HW DB 1B Test Plan ver 1.pdf
[2010/04/06 07:41:08 | 000,378,267 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\SM HW Test Plan Sign-off.pdf
[2010/04/04 14:51:11 | 000,014,728 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Picture.jpg
[2010/04/01 13:52:00 | 000,015,318 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SM DB1B Structural Analysis.WMF
[2010/04/01 13:50:35 | 000,017,024 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SM DB1B Functional Analysis.WMF
[2010/04/01 10:55:38 | 002,573,498 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Bench Test Drop.rso7
[2010/04/01 10:54:29 | 000,052,029 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\SM DB1B Functional Analysis QCP.jpg
[2010/04/01 10:19:49 | 000,002,609 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\DB1B Structural Analysis Quick Calculation Pad.pdf
[2010/04/01 10:17:54 | 000,054,255 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\DB1B Structural Analysis Quick Calculation Pad.jpg
[2010/03/31 11:24:00 | 000,012,860 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SM Bench Handling Shock.rso7
[2010/03/30 18:52:01 | 000,015,653 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SM Bi-weekly Status Report 2010-03-30.docx
[2010/03/30 18:27:30 | 000,010,536 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Link to SM Test Reports.docx
[2010/03/30 18:10:23 | 000,190,999 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\SM HW Test Plan_Status_DB1B.xlsx
[2010/03/30 16:02:58 | 000,378,267 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SM HW Test Plan Sign-off.pdf
[2010/03/30 14:20:58 | 000,218,624 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SF iTC Alternative Capacitor Reliability Test Plan (2).doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 18:36:02 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SF iTC Alternative Capacitor Reliability Test Plan.doc
[2010/03/29 18:01:15 | 000,034,067 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\SFiTC Cap change Random Vibration Reliability Test Generator.xlsx
[2010/03/29 18:01:14 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\ku94623\My Documents\~$SFiTC Cap change Random Vibration Reliability Test Generator.xlsx
[2010/03/29 16:35:40 | 000,074,333 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\SF iTC Capacitor Reliability Demonstration Test Plan.docx
[2010/03/26 19:16:14 | 000,012,952 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\HW 4a.xmcd
[2010/03/26 19:14:45 | 000,023,249 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\HW 4.xmcd
[2010/03/26 17:01:32 | 000,030,227 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\SF3050 JDQ 53.3 Baseline.xlsx
[2010/03/25 07:50:54 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\ku94623\My Documents\Satellite Module Bench Handling Shock 17Mar10.xls
[2010/03/23 15:06:45 | 000,024,915 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\SM Rev 2 (DB1B) Test Readiness Checklist.xlsx
[2010/03/22 10:54:02 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\LMS8008884-60027315.vcs
[2010/03/12 18:37:34 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\Environmental Chamber 1.RDP
[2010/03/12 17:36:14 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\ku94623\Desktop\~$uide Test Report.doc
[2010/03/12 15:10:25 | 001,048,576 | RHS- | M] () -- C:\PGPWDE01
[2010/03/12 14:55:45 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mathcad 14.lnk
[2010/03/12 14:43:19 | 000,090,396 | ---- | M] () -- C:\WINDOWS\System32\PGPlspRollback.reg
[2010/03/12 11:41:06 | 000,000,575 | ---- | M] () -- C:\WINDOWS\{20237263-15F6-477B-A1EE-977C2E7DE896}_WiseFW.ini
[2010/03/12 11:41:05 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QFTP.lnk
[2010/03/12 11:38:34 | 000,001,865 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\MindGenius Business.lnk
[2010/03/12 11:38:33 | 000,000,051 | ---- | M] () -- C:\WINDOWS\KeyScript.ini
[2010/03/11 13:50:28 | 000,001,406 | ---- | M] () -- C:\WINDOWS\sysinfo.ini
[2010/03/11 13:39:51 | 000,003,870 | ---- | M] () -- C:\WINDOWS\Enterprise.jdb
[2010/03/11 13:39:44 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nortel Contivity.lnk
[2010/03/11 13:39:43 | 000,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iPass.lnk
[2010/03/11 13:39:43 | 000,001,204 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeereVPN.lnk
[2010/03/11 13:39:33 | 000,000,078 | ---- | M] () -- C:\WINDOWS\init.ini
[2010/03/11 13:23:24 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WebEx One-Click.lnk
[2010/03/11 13:19:35 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec NetBackup Desktop Agent.lnk
[2010/03/11 13:19:02 | 000,014,067 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2010/03/11 13:00:08 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start QWS3270.lnk
[2010/03/11 11:18:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/03/11 11:18:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/11 11:11:52 | 000,001,614 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_HP EliteBook 8730w_YN_0U_QCNU0088N87_EU_46_I30EC_SHP_VKBC Version 91.23_B68PAD Ver. F.10_T091207_WXP3_L409_M3037_J160_7Intel_8Pentium III Xeon_92.79_#100311_N808610F5_()_XMOBILE_CN10_Z_2F.10_G10DE063A.MRK
[2010/03/11 11:10:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/03/11 11:10:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2010/03/11 11:01:32 | 000,034,898 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/03/11 11:01:30 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/03/11 11:00:40 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/11 10:59:24 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/25 02:23:20 | 000,006,866 | ---- | M] () -- C:\WINDOWS\WSUSForceUpdate.lo_
[2010/02/25 01:36:04 | 000,070,328 | ---- | M] () -- C:\Documents and Settings\ku94623\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/25 01:04:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/02/25 00:51:10 | 000,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/25 00:51:10 | 000,048,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/25 00:51:10 | 000,008,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/25 00:51:10 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/25 00:10:08 | 000,011,750 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services.bak
[2010/02/24 23:14:20 | 000,004,308 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/24 12:07:30 | 000,000,211 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/02/16 21:49:38 | 001,400,021 | ---- | M] () -- C:\Documents and Settings\ku94623\Desktop\TI89Titanium_OS.89u
[2010/02/14 13:32:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\ku94623\Desktop\~$asskey.wps
[2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2010/04/27 19:13:09 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/27 10:31:48 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/27 09:14:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\BrowserConfig.job
[2010/04/27 08:29:38 | 000,015,875 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SM Bi-weekly Status Report 2010-04-28.docx
[2010/04/26 17:40:34 | 000,028,082 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Kana's 2010 Performance Management.pdf
[2010/04/26 15:43:16 | 000,000,419 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\lhhquyhxzckhyqvhncnoqop1272314584973-351194074.ics
[2010/04/26 11:32:26 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/04/26 11:27:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/04/25 16:15:31 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/25 15:58:45 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/23 10:32:38 | 000,285,696 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\MWG Antenna Bench Handling Shock Raw Data.doc
[2010/04/23 10:06:21 | 002,148,236 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\AeroAntenna L1 GPS GSM combination antenna Hardware Test Plan rev 4.0.docx
[2010/04/23 09:45:52 | 000,014,446 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\GPS GSM Antenna Reliability versus Time.WMF
[2010/04/23 09:39:03 | 000,039,856 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Iridium Antenna QCP.jpg
[2010/04/23 09:37:46 | 000,014,656 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Iridium Antenna Reliability versus Time.WMF
[2010/04/23 09:10:31 | 000,043,369 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\GPS GSM Antenna QCP.jpg
[2010/04/22 22:09:24 | 005,458,944 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Satellite Module HW DB 1B Test Plan ver 1.0.doc
[2010/04/22 11:00:09 | 000,000,952 | ---- | C] () -- C:\Documents and Settings\ku94623\Application Data\MT.dat
[2010/04/21 14:49:07 | 003,710,464 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\AeroAntenna L1 GPS GSM combination antenna Hardware Test Plan rev 4.0.doc
[2010/04/17 12:38:18 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\HCPSTool.dll
[2010/04/17 12:38:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\HCPS98Tool.dll
[2010/04/16 15:57:13 | 002,372,355 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Combined Environment.zip
[2010/04/16 10:28:18 | 000,014,000 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\Follow up meeting on connector containimation.docx
[2010/04/15 14:12:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ku94623\Local Settings\Application Data\FnF4.txt
[2010/04/14 09:36:22 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\EMC Flowchart.vsd
[2010/04/14 09:36:22 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\ku94623\My Documents\~$$EMC Flowchart.~vsd
[2010/04/14 09:11:01 | 000,113,470 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Iridium Satellite Antenna HW Test Plan_Status_Rev 2.xlsx
[2010/04/13 10:27:12 | 000,016,009 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SM Bi-weekly Status Report 2010-04-14.docx
[2010/04/13 10:08:06 | 000,000,169 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2010/04/12 21:45:52 | 000,046,335 | ---- | C] () -- C:\Functional Analysis.pdf
[2010/04/12 16:43:41 | 000,018,747 | ---- | C] () -- C:\WINDOWS\System32\HPCEAC06.HPI
[2010/04/12 16:35:49 | 000,000,256 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/04/11 14:19:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\ku94623\My Documents\~$reless key.doc
[2010/04/07 16:46:10 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/04/07 16:46:10 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.h
[2010/04/07 15:26:39 | 000,001,865 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\MindGenius Business.lnk
[2010/04/07 15:26:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ku94623\Local Settings\Application Data\QSwitch.txt
[2010/04/07 15:26:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ku94623\Local Settings\Application Data\DSwitch.txt
[2010/04/07 15:26:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ku94623\Local Settings\Application Data\AtStart.txt
[2010/04/07 15:26:37 | 007,340,032 | ---- | C] () -- C:\Documents and Settings\ku94623\NTUSER.DAT
[2010/04/07 15:26:37 | 000,161,508 | RHS- | C] () -- C:\Documents and Settings\ku94623\ntuser.pol
[2010/04/07 15:26:37 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\ku94623\NTUSER.DAT.LOG
[2010/04/07 15:26:37 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\ku94623\ntuser.ini
[2010/04/07 12:44:48 | 000,645,120 | ---- | C] () -- C:\WINDOWS\System32\config.gms
[2010/04/07 11:05:02 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\STATISTICA.lnk
[2010/04/06 16:47:28 | 000,004,819 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\LMS8013329-60027954.vcs
[2010/04/06 09:05:53 | 000,010,680 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SharePoint woes.docx
[2010/04/06 08:40:01 | 000,928,926 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Satellite Module HW DB 1B Test Plan ver 1.pdf
[2010/04/06 07:41:08 | 000,378,267 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\SM HW Test Plan Sign-off.pdf
[2010/04/04 14:51:10 | 000,014,728 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Picture.jpg
[2010/04/01 14:03:46 | 000,117,587 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\SAT MODULE DPFR Updated.xlsm
[2010/04/01 13:52:00 | 000,015,318 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SM DB1B Structural Analysis.WMF
[2010/04/01 13:50:35 | 000,017,024 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SM DB1B Functional Analysis.WMF
[2010/04/01 10:55:35 | 002,573,498 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Bench Test Drop.rso7
[2010/04/01 10:54:29 | 000,052,029 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\SM DB1B Functional Analysis QCP.jpg
[2010/04/01 10:19:47 | 000,002,609 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\DB1B Structural Analysis Quick Calculation Pad.pdf
[2010/04/01 10:17:53 | 000,054,255 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\DB1B Structural Analysis Quick Calculation Pad.jpg
[2010/04/01 09:31:24 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\Satellite Module Bench Handling Shock 17Mar10.xls
[2010/03/31 11:24:00 | 000,012,860 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SM Bench Handling Shock.rso7
[2010/03/30 18:27:29 | 000,010,536 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Link to SM Test Reports.docx
[2010/03/30 17:06:41 | 000,015,653 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SM Bi-weekly Status Report 2010-03-30.docx
[2010/03/30 16:48:21 | 000,190,999 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\SM HW Test Plan_Status_DB1B.xlsx
[2010/03/30 16:02:58 | 000,378,267 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SM HW Test Plan Sign-off.pdf
[2010/03/30 13:15:40 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SF iTC Alternative Capacitor Reliability Test Plan (2).doc
[2010/03/29 18:01:14 | 000,034,067 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SFiTC Cap change Random Vibration Reliability Test Generator.xlsx
[2010/03/29 18:01:14 | 000,000,165 | -H-- | C] () -- C:\Documents and Settings\ku94623\My Documents\~$SFiTC Cap change Random Vibration Reliability Test Generator.xlsx
[2010/03/29 17:25:57 | 000,218,112 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SF iTC Alternative Capacitor Reliability Test Plan.doc
[2010/03/29 17:11:23 | 000,285,696 | ---- | C] () -- C:\Documents and Settings\ku94623\My Documents\SF3000 ASIC Power-up fix Reliability Test Plan.doc
[2010/03/29 16:35:39 | 000,074,333 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\SF iTC Capacitor Reliability Demonstration Test Plan.docx
[2010/03/26 19:16:14 | 000,012,952 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\HW 4a.xmcd
[2010/03/26 11:10:42 | 000,030,227 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\SF3050 JDQ 53.3 Baseline.xlsx
[2010/03/24 23:43:23 | 000,023,249 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\HW 4.xmcd
[2010/03/23 15:06:45 | 000,024,915 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\SM Rev 2 (DB1B) Test Readiness Checklist.xlsx
[2010/03/22 10:54:02 | 000,002,318 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\LMS8008884-60027315.vcs
[2010/03/13 09:50:31 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\Environmental Chamber 1.RDP
[2010/03/12 17:36:14 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\ku94623\Desktop\~$uide Test Report.doc
[2010/03/12 17:16:03 | 000,197,120 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\iGuide Test Report.doc
[2010/03/12 15:10:25 | 001,048,576 | RHS- | C] () -- C:\PGPWDE01
[2010/03/12 15:03:21 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EETS.lnk
[2010/03/12 14:55:45 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mathcad 14.lnk
[2010/03/12 14:43:19 | 000,090,396 | ---- | C] () -- C:\WINDOWS\System32\PGPlspRollback.reg
[2010/03/12 14:43:17 | 000,002,295 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
[2010/03/12 11:41:05 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QFTP.lnk
[2010/03/12 11:41:02 | 000,000,575 | ---- | C] () -- C:\WINDOWS\{20237263-15F6-477B-A1EE-977C2E7DE896}_WiseFW.ini
[2010/03/12 11:38:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\KeyScript.ini
[2010/03/11 13:50:13 | 000,117,178 | ---- | C] () -- C:\WINDOWS\IDClean.exe
[2010/03/11 13:39:44 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nortel Contivity.lnk
[2010/03/11 13:39:43 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iPass.lnk
[2010/03/11 13:39:43 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeereVPN.lnk
[2010/03/11 13:39:33 | 000,000,078 | ---- | C] () -- C:\WINDOWS\init.ini
[2010/03/11 13:39:23 | 000,000,248 | ---- | C] () -- C:\WINDOWS\tasks\PGPStatus.job
[2010/03/11 13:35:12 | 000,424,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\viexpf2k.sys
[2010/03/11 13:35:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vsctool.dll
[2010/03/11 13:23:24 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WebEx One-Click.lnk
[2010/03/11 13:19:35 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec NetBackup Desktop Agent.lnk
[2010/03/11 13:19:24 | 000,002,038 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2010/03/11 13:19:02 | 000,003,389 | ---- | C] () -- C:\WINDOWS\sapmsg.ini
[2010/03/11 13:19:02 | 000,000,123 | ---- | C] () -- C:\WINDOWS\saproute.ini
[2010/03/11 13:15:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/03/11 13:15:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/03/11 13:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/03/11 13:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/03/11 13:15:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/03/11 13:15:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/03/11 13:00:08 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start QWS3270.lnk
[2010/03/11 11:40:17 | 000,001,406 | ---- | C] () -- C:\WINDOWS\sysinfo.ini
[2010/03/11 11:27:12 | 000,003,870 | ---- | C] () -- C:\WINDOWS\Enterprise.jdb
[2010/03/11 11:27:12 | 000,000,357 | ---- | C] () -- C:\WINDOWS\Select.jdb
[2010/03/11 11:27:12 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Userexit.ini
[2010/03/11 11:27:11 | 000,329,702 | ---- | C] () -- C:\WINDOWS\JDBClean.exe
[2010/03/11 11:27:11 | 000,080,384 | ---- | C] () -- C:\WINDOWS\Cusrmgr.exe
[2010/03/11 11:27:11 | 000,008,891 | ---- | C] () -- C:\WINDOWS\sysinfo.vbs
[2010/03/11 11:27:11 | 000,000,921 | ---- | C] () -- C:\WINDOWS\MoveOU.vbs
[2010/03/11 11:27:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\PowerOff.vbs
[2010/03/11 11:18:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/03/11 11:18:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/11 11:14:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpBat.cpl
[2010/03/11 11:11:49 | 000,001,614 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_HP EliteBook 8730w_YN_0U_QCNU0088N87_EU_46_I30EC_SHP_VKBC Version 91.23_B68PAD Ver. F.10_T091207_WXP3_L409_M3037_J160_7Intel_8Pentium III Xeon_92.79_#100311_N808610F5_()_XMOBILE_CN10_Z_2F.10_G10DE063A.MRK
[2010/03/11 11:11:30 | 000,026,629 | ---- | C] () -- C:\WINDOWS\System32\pusbfd2.vxd
[2010/03/11 11:10:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/03/11 11:10:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2010/03/11 11:08:31 | 000,332,521 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/03/11 11:08:31 | 000,332,521 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/11 11:01:29 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/03/11 11:01:29 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/03/11 10:59:45 | 000,202,019 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/11 10:59:45 | 000,039,848 | ---- | C] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/03/11 10:59:43 | 000,019,054 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/03/03 15:39:52 | 008,257,536 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\NovaControl.exe
[2010/02/25 06:18:31 | 000,000,475 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/02/25 01:04:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/02/25 00:50:56 | 000,008,014 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/25 00:50:56 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/25 00:13:27 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2010/02/25 00:13:27 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2010/02/25 00:10:15 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2010/02/25 00:10:15 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2010/02/25 00:10:14 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2010/02/25 00:10:14 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2010/02/25 00:10:14 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2010/02/25 00:09:38 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2010/02/24 23:16:20 | 000,001,908 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/16 21:47:59 | 001,400,021 | ---- | C] () -- C:\Documents and Settings\ku94623\Desktop\TI89Titanium_OS.89u
[2010/02/14 22:27:23 | 000,002,936 | ---- | C] () -- C:\WINDOWS\System32\e1y5132.din
[2010/02/14 13:32:20 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\ku94623\Desktop\~$asskey.wps
[2010/02/12 03:26:10 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/02/12 03:25:31 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/02/12 03:25:26 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/02/12 03:24:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/02/12 03:24:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/02/12 03:23:50 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/02/12 03:23:45 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/02/12 03:22:29 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/02/12 03:22:01 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/12/10 19:34:22 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig
[2007/06/28 20:59:47 | 000,024,063 | ---- | C] () -- C:\WINDOWS\saplogon (1).ini
[2005/10/14 17:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2003/08/22 09:58:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nv12_1206.sys
[2002/10/26 14:49:33 | 000,000,211 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/26 13:47:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2002/10/26 13:46:03 | 000,002,982 | ---- | C] () -- C:\WINDOWS\JDB.INI
[2002/10/26 13:44:05 | 000,004,194 | ---- | C] () -- C:\WINDOWS\IE60.INI
[2002/03/19 19:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll
[2002/03/19 18:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll

========== LOP Check ==========

[2010/03/11 13:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2010/04/26 00:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/03/11 13:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iPass
[2010/03/11 13:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/03/12 14:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2010/04/07 11:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StatSoft
[2010/04/07 22:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/24 22:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/25 15:58:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/26 11:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Blackberry Desktop
[2010/03/12 12:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\FileZilla
[2010/04/11 00:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Gael
[2010/04/07 23:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Juniper Networks
[2010/03/12 12:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Mathsoft
[2010/04/07 16:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\PGP Corporation
[2010/03/12 12:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Productivity Tools
[2010/04/23 08:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\ReliaSoft
[2010/04/26 11:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Research In Motion
[2010/04/07 16:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\StatSoft
[2010/04/24 11:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Webex
[2010/04/07 22:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\Western Digital
[2010/04/26 00:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ku94623\Application Data\WinPatrol
[2010/04/27 20:26:16 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/04/27 18:00:01 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\BrowserConfig.job
[2010/04/27 19:00:02 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\PGPStatus.job
[2010/04/27 23:05:00 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2565804A-B63C-41E5-9AC3-9E68E9039160}.job
[2010/04/27 23:05:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BCB4E4B4-2706-48F1-99F2-B0C7A043A95C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/27 22:55:44 | 000,001,116 | ---- | M] () -- C:\aaw7boot.log
[2002/06/06 11:00:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/11 11:00:40 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2002/06/06 11:00:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/12 21:45:52 | 000,046,335 | ---- | M] () -- C:\Functional Analysis.pdf
[2002/06/06 11:00:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/11 11:15:35 | 000,001,255 | ---- | M] () -- C:\MODSPEC.LOG
[2002/06/06 11:00:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/04/20 19:20:08 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/08/03 07:24:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/27 22:55:52 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/03/12 15:10:25 | 001,048,576 | RHS- | M] () -- C:\PGPWDE01
[2010/03/11 11:12:15 | 000,000,187 | ---- | M] () -- C:\setup.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/06/06 10:47:30 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/06/06 10:47:30 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/06/06 10:47:30 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/11 13:36:44 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\iPassP.sys
[2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/25 16:14:43 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/02/25 00:51:10 | 000,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
< End of report >

Extras.txt

OTL Extras logfile created on: 4/27/2010 11:03:40 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = F:\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 100.23 Gb Free Space | 67.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.69 Gb Total Space | 3.44 Gb Free Space | 93.44% Space Free | Partition Type: FAT32
Drive F: | 465.11 Gb Total Space | 427.31 Gb Free Space | 91.87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WDXKU94623N87
Current User Name: ku94623
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"80:TCP" = 80:TCP:*:Enabled:HTTP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe -- (ANSYS, Inc.)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe:*:Enabled:lspost.exe -- File not found
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe -- (Livermore Software Technology Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe -- (ActiveState Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe -- (ActiveState Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe -- (ANSYS, Inc.)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe -- (ANSYS, Inc.)
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe" = C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe -- (ActiveState Corporation)
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe" = C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe -- (ActiveState Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe -- File not found
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe" = C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe -- File not found
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe -- File not found
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe -- File not found
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe -- File not found
"C:\Program Files\QFTP\AutoUpdt.exe" = C:\Program Files\QFTP\AutoUpdt.exe:*:Enabled:JGS Automatic Update Utility -- (Jolly Giant Software Inc.)
"C:\Program Files\QFTP\QFTP.exe" = C:\Program Files\QFTP\QFTP.exe:*:Enabled:QFTP File Transfer -- (Jolly Giant Software Inc.)
"C:\Program Files\QFTP\QSendMail.exe" = C:\Program Files\QFTP\QSendMail.exe:*:Enabled:QFTP Mailsend -- (Jolly Giant Software Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ANSYS.exe:*:Enabled:ANSYS.exe -- (ANSYS, Inc.)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ans_admin.exe:*:Enabled:ans_admin.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970.exe:*:Enabled:ls970.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\ls970_DP.exe:*:Enabled:ls970_DP.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lspost.exe:*:Enabled:lspost.exe -- File not found
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\lsprepostd.exe:*:Enabled:lsprepostd.exe -- (Livermore Software Technology Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitest.exe:*:Enabled:mpitest.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\mpitestmpich.exe:*:Enabled:mpitestmpich.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\sxpost.exe:*:Enabled:sxpost.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe -- (ActiveState Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\wish.exe:*:Enabled:wish.exe -- (ActiveState Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYS\ANSYS.exe:*:Enabled:ANSYS.exe -- (ANSYS, Inc.)
"C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\bin\Intel\DANSYSMPICH\ANSYS.exe:*:Enabled:ANSYS.exe -- (ANSYS, Inc.)
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe" = C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\tclsh.exe:*:Enabled:tclsh.exe -- (ActiveState Corporation)
"C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe" = C:\Program Files\Ansys Inc\v100\CommonFiles\TCL\bin\Intel\wish.exe:*:Enabled:wish.exe -- (ActiveState Corporation)
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\catia\Intel\ac4catia.exe:*:Enabled:ac4catia.exe -- File not found
"C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe" = C:\Program Files\Ansys Inc\v100\CommonFiles\CATIAV5\Intel\code\bin\ac4catia5.exe:*:Enabled:ac4catia5.exe -- File not found
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\para\Intel\ac4para.exe:*:Enabled:ac4para.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\pro\Intel\ac4pro.exe:*:Enabled:ac4pro.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\sat\Intel\ac4sat.exe:*:Enabled:ac4sat.exe -- ()
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug10\Intel\ansconug10.exe:*:Enabled:ansconug10.exe -- File not found
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug20\Intel\ansconug20.exe:*:Enabled:ansconug20.exe -- File not found
"C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe" = C:\Program Files\Ansys Inc\v100\ANSYS\ac4\bin\ug30\Intel\ansconug30.exe:*:Enabled:ansconug30.exe -- File not found
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator -- (Microsoft Corporation)
"C:\Documents and Settings\ku94623\Local Settings\Application Data\asam.exe" = C:\Documents and Settings\ku94623\Local Settings\Application Data\asam.exe:*:Enabled:enable -- File not found
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20237263-15F6-477B-A1EE-977C2E7DE896}" = QFTP File Transfer
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M020 Help
"{20D9BC9C-E998-4027-93B4-6B68D7E93F8F}" = ReliaSoft DOE++
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy
"{2F2CA66A-63B7-4B11-9085-72AD180A3DCF}" = HPV Solo 2007 SP2
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{32B52B2C-155F-446A-8FF3-A957CEFB1C5E}" = ReliaSoft BlockSim 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38047EB4-B46A-4876-8619-365EEF65ECC6}" = ReliaSoft ALTA 7
"{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
"{3F86B892-8ABD-4499-AEB8-EA51A8A8C549}" = MindGenius Business
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{586E8694-1D52-4C35-BC98-EF1D530AE7C8}" = ESD ActiveX Control for Internet Explorer
"{593E635B-6D3E-4CD8-ABAF-A2E6C55641A6}" = STATISTICA 8.0.360.0 English
"{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}" = Onglet Commencer de Microsoft Office PowerPoint 2007
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Onglet Commencer de Microsoft Office Word 2007
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{7148F0A8-6813-11D6-A77B-00B0D0142080}" = Java 2 Runtime Environment, SE v1.4.2_08
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB92914-0A00-48C6-8DBB-F8E9D02B78B1}" = Microsoft Office Live Meeting 2007
"{80177F5E-0D38-4491-ADD1-E88B6CDFEE94}" = HP 3D DriveGuard
"{8796E14E-2031-463F-8A9A-31062B2652B4}" = Mathcad 14.0 M020
"{8D73F85D-3989-4D3F-B812-D3C63EE7BB50}" = Juniper Installer Service
"{8E453E1D-AE23-4A16-9A39-710A6C61306B}" = PGP Desktop
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Visio Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Visio Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Visio Language Pack 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ONENOTE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Visio Language Pack 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Visio Language Pack 2007 Service Pack 2 (SP2)
"{90120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{90120000-00A1-0000-0000-0000000FF1CE}_ONENOTE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0000-0000-0000000FF1CE}_ONENOTE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ONENOTE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ONENOTE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Visio Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office Visio Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9A9F7268-3899-4443-B071-B332493925AA}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
"{ABD23811-AA8F-416B-9EF6-E54D62F21A49}" = DB2 Administration Client
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B3A8DB93-D93F-4398-A35B-9114B79DBFDD}" = WebEx Productivity Tools
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD0F54C1-934A-4206-ACFF-6557816CAE4A}" = ANSYS 10.0
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}" = IE5 Registration
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C686E45E-5745-448E-B7DA-6A3BDFED4606}" = ReliaSoft Weibull++ 7
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
"{CEECF731-3F08-4210-8073-7E87F58C01D3}" = Microsoft Office Communicator 2007 R2, MUI
"{D2BE4C7A-DDB0-4A2F-B3DD-534A891E6255}" = Symantec NetBackup Desktop Agent
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D91EEFEB-965F-4975-9094-14808CC0D651}" = Windows Media Player 9 Series
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1" = PDF-XChange 4 Pro
"{E4ACD843-28D3-4FD3-8DAE-6BEBEB3B9DEA}" = WebEx Meeting Manager for Internet Explorer
"{E95E9C38-48B4-49C0-A5DD-160E7C9EF5B9}" = ReliaSoft Office 7
"{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}" = Roxio Media Manager
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M020 Resource Center
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A55445-B637-4CEA-A580-A8FC6954130D}" = HP Client Management Interface Providers
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"a-squared Free_is1" = a-squared Free 4.5
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BlackBerry_{39822393-2324-4705-9010-1AB76DA144A2}" = BlackBerry Desktop Software 4.6
"CyberArmor" = CyberArmor
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.0
"HijackThis" = HijackThis 2.0.2
"HyperSnap 6" = HyperSnap 6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy
"IObit Security 360_is1" = IObit Security 360
"JDRAVE" = JDRave for Windows
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2009b" = MATLAB R2009b
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ONENOTE" = Microsoft Office OneNote 2007
"Oracle For Windows" = Oracle 102020
"PROPLUS" = Microsoft Office Professional Plus 2007
"QWS3270 PLUS version 3.8" = QWS3270 PLUS 3.8.3
"RDC" = RDC
"SAPGUI710" = SAP GUI 7.10
"SendToX.PowerToy" = Send To Extensions PowerToy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tera Term Pro" = Tera Term Pro
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Script" = Microsoft Windows Script 5.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 11:57:31 PM | Computer Name = WDXKU94623N87 | Source = UserInit | ID = 1000
Description = Could not execute the following script EDadmin.vbe. The system cannot
find the file specified. .

Error - 4/27/2010 11:57:31 PM | Computer Name = WDXKU94623N87 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 4/27/2010 11:57:31 PM | Computer Name = WDXKU94623N87 | Source = UserInit | ID = 1000
Description = Could not execute the following script PBUpdate_Delay.vbs. The system
cannot find the file specified. .

Error - 4/27/2010 11:57:31 PM | Computer Name = WDXKU94623N87 | Source = UserInit | ID = 1000
Description = Could not execute the following script IntelWPC.vbe. The system cannot
find the file specified. .

Error - 4/27/2010 11:57:31 PM | Computer Name = WDXKU94623N87 | Source = UserInit | ID = 1000
Description = Could not execute the following script CallSMSInstall.vbs. The system
cannot find the file specified. .

Error - 4/27/2010 11:57:31 PM | Computer Name = WDXKU94623N87 | Source = UserInit | ID = 1000
Description = Could not execute the following script User_Info.vbs. The system cannot
find the file specified. .

Error - 4/27/2010 11:57:31 PM | Computer Name = WDXKU94623N87 | Source = UserInit | ID = 1000
Description = Could not execute the following script CAUser.vbs. The system cannot
find the file specified. .

Error - 4/27/2010 11:57:31 PM | Computer Name = WDXKU94623N87 | Source = UserInit | ID = 1000
Description = Could not execute the following script IE7_Policy_Fix.vbs. The system
cannot find the file specified. .

Error - 4/27/2010 11:57:31 PM | Computer Name = WDXKU94623N87 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\jdnet.deere.com\netLOGON\WWAg\Division\Scripts\SettingsBKUP.exe.
No network provider accepted the given network path. .

Error - 4/27/2010 11:58:41 PM | Computer Name = WDXKU94623N87 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for JDNET\ku94623 failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 4/22/2010 9:47:30 PM | Computer Name = WDXKU94623N87 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26454
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 4/26/2010 12:49:53 PM | Computer Name = WDXKU94623N87 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 340
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/18/2010 9:31:02 AM | Computer Name = WDXKU94623N87 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/18/2010 9:31:03 AM | Computer Name = WDXKU94623N87 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/18/2010 9:31:12 AM | Computer Name = WDXKU94623N87 | Source = Dhcp | ID = 1002
Description = The IP address lease 172.22.97.76 for the Network Card with network
address 00FF6037098A has been denied by the DHCP server 10.200.200.200 (The DHCP
Server sent a DHCPNACK message).

Error - 4/18/2010 9:31:15 AM | Computer Name = WDXKU94623N87 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/18/2010 11:18:20 AM | Computer Name = WDXKU94623N87 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 4/18/2010 11:33:25 AM | Computer Name = WDXKU94623N87 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 4/18/2010 12:03:23 PM | Computer Name = WDXKU94623N87 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 4/18/2010 1:03:24 PM | Computer Name = WDXKU94623N87 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 4/18/2010 1:35:30 PM | Computer Name = WDXKU94623N87 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain JDNET due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 4/18/2010 3:03:31 PM | Computer Name = WDXKU94623N87 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.


< End of report >

GMER.txt

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-27 22:24:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: c:\temp\pxtoikob.sys


---- System - GMER 1.0.15 ----

SSDT 88433318 ZwConnectPort
SSDT \SystemRoot\system32\drivers\viexca2k.sys (viexca2k/InfoExpress) ZwCreateKey [0xB7D459F0]
SSDT \SystemRoot\system32\drivers\viexca2k.sys (viexca2k/InfoExpress) ZwDeleteKey [0xB7D45B00]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF4E27350]
SSDT \SystemRoot\system32\drivers\viexca2k.sys (viexca2k/InfoExpress) ZwEnumerateKey [0xB7D45DC0]
SSDT \SystemRoot\system32\drivers\viexca2k.sys (viexca2k/InfoExpress) ZwEnumerateValueKey [0xB7D45EA0]
SSDT \SystemRoot\system32\drivers\viexca2k.sys (viexca2k/InfoExpress) ZwQueryKey [0xB7D45F80]
SSDT \SystemRoot\system32\drivers\viexca2k.sys (viexca2k/InfoExpress) ZwQueryValueKey [0xB7D46060]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF4E27580]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6A5C360, 0x33ABBD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 016908BE
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011A0060
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011A0010
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 01690680
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 016907C0
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01690780
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01690740
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] WS2_32.dll!bind 71AB4480 5 Bytes JMP 01690600
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01690640
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 016906C0
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] WS2_32.dll!accept 71AC1040 5 Bytes JMP 01690700
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] iphlpapi.dll!IcmpSendEcho 76D64B79 5 Bytes JMP 016902C0
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] iphlpapi.dll!IcmpCreateFile 76D64D5E 5 Bytes JMP 01690340
.text C:\PROGRA~1\CYBERA~1\pcs.exe[680] iphlpapi.dll!IcmpSendEcho2 76D6B73C 5 Bytes JMP 01690300
.text C:\Program Files\a-squared Free\a2service.exe[1180] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 00454E05 C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2032] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 32605436 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[2520] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 024E0001
.text C:\WINDOWS\Explorer.EXE[2520] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[2520] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[2520] ADVAPI32.dll!CreateProcessAsUserW 77DEA889 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[2520] ADVAPI32.dll!CreateProcessWithLogonW 77E15FD5 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2520] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15FD9 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Office Communicator\communicator.exe[2812] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 047F1169 C:\Program Files\WebEx\Productivity Tools\ptMsg.dll
.text F:\Antivirus\gmer\gmer.exe[3248] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text F:\Antivirus\gmer\gmer.exe[3248] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text F:\Antivirus\gmer\gmer.exe[3248] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text F:\Antivirus\gmer\gmer.exe[3248] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text F:\Antivirus\gmer\gmer.exe[3248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001
.text F:\Antivirus\gmer\gmer.exe[3248] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text F:\Antivirus\gmer\gmer.exe[3248] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text F:\Antivirus\gmer\gmer.exe[3248] ADVAPI32.dll!CreateProcessAsUserW 77DEA889 6 Bytes JMP 5F100F5A
.text F:\Antivirus\gmer\gmer.exe[3248] ADVAPI32.dll!CreateProcessWithLogonW 77E15FD5 3 Bytes [FF, 25, 1E]
.text F:\Antivirus\gmer\gmer.exe[3248] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15FD9 2 Bytes [05, 5F]
.text F:\Antivirus\gmer\gmer.exe[3248] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F190F5A
.text F:\Antivirus\gmer\gmer.exe[3248] ADVAPI32.dll!CreateServiceW 77E37381 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3529B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352937 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35297B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3528C3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3528FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3529F1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352BCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice PGPfsfd.sys (PGP FSFD/PGP Corporation)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109E60090400000000000F01FEC\Usage@EquationEditorFilesIntl_1033 1016791045

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 20: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 21: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 22: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 23: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 24: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 25: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 26: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 27: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 28: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 29: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 30: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 31: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 34: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 35: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 36: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 38: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 39: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 40: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 41: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 42: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 43: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 44: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 45: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 46: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 47: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 48: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 49: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 50: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 51: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 52: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 54: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 55: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 56: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 58: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 59: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

MBAM Log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4036

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/28/2010 1:02:17 AM
mbam-log-2010-04-28 (01-02-17).txt

Scan type: Quick scan
Objects scanned: 158203
Time elapsed: 1 hour(s), 23 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
RKinner
Posted 29 April 2010 - 09:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
What usually happens is the malware sets up a proxy on your computer. Then it forces IE or Firefox to send all traffic going to the internet to the proxy. Since it's a malware proxy it picks and chooses what goes to the internet and keeps you from going to certain anti-malware sites and perhaps sends copies of interesting traffic like passwords and credit cards to another address for harvesting. MBAM knows the proxy software is malware so removes it but doesn't realize that it's also a proxy so doesn't change the proxy settings on IE and FF. So now IE or Firefox still sends traffic to the proxy but there is no proxy so it doesn't go anywhere and you have lost connectivity to the internet.

We can see that that is the case here:

"IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
...
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555"

ProxyEnable=1 means use the proxy. Proxyserver tells us it is listening on port 5555 on 127.0.0.1 which is the localhost address so it's on your PC.

To fix it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

I think that's all that is left but it wouldn't hurt to run combofix:

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#3
KUdomon
Posted 01 May 2010 - 07:41 PM

KUdomon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hey Ron,

I have good news to report. I tried the first suggestion, but the boxes were already unchecked (I believe the system administrator had the settings locked). I used combofix and my IE7 works (connected as I type :)).

Thank you!!! Thank you!!!
  • 0

#4
RKinner
Posted 01 May 2010 - 09:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Would like to see your combofix log. GMER was reporting some odd signs and there may be more hiding that you don't notice.

Ron
  • 0

#5
KUdomon
Posted 01 May 2010 - 09:36 PM

KUdomon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Ron,

You were right! There is something still slightly off with my laptop. After my previous post (where I stated that I had run combofix and my issue was resolved), I was asked to update Windows XP. I restarted my laptop after updating it. After restarting it my IE 7 no longer worked. I ran combofix again, and it now works. Here is the combofix log file (from the second attempt):


ComboFix 10-05-01.04 - ku94623 05/01/2010 22:12:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1990 [GMT -5:00]
Running from: c:\documents and settings\ku94623\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: CyberArmor Client *enabled* {E503B27E-6391-4e17-B2CA-F910AF011E23}
.

((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 03:20 . 2010-05-02 03:20 16384 ----atw- c:\temp\Perflib_Perfdata_35c.dat
2010-05-02 03:20 . 2010-05-02 03:20 -------- d-----w- c:\temp\WPDNSE
2010-05-02 03:05 . 2010-05-02 03:05 16384 ----atw- c:\temp\Perflib_Perfdata_33c.dat
2010-05-01 16:34 . 2010-05-02 01:25 -------- d-----w- c:\temp\wz6908
2010-05-01 01:24 . 2010-05-01 01:24 -------- d-----w- c:\documents and settings\ku94623\Local Settings\Application Data\WebEx
2010-04-30 16:03 . 2010-04-30 16:03 -------- d-----w- c:\temp\WebEx
2010-04-29 19:38 . 2010-04-29 19:39 -------- d-----w- c:\temp\TD_80
2010-04-29 19:38 . 2010-04-29 19:38 -------- d-----w- c:\temp\Mercury Interactive
2010-04-29 15:50 . 2010-05-01 17:45 -------- d-----w- c:\temp\msohtmlclip1
2010-04-29 15:50 . 2010-04-29 15:50 -------- d-----w- c:\temp\msohtmlclip
2010-04-29 02:42 . 2010-04-29 03:11 -------- d-----w- c:\temp\hsperfdata_ku94623
2010-04-28 16:10 . 2010-04-28 16:10 -------- d-----w- c:\temp\Adobe
2010-04-28 07:00 . 2010-05-01 07:00 -------- d-----w- c:\temp\FireFoxCfg
2010-04-28 02:58 . 2010-05-02 01:25 -------- d-----w- c:\temp\VBE
2010-04-28 01:34 . 2010-04-28 01:34 -------- d-----w- c:\program files\ERUNT
2010-04-28 00:13 . 2010-04-25 21:14 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-27 16:01 . 2010-04-27 16:01 -------- d-----w- c:\documents and settings\ku94623\Local Settings\Application Data\Mozilla
2010-04-27 14:26 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-27 14:26 . 2006-10-27 00:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-26 16:35 . 2010-04-26 16:35 -------- d-----w- c:\documents and settings\ku94623\Application Data\Blackberry Desktop
2010-04-26 16:32 . 2010-04-27 13:25 256 ----a-w- c:\windows\system32\pool.bin
2010-04-26 16:32 . 2010-04-26 16:32 -------- d-----w- c:\documents and settings\ku94623\Application Data\Research In Motion
2010-04-26 16:29 . 2010-04-26 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-04-26 16:28 . 2010-04-26 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-26 16:27 . 2007-01-18 15:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-04-26 16:27 . 2010-04-26 16:27 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-04-26 16:27 . 2010-04-26 16:27 -------- d-----w- c:\program files\Research In Motion
2010-04-26 05:26 . 2010-04-26 05:26 -------- d-----w- c:\documents and settings\ku94623\Application Data\WinPatrol
2010-04-26 05:26 . 2010-04-26 05:26 -------- d-----w- c:\program files\BillP Studios
2010-04-26 05:13 . 2010-04-26 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-04-26 05:13 . 2010-04-26 05:13 -------- d-----w- c:\program files\IObit
2010-04-25 21:42 . 2010-04-25 21:42 -------- d-----w- c:\program files\Trend Micro
2010-04-25 21:15 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-25 21:14 . 2010-04-25 21:14 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-25 20:58 . 2010-04-25 20:58 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-25 20:58 . 2010-04-25 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-25 20:58 . 2010-04-25 20:58 -------- d-----w- c:\program files\Lavasoft
2010-04-25 20:52 . 2010-04-25 21:16 -------- d-----w- c:\program files\a-squared Free
2010-04-25 20:36 . 2010-04-25 20:37 -------- d-----w- c:\windows\system32\NtmsData
2010-04-25 20:28 . 2010-04-25 20:28 -------- d-----w- c:\documents and settings\ku94623\Application Data\Malwarebytes
2010-04-25 20:27 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 20:27 . 2010-04-25 20:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 20:27 . 2010-04-25 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-25 20:27 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 17:08 . 2010-04-26 22:37 -------- d-----w- C:\Credit Report
2010-04-17 17:38 . 2010-04-17 17:38 86016 ----a-w- c:\windows\system32\HCPS98Tool.dll
2010-04-17 17:38 . 2010-04-17 17:38 528384 ----a-w- c:\windows\system32\HCPSMng.exe
2010-04-17 17:38 . 2010-04-17 17:38 307200 ----a-w- c:\windows\system32\HCPSTool.dll
2010-04-17 01:47 . 2010-04-17 01:47 -------- d-----w- c:\documents and settings\ku94623\Local Settings\Application Data\Mathsoft
2010-04-16 13:07 . 2010-02-16 14:08 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-16 13:07 . 2010-02-16 13:25 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-16 13:07 . 2010-02-16 13:25 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-16 13:06 . 2009-12-24 06:59 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2010-04-16 13:06 . 2009-10-13 10:30 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2010-04-16 13:06 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-04-13 15:09 . 2010-04-13 15:09 -------- d-----w- c:\documents and settings\ku94623\Local Settings\Application Data\Mercury Interactive
2010-04-13 15:08 . 2010-04-13 15:08 -------- d-----w- c:\program files\Common Files\Mercury Interactive
2010-04-13 00:32 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-13 00:32 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-04-11 05:26 . 2010-04-11 05:26 -------- d-----w- c:\documents and settings\ku94623\Application Data\Gael
2010-04-11 04:38 . 2010-04-11 04:38 -------- d-----w- c:\windows\Sun
2010-04-08 04:05 . 2008-11-21 08:33 345384 ----a-w- c:\windows\system32\dsNcCredProv.dll
2010-04-08 04:05 . 2010-04-08 04:05 -------- d-----w- c:\documents and settings\ku94623\Application Data\Juniper Networks
2010-04-08 03:38 . 2010-04-08 03:38 -------- d-----w- c:\documents and settings\ku94623\Local Settings\Application Data\Western_Digital
2010-04-08 03:37 . 2010-04-08 03:37 -------- d-----w- c:\documents and settings\ku94623\Application Data\Western Digital
2010-04-08 03:36 . 2010-04-08 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2010-04-08 03:36 . 2010-04-08 03:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-04-08 03:36 . 2009-02-13 16:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2010-04-08 03:36 . 2010-04-08 03:36 -------- d-----w- c:\program files\Western Digital
2010-04-08 03:36 . 2010-04-08 03:36 -------- d-----w- c:\documents and settings\ku94623\Local Settings\Application Data\Western Digital
2010-04-08 03:35 . 2008-04-14 05:15 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-07 21:45 . 2010-04-07 21:45 -------- d-----w- c:\windows\ms
2010-04-07 21:19 . 2010-05-01 01:24 -------- d-----w- c:\documents and settings\ku94623\Application Data\Webex
2010-04-07 21:19 . 2010-05-02 03:20 -------- d-----w- c:\documents and settings\ku94623\Tracing
2010-04-07 21:19 . 2010-04-07 21:19 -------- d-----w- c:\documents and settings\ku94623\Local Settings\Application Data\PGP Corporation
2010-04-07 21:19 . 2010-04-07 21:19 -------- d-----w- c:\documents and settings\ku94623\Application Data\PGP Corporation
2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- c:\documents and settings\ku94623\Application Data\StatSoft
2010-04-07 21:10 . 2010-04-07 21:10 -------- d-----w- c:\documents and settings\ku94623\Local Settings\Application Data\IconRepository
2010-04-07 20:24 . 2010-04-07 21:11 -------- d-----w- c:\windows\EDMU
2010-04-07 20:11 . 2010-04-07 20:15 -------- d-----w- c:\program files\Microsoft Works
2010-04-07 20:08 . 2010-05-02 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-07 19:40 . 2010-04-07 19:44 -------- d-----w- c:\program files\Microsoft Corporation
2010-04-07 19:38 . 2010-04-07 19:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\StatSoft
2010-04-07 19:32 . 2010-04-07 19:32 -------- d-----w- c:\windows\system32\Adobe
2010-04-07 19:31 . 2010-04-07 19:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 16:04 . 2010-04-07 16:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\StatSoft
2010-04-07 16:04 . 2010-04-07 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\StatSoft
2010-04-07 16:04 . 2007-04-03 15:04 1060864 ----a-w- c:\windows\system32\cdintf210.dll
2010-04-07 16:03 . 2010-04-07 16:03 -------- d-----w- c:\program files\StatSoft
2010-04-07 15:20 . 2010-04-07 15:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\PGP Corporation
2010-04-07 15:15 . 2010-04-07 15:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Symantec
2010-04-07 14:22 . 2010-04-07 14:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PGP Corporation
2010-04-07 14:22 . 2010-04-07 14:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\PGP Corporation
2010-04-07 14:20 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-07 14:20 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-07 14:20 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-04-07 14:20 . 2008-04-14 05:15 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 03:17 . 2010-02-25 05:50 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-02 02:56 . 2010-03-11 18:35 -------- d-----w- c:\program files\CyberArmor
2010-05-01 22:39 . 2010-03-11 16:08 348921 ----a-w- c:\windows\system32\nvModes.dat
2010-04-26 16:28 . 2010-03-11 18:15 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-26 16:28 . 2010-03-11 18:16 -------- d-----w- c:\program files\Roxio
2010-04-26 16:28 . 2010-03-11 18:16 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-26 16:28 . 2010-03-11 16:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-23 13:31 . 2010-04-07 20:26 -------- d-----w- c:\documents and settings\ku94623\Application Data\ReliaSoft
2010-04-22 18:55 . 2010-04-22 16:00 952 ----a-w- c:\documents and settings\ku94623\Application Data\MT.dat
2010-04-15 19:11 . 2010-03-11 18:23 -------- d-----w- c:\program files\WebEx
2010-04-08 04:05 . 2010-03-11 18:39 -------- d-----w- c:\program files\Juniper Networks
2010-04-07 21:47 . 2009-08-03 15:02 96832 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-07 20:28 . 2010-03-11 18:00 -------- d-----w- c:\program files\QWS3270 PLUS
2010-04-07 16:08 . 2010-03-12 16:54 -------- d-----w- c:\program files\ReliaSoft
2010-04-07 16:07 . 2010-03-12 19:47 -------- d-----w- c:\program files\TTERMPRO
2010-04-07 16:03 . 2010-03-11 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-07 15:20 . 2010-02-25 05:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-12 23:00 . 2010-03-11 18:17 -------- d-----w- c:\program files\Microsoft Office Communicator
2010-03-12 20:03 . 2010-03-12 16:54 -------- d-----w- c:\program files\Common Files\ReliaSoft
2010-03-12 20:03 . 2010-03-12 20:03 -------- d-----w- c:\documents and settings\pgpinst1\Application Data\PGP Corporation
2010-03-12 20:03 . 2010-03-12 20:03 -------- d-----w- c:\program files\Common Files\EETS
2010-03-12 19:55 . 2010-03-12 19:55 -------- d-----w- c:\program files\Common Files\Mathcadrd
2010-03-12 19:53 . 2010-03-12 19:53 -------- d-----w- c:\documents and settings\pgpinst1\Application Data\Mathsoft
2010-03-12 19:47 . 2010-03-12 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PGP Corporation
2010-03-12 19:43 . 2010-03-12 19:43 90396 ----a-w- c:\windows\system32\PGPlspRollback.reg
2010-03-12 19:43 . 2010-03-12 19:43 -------- d-----w- c:\program files\PGP Corporation
2010-03-12 19:43 . 2010-03-12 19:43 -------- d-----w- c:\program files\Common Files\PGP Corporation
2010-03-12 16:58 . 2010-03-12 16:58 -------- d-----w- c:\documents and settings\eds1jdb\Application Data\Mathsoft
2010-03-12 16:58 . 2010-03-12 16:58 -------- d-----w- c:\program files\Mathcad
2010-03-12 16:56 . 2010-03-12 16:55 -------- d-----w- c:\documents and settings\eds1jdb\Application Data\ReliaSoft
2010-03-12 16:52 . 2010-03-12 16:52 -------- d-----w- c:\program files\FreeMind
2010-03-12 16:48 . 2010-03-11 18:17 -------- d-----w- c:\program files\Java
2010-03-12 16:47 . 2010-03-12 16:47 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-12 16:41 . 2010-03-12 16:41 -------- d-----w- c:\program files\QFTP
2010-03-12 16:38 . 2010-03-12 16:38 -------- d-----w- c:\program files\Common Files\Gael
2010-03-12 16:38 . 2010-03-12 16:38 -------- d-----w- c:\program files\Gael
2010-03-12 15:10 . 2010-03-12 15:10 -------- d-----w- c:\program files\Ansys Inc
2010-03-11 19:52 . 2010-03-11 19:52 -------- d-----w- c:\documents and settings\pgpinst1\Application Data\Webex
2010-03-11 18:50 . 2010-03-11 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\GroupPolicy
2010-03-11 18:39 . 2010-03-11 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2010-03-11 18:39 . 2010-03-11 18:39 -------- d-----w- c:\program files\Common Files\Juniper Networks
2010-03-11 18:39 . 2010-03-11 18:38 -------- d-----w- c:\program files\Nortel Networks
2010-03-11 18:36 . 2010-03-11 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\iPass
2010-03-11 18:36 . 2010-03-11 18:36 21419 ----a-w- c:\windows\system32\drivers\iPassP.sys
2010-03-11 18:35 . 2010-03-11 18:35 -------- d-----w- c:\program files\JDRave
2010-03-11 18:23 . 2010-03-11 18:23 -------- d-----w- c:\documents and settings\eds1jdb\Application Data\Productivity Tools
2010-03-11 18:21 . 2010-03-11 18:21 -------- d-----w- c:\program files\Windows Imaging
2010-03-11 18:19 . 2010-02-25 05:50 -------- d-----w- c:\program files\Symantec
2010-03-11 18:17 . 2010-03-11 18:17 -------- d-----w- c:\program files\Common Files\Java
2010-03-11 18:16 . 2010-03-11 18:16 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-03-11 18:16 . 2010-03-11 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-03-11 18:15 . 2010-03-11 18:15 -------- d-----w- c:\program files\InterVideo
2010-03-11 18:15 . 2010-03-11 18:15 -------- d-----w- c:\program files\Common Files\InterVideo
2010-03-11 18:14 . 2010-03-11 18:14 -------- d-----w- c:\documents and settings\eds1jdb\Application Data\InstallShield
2010-03-11 16:18 . 2010-03-11 16:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-03-11 16:18 . 2010-03-11 16:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-11 16:17 . 2010-03-11 16:17 -------- d-----w- c:\program files\Synaptics
2010-03-11 16:17 . 2010-03-11 16:09 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-11 16:17 . 2010-03-11 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-03-11 16:17 . 2010-02-25 05:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-03-11 16:11 . 2010-03-11 16:11 1614 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP EliteBook 8730w_YN_0U_QCNU0088N87_EU_46_I30EC_SHP_VKBC Version 91.23_B68PAD Ver. F.10_T091207_WXP3_L409_M3037_J160_7Intel_8Pentium III Xeon_92.79_#100311_N808610F5_()_XMOBILE_CN10_Z_2F.10_G10DE063A.MRK
2010-03-11 16:10 . 2010-03-11 16:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\hpqLog
2010-03-11 16:10 . 2010-03-11 16:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\hpqLog
2010-03-11 16:10 . 2010-03-11 16:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-03-11 16:10 . 2010-03-11 16:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-03-11 16:08 . 2010-03-11 16:08 -------- d-----w- c:\program files\Intel
2010-03-11 16:00 . 2010-03-11 16:00 -------- d-----w- c:\program files\Analog Devices
2010-03-11 15:59 . 2010-03-11 15:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-11 11:49 . 2004-10-25 16:40 841216 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 11:49 . 2005-04-21 00:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 11:49 . 2001-08-23 18:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2002-10-26 18:56 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:36 . 2010-04-07 20:26 70328 ----a-w- c:\documents and settings\ku94623\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 06:36 . 2010-04-07 16:07 70328 ----a-w- c:\documents and settings\smsservice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 06:36 . 2010-03-12 17:47 70328 ----a-w- c:\documents and settings\edsadmin1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 06:36 . 2010-03-11 20:42 70328 ----a-w- c:\documents and settings\buildadmin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 06:36 . 2010-03-11 19:51 70328 ----a-w- c:\documents and settings\pgpinst1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 06:36 . 2010-03-11 16:39 70328 ----a-w- c:\documents and settings\eds1jdb\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 05:51 . 2010-02-25 05:50 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-25 05:51 . 2010-02-25 05:50 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-24 13:11 . 2001-08-23 18:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2001-08-23 18:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 19:48 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-06-12 12:53 . 2010-02-25 05:13 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2008-06-12 12:53 . 2010-02-25 05:13 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2008-06-12 12:53 . 2010-02-25 05:13 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 12:53 . 2010-02-25 05:13 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
2008-06-12 12:53 . 2010-02-25 05:13 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2008-06-12 12:53 . 2010-02-25 05:13 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
.

((((((((((((((((((((((((((((( SnapShot@2010-05-02_01.26.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-01 02:58 . 2010-05-02 01:43 35088 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-05-01 02:58 . 2010-05-01 02:58 35088 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-05-01 02:58 . 2010-05-01 02:58 18704 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-05-01 02:58 . 2010-05-02 01:43 18704 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-05-01 02:58 . 2010-05-02 01:43 20240 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-05-01 02:58 . 2010-05-01 02:58 20240 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-05-02 00:27 . 2010-05-02 01:44 4124 c:\windows\SoftwareDistribution\EventCache\{65F3676B-CEAC-41D4-A123-82108DF54FAC}.bin
+ 2010-05-01 02:58 . 2010-05-02 01:43 239376 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\pj11icon.exe
- 2010-05-01 02:58 . 2010-05-01 02:58 239376 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\pj11icon.exe
- 2010-05-01 02:58 . 2010-05-01 02:58 217864 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\misc.exe
+ 2010-05-01 02:58 . 2010-05-02 01:43 217864 c:\windows\Installer\{91120000-003A-0000-0000-0000000FF1CE}\misc.exe
+ 2008-09-24 17:04 . 2008-09-24 17:04 1127424 c:\windows\Installer\a9b807.msp
+ 2008-09-24 17:05 . 2008-09-24 17:05 16381440 c:\windows\Installer\a9b813.msp
+ 2008-08-11 16:49 . 2008-08-11 16:49 22457344 c:\windows\Installer\a9b7fa.msp
+ 2007-04-22 01:16 . 2007-04-22 01:16 12490752 c:\windows\Installer\a9b7ee.msp
+ 2009-04-14 09:19 . 2009-04-14 09:19 10844160 c:\windows\Installer\a9b7d7.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-12-11 00:34 311352 ----a-w- c:\windows\system32\PGPfsshl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-18 13594624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-18 86016]
"nwiz"="nwiz.exe" [2009-03-18 1657376]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-20 1044480]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-09-03 288312]
"LidPolicy"="c:\program files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe" [2004-04-27 24576]
"AccelerometerSysTrayApplet"="c:\windows\System32\accelerometerST.exe" [2009-08-27 70200]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"QWS3270 Sessions"="c:\program files\qws3270 plus\sessions.exe" [2000-05-15 114743]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2009-12-12 5114208]
"ptmsgfrm.exe"="c:\program files\WebEx\Productivity Tools\ptmsgfrm.exe" [2008-12-05 42312]
"GetPrinters"="c:\windows\Scripts\GetPrinters.vbe" [2008-10-09 3489]
"CyberArmorHelper"="c:\program files\CyberArmor\pcshelp.exe" [2008-07-18 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PGPtray.exe.lnk - c:\windows\Installer\{8E453E1D-AE23-4A16-9A39-710A6C61306B}\Icon6560581611.exe [2010-3-12 55296]
Symantec NetBackup Desktop Agent.lnk - c:\program files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [2009-10-23 7497080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 00000000
"DisablePersonalDirChange"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoStartMenuEjectPC"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli PGPpwflt

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\0\0]
"Script"=PBUpdate_Delay.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\0\1]
"Script"=IntelWPC.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\1\0]
"Script"=CallSMSInstall.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\2\0]
"Script"=User_Info.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\2\1]
"Script"=CAUser.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\3\0]
"Script"=IE7_Policy_Fix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\4\0]
"Script"=\\jdnet.deere.com\netLOGON\WWAg\Division\Scripts\SettingsBKUP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\0\0]
"Script"=PBUpdate_Delay.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\0\1]
"Script"=IntelWPC.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\1\0]
"Script"=CallSMSInstall.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\2\0]
"Script"=User_Info.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\2\1]
"Script"=CAUser.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\3\0]
"Script"=IE7_Policy_Fix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\4\0]
"Script"=U90Logon.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970_DP.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\lsprepostd.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitest.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\sxpost.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"=
"c:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/25/2010 4:15 PM 64288]
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [12/10/2008 7:34 PM 134712]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2/12/2010 3:17 AM 24064]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [4/25/2010 3:52 PM 1872320]
R2 CyberArmorRunService;CyberArmor Run Service;c:\program files\CyberArmor\casvc.exe [3/11/2010 1:35 PM 77824]
R2 DLOChangeJournalSvc;Symantec NetBackup Desktop Agent Change Journal Reader;c:\program files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe [10/23/2009 9:16 PM 476536]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [11/4/2008 11:10 PM 87416]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [12/11/2008 8:08 AM 3575808]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/6/2007 3:24 PM 116928]
R2 Viexca2k;CyberArmor Registry Driver;c:\windows\system32\drivers\viexca2k.sys [3/11/2010 1:35 PM 21504]
R2 Viexpf2k;CyberArmor W2KDriver;c:\windows\system32\drivers\viexpf2k.sys [3/11/2010 1:35 PM 424495]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 11:28 AM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [3/11/2010 11:09 AM 228408]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2/14/2010 10:27 PM 240344]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [3/11/2010 1:38 PM 24521]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/23/2010 2:19 PM 102448]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4/7/2010 10:36 PM 11520]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/26/2010 12:13 AM 311568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1265264]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\Nortel Networks\Extranet_serv.exe [3/11/2010 1:38 PM 835584]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [3/11/2010 1:38 PM 155216]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [3/11/2010 11:12 AM 49152]
S4 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2/14/2010 10:40 PM 241065]
S4 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2/14/2010 10:40 PM 184888]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2/25/2010 5:49 AM 17968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\FileZilla]
2009-07-23 21:58 115593 ----a-w- c:\windows\Scripts\FileZilla_Config.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Mathcadrd]
2008-02-28 11:41 341 ----a-w- c:\program files\Common Files\Mathcadrd\Delrvalue.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Statistica8]
2008-02-05 21:13 179710 ----a-w- c:\windows\Scripts\Stat8Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2010-03-11 11:49 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-05-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:14]

2010-05-01 c:\windows\Tasks\BrowserConfig.job
- c:\windows\Scripts\FF_Config.exe [2010-04-27 22:11]

2010-05-01 c:\windows\Tasks\PGPStatus.job
- c:\windows\Scripts\VE.exe [2010-03-11 21:31]

2010-05-02 c:\windows\Tasks\User_Feed_Synchronization-{2565804A-B63C-41E5-9AC3-9E68E9039160}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]

2010-05-02 c:\windows\Tasks\User_Feed_Synchronization-{BCB4E4B4-2706-48F1-99F2-B0C7A043A95C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://jdonline.deere.com/wwag/waterloo/AMS/
mStart Page = hxxp://jdonline.deere.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: deere.com\agcc
Trusted Zone: deere.com\ascserver.jdnet
Trusted Zone: deere.com\cceprojserver.jdnet
Trusted Zone: deere.com\cimaps
Trusted Zone: deere.com\dtac
Trusted Zone: deere.com\f90casetrk.jdnet
Trusted Zone: deere.com\f90smsprod1.jdnet
Trusted Zone: deere.com\fcfvm001.jdnet
Trusted Zone: deere.com\jdasintranet
Trusted Zone: deere.com\jdprojects
Trusted Zone: deere.com\jdqc2
Trusted Zone: deere.com\jdsrs
Trusted Zone: deere.com\pmdsweb
Trusted Zone: deere.com\supportportal1
Trusted Zone: deere.com\supportportal2
Trusted Zone: deere.com\supportportal3
Trusted Zone: deere.com\supportportal4
Trusted Zone: deere.com\tirwebtop.dx
Trusted Zone: deere.com\www.90
Trusted Zone: deere.com\www.jdas
Trusted Zone: fwagproj1
Trusted Zone: jdisonline.com\jdoapps
Trusted Zone: phoeintl.com\agile
Trusted Zone: deere.com\agcc
Trusted Zone: deere.com\ascserver.jdnet
Trusted Zone: deere.com\cceprojserver.jdnet
Trusted Zone: deere.com\cimaps
Trusted Zone: deere.com\dtac
Trusted Zone: deere.com\f90casetrk.jdnet
Trusted Zone: deere.com\f90smsprod1.jdnet
Trusted Zone: deere.com\fcfvm001.jdnet
Trusted Zone: deere.com\jdasintranet
Trusted Zone: deere.com\jdprojects
Trusted Zone: deere.com\jdqc2
Trusted Zone: deere.com\jdsrs
Trusted Zone: deere.com\pmdsweb
Trusted Zone: deere.com\supportportal1
Trusted Zone: deere.com\supportportal2
Trusted Zone: deere.com\supportportal3
Trusted Zone: deere.com\supportportal4
Trusted Zone: deere.com\tirwebtop.dx
Trusted Zone: deere.com\www.90
Trusted Zone: deere.com\www.jdas
Trusted Zone: fwagproj1
Trusted Zone: jdisonline.com\jdoapps
Trusted Zone: phoeintl.com\agile
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://qualitycenter.deere.com/qcbin/Spider91.cab
DPF: {EF55A67E-D9E4-4151-B026-1BE1B535ABFD} - hxxp://LOCALHOST/ESD/ESDComputerName.CAB
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\ku94623\Application Data\Mozilla\Firefox\Profiles\tz5jjovv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\WebEx\Productivity Tools\components\OCFF.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("general.config.filename", "devtooI.cfg");
.
- - - - ORPHANS REMOVED - - - -

Toolbar-ITBar7Position - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 22:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\WININET.dll
c:\windows\system32\PGPhk.dll
c:\windows\system32\PGPfsshl.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\JDRAVE\JDRAVE\iPassPeriodicUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PGPserv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\PGP Corporation\PGP Desktop\PGPtray.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\progra~1\CYBERA~1\pcs.exe
c:\windows\system32\CCM\CcmExec.exe
c:\progra~1\CYBERA~1\pcshelp.exe
c:\program files\PGP Corporation\PGP Desktop\PGPfsd.exe
c:\program files\JDRAVE\JDRAVE\iPassPeriodicUpdateApp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-05-01 22:27:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-02 03:27
ComboFix2.txt 2010-05-02 01:28

Pre-Run: 106,741,325,824 bytes free
Post-Run: 106,588,901,376 bytes free

- - End Of File - - EA7C7CE062F99A6604B2A014B93DC039
  • 0

#6
RKinner
Posted 01 May 2010 - 10:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Not sure exactly what is happening here. Combofix is not reporting that it removed anything. What I do see from your OTL log is a malware proxy. The proxy is only for the user you were when you ran OTL. Perhaps you changed your user logon or were not able to contact your domain administrator so you got a slightly different logon. I see that both Firefox and IE are set up to use AutoConfigURLs which no doubt set the proxy. When this works then IE will work. When it doesn't (perhaps you are at home) then the malware proxy comes into play and you can't get out.

I also see a lot of vbs scripts but I think these must be from your company.

Script"=PBUpdate_Delay.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\0\1]
"Script"=IntelWPC.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\1\0]
"Script"=CallSMSInstall.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\2\0]
"Script"=User_Info.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\2\1]
"Script"=CAUser.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\3\0]
"Script"=IE7_Policy_Fix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-304107\Scripts\Logon\4\0]
"Script"=\\jdnet.deere.com\netLOGON\WWAg\Division\Scripts\SettingsBKUP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\0\0]
"Script"=PBUpdate_Delay.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\0\1]
"Script"=IntelWPC.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\1\0]
"Script"=CallSMSInstall.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\2\0]
"Script"=User_Info.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\2\1]
"Script"=CAUser.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\3\0]
"Script"=IE7_Policy_Fix.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-2139871995-682003330-628513\Scripts\Logon\4\0]
"Script"=U90Logon.vbs

I see in your event logs that sometimes these can't be found.

There is also one file which I can't identify:

Stat8Cfg.exe but I suspect your IT department would know about.

The next time you can't get out:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck the Use Proxy Server box.

Ron
  • 0

#7
KUdomon
Posted 02 May 2010 - 12:17 AM

KUdomon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Ron,

Yup - when I am at work, I am able to use IE7 to access external websites (Yahoo and Google) without a problem. Once I get home, IE7 is unable to connect to external websites. This behavior still happens even when I connect to my organization's VPN (that is from home I can connect to my organization's intranet, but still not able to access external websites. I can also access https:// sites from home). Right now I am not worried about it - I am able to connect to the intenet, but I have not restarted the machine since using combofix. I will see if it breaks again after restarting. I will post again if it breaks after a restart...

Thanks for your help!
  • 0

#8
RKinner
Posted 02 May 2010 - 07:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Next time you are home go and uncheck the Use Proxy box in IE. Then close IE and restart.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP