and now does not let me use google chrome as a broswer, IE7 only. Symantec routinely finds viruses and says they are cleaned from the
system after reboot. However, after a reboot a small window appears stating that remediation tasks could not be'completed.
I will post logs below. Also, after trying to start a topic at geekstogo, it does not allowme to post from the
infected machine. Any help is greatly appreciated. Thanks and have a good day. The names change daily. MBAM usually
finds backdoor or trojan.I apologize for lack of names.
MBAM Log
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
7/11/2010 9:29:35 PM
mbam-log-2010-07-11 (21-29-35).txt
Scan type: Quick scan
Objects scanned: 119455
Time elapsed: 3 minute(s), 32 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 4
Memory Processes Infected:
C:\Documents and Settings\Presenter\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Presenter\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Presenter\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-11 19:59:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\PRESEN~1\LOCALS~1\Temp\uxtiykod.sys
---- System - GMER 1.0.15 ----
SSDT 89FA6B90 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xABB60A20]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xABB61350]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xABB61110]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xABB61580]
---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\ohci1394.sys entry point in ".rsrc" section [0xB80C4114]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB659E360, 0x33ABBD, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AA000A
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A8000C
.text C:\WINDOWS\System32\svchost.exe[1364] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[3108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A
.text C:\WINDOWS\Explorer.EXE[3108] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D5000A
.text C:\WINDOWS\Explorer.EXE[3108] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C6000C
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6060] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A39EEC5
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\ohci1394.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
OTL Logs
OTL.TXT
OTL logfile created on: 7/11/2010 9:04:40 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Presenter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 257.42 Gb Free Space | 86.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 7.46 Gb Free Space | 99.80% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TS8730WIMAGE
Current User Name: Presenter
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/11 21:04:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
PRC - [2010/07/11 19:51:44 | 000,074,752 | -HS- | M] (Jznof) -- C:\Documents and Settings\Presenter\Application Data\SystemProc\lsass.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/02 10:40:46 | 000,755,200 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2009/07/02 10:40:46 | 000,189,952 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/07/02 08:18:25 | 002,058,776 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/02 08:18:25 | 000,367,128 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2009/07/02 08:18:24 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/07/02 08:16:16 | 001,044,480 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/12/11 07:08:52 | 003,575,808 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\ntmulti.exe
PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files\Lotus\Notes\nsd.exe
PRC - [2008/10/14 16:10:32 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/08/08 07:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/12 14:55:10 | 001,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/05/12 14:55:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 12:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/06/06 13:25:22 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/06/06 13:24:22 | 000,116,928 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/06/06 13:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/06 13:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 16:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2010/07/11 21:04:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
MOD - [2008/05/12 14:51:24 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/02 08:18:25 | 002,058,776 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/07/02 08:18:24 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2008/12/11 07:08:52 | 003,575,808 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/08/08 07:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/04/14 08:00:00 | 000,066,048 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\ahuia.exe -- (NetDDEdsdmmnmsrvc)
SRV - [2008/03/18 12:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/06 13:24:22 | 000,116,928 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/06/06 13:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/06/06 13:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/03/28 18:52:18 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\lugsj.sys -- (tmiqfnpo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys -- (Nmea)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\dapfem.sys -- (icpptwc)
DRV - [2010/06/17 08:36:44 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100707.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/17 08:36:44 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100707.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/21 18:41:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/21 18:41:01 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/17 18:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/12/02 13:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/07/02 10:12:45 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/02 08:21:44 | 000,205,232 | R--- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/02 08:21:36 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/07/02 08:21:36 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/07/02 08:20:41 | 006,251,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/07/02 08:18:38 | 004,202,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/07/02 08:18:25 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/02 08:17:38 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2009/07/02 08:16:16 | 000,338,944 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/07/02 08:16:16 | 000,024,064 | R--- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/03/27 05:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/03/19 11:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/05 23:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 15:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/29 15:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/06/12 14:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/28 18:51:48 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 18:51:42 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/12/20 01:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[2010/07/11 19:51:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 19:51:47 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Presenter\Application Data\SystemProc\lsass.exe (Jznof)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 15:36:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ed575268-74a7-11df-b938-0016eaef0590}\Shell - "" = AutoRun
O33 - MountPoints2\{ed575268-74a7-11df-b938-0016eaef0590}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ed575268-74a7-11df-b938-0016eaef0590}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (11272609819787264)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/11 21:04:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2010/07/11 19:51:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Presenter\Application Data\SystemProc
[2010/07/11 19:30:59 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/07/09 23:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/09 22:54:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/09 22:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/09 03:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/09 00:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/07/08 23:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/08 23:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/08 21:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/08 21:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/08 19:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/08 19:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/07 21:54:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/05 16:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/05 16:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/05 16:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/05 16:50:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/22 18:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Application Data\U3
[2010/06/14 12:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Application Data\InterVideo
[2010/06/10 21:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\IWA
[2010/06/10 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\MCO
[2010/06/10 21:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\SJU
[2010/06/10 21:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\PSE
[2010/06/08 20:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\JFK T5
[2010/04/21 08:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/15 16:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Application Data\Malwarebytes
[2010/04/15 16:02:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/15 16:02:30 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 16:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/15 16:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
========== Files - Modified Within 90 Days ==========
[2010/07/11 21:04:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2010/07/11 21:00:03 | 000,039,602 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/07/11 21:00:02 | 000,225,031 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/11 20:59:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/11 20:59:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 20:59:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/11 20:56:13 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
[2010/07/11 20:06:49 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Presenter\NTUSER.DAT
[2010/07/11 19:46:33 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Presenter\NTUSER.bak
[2010/07/11 19:46:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Presenter\ntuser.ini
[2010/07/11 19:37:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
[2010/07/11 19:26:50 | 000,000,235 | --S- | M] () -- C:\WINDOWS\System32\1266212616.dat
[2010/07/11 07:59:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/10 22:47:30 | 005,361,092 | -H-- | M] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\IconCache.db
[2010/07/10 22:16:54 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
[2010/07/10 22:16:54 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/09 22:54:23 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\NTREGOPT.lnk
[2010/07/09 22:54:23 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\ERUNT.lnk
[2010/07/05 17:19:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/27 16:53:36 | 000,130,560 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Task_100626_1700.doc
[2010/06/27 16:51:31 | 000,078,397 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\TO2 July Only_R1.xlsx
[2010/06/26 23:00:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/22 22:34:31 | 000,530,788 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 22:34:31 | 000,462,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 22:34:31 | 000,078,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 20:46:51 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Site Validation Check List Rev - RDU Checkpoint 1.xls
[2010/06/21 16:22:55 | 000,807,611 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\RDU Electrical Verification Rpt (SIB-081).pdf
[2010/06/21 07:42:25 | 002,174,464 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO ARRA GC ELEC SOWv3.doc
[2010/06/21 07:41:18 | 002,208,256 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA GC-Elec SOWv3.doc
[2010/06/18 12:20:33 | 002,170,368 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO ARRA GC ELEC SOW.doc
[2010/06/18 12:20:23 | 002,438,144 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\ATTCCB3U.doc
[2010/06/18 12:20:11 | 002,208,768 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA GC-Elec SOW.doc
[2010/06/18 11:37:21 | 002,880,000 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA Rigging SOWv2.doc
[2010/06/14 21:33:41 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 12:28:18 | 000,018,191 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Requisition MCO non-ARRA.xlsx
[2010/06/14 12:28:07 | 000,018,192 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Requisition MCO ARRA.xlsx
[2010/06/14 11:19:23 | 000,018,776 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\YYYY-MM-DD_Airport Code Daily Site Rpt.xlsx
[2010/06/14 11:19:14 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\2010-06-10 OMA Daily Site Rpt.xls
[2010/06/14 11:19:02 | 000,020,114 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\2010-06-10 ELP Daily Site Rpt.xlsx
[2010/06/14 11:17:15 | 002,470,912 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Ancillary Equipment Guide June 2010.doc
[2010/06/14 11:15:20 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\SOW_PSE_ARRAv1.doc
[2010/06/14 11:12:39 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\SOW_PSE_Non-ARRAv1.doc
[2010/06/11 15:03:18 | 001,472,512 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Cost estimate for Electrical- General at BUF for ARRA.xls
[2010/06/11 15:02:53 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Site Validation Check List Rev - 100525.xls
[2010/06/10 20:14:20 | 002,562,560 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\ARRA - Non ARRA Shipping Rigging Warehouse Template FINAL.doc
[2010/06/10 12:58:15 | 000,148,992 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\SOW_JFKT5_Non-ARRA.doc
[2010/06/10 03:26:38 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 03:10:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 21:26:53 | 000,203,264 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\JFK T5 Comments.doc
[2010/06/08 15:58:42 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\SOW_BUF_Non-ARRA.doc
[2010/06/08 15:58:30 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Presenter\My Documents\SOW_BUF_ARRA.doc
[2010/05/24 22:15:39 | 000,167,440 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Exit doors Lane 1
[2010/04/15 16:02:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Presenter\My Documents\Malwarebytes' Anti-Malware.lnk
[2010/04/15 15:35:16 | 000,013,176 | -HS- | M] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\480Xc4a
[2010/04/15 15:35:16 | 000,013,176 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\480Xc4a
========== Files Created - No Company Name ==========
[2010/07/11 19:46:16 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Presenter\NTUSER.tmp.LOG
[2010/07/09 22:54:23 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\NTREGOPT.lnk
[2010/07/09 22:54:23 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\ERUNT.lnk
[2010/07/08 19:00:11 | 000,000,235 | --S- | C] () -- C:\WINDOWS\System32\1266212616.dat
[2010/07/05 16:54:33 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/27 16:53:36 | 000,130,560 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Task_100626_1700.doc
[2010/06/27 16:51:31 | 000,078,397 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\TO2 July Only_R1.xlsx
[2010/06/26 23:00:11 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/21 16:35:37 | 000,169,472 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Site Validation Check List Rev - RDU Checkpoint 1.xls
[2010/06/21 16:22:55 | 000,807,611 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\RDU Electrical Verification Rpt (SIB-081).pdf
[2010/06/21 07:42:25 | 002,174,464 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO ARRA GC ELEC SOWv3.doc
[2010/06/21 07:41:18 | 002,208,256 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA GC-Elec SOWv3.doc
[2010/06/18 12:20:33 | 002,170,368 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO ARRA GC ELEC SOW.doc
[2010/06/18 12:20:23 | 002,438,144 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\ATTCCB3U.doc
[2010/06/18 12:20:11 | 002,208,768 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA GC-Elec SOW.doc
[2010/06/18 11:07:38 | 002,880,000 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA Rigging SOWv2.doc
[2010/06/14 12:28:17 | 000,018,191 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Requisition MCO non-ARRA.xlsx
[2010/06/14 12:28:06 | 000,018,192 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Requisition MCO ARRA.xlsx
[2010/06/14 11:19:23 | 000,018,776 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\YYYY-MM-DD_Airport Code Daily Site Rpt.xlsx
[2010/06/14 11:19:13 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\2010-06-10 OMA Daily Site Rpt.xls
[2010/06/14 11:19:02 | 000,020,114 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\2010-06-10 ELP Daily Site Rpt.xlsx
[2010/06/14 11:17:15 | 002,470,912 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Ancillary Equipment Guide June 2010.doc
[2010/06/14 11:15:19 | 000,162,816 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\SOW_PSE_ARRAv1.doc
[2010/06/14 11:12:39 | 000,164,352 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\SOW_PSE_Non-ARRAv1.doc
[2010/06/11 15:02:53 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Site Validation Check List Rev - 100525.xls
[2010/06/11 15:02:11 | 001,472,512 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Cost estimate for Electrical- General at BUF for ARRA.xls
[2010/06/10 19:50:16 | 002,562,560 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\ARRA - Non ARRA Shipping Rigging Warehouse Template FINAL.doc
[2010/06/10 12:43:44 | 000,148,992 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\SOW_JFKT5_Non-ARRA.doc
[2010/06/08 21:25:56 | 000,203,264 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\JFK T5 Comments.doc
[2010/06/08 15:58:41 | 000,164,352 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\SOW_BUF_Non-ARRA.doc
[2010/06/08 15:58:30 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Presenter\My Documents\SOW_BUF_ARRA.doc
[2010/05/24 22:15:39 | 000,167,440 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Exit doors Lane 1
[2010/04/15 16:02:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Presenter\My Documents\Malwarebytes' Anti-Malware.lnk
[2010/04/15 15:19:44 | 000,013,176 | -HS- | C] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\480Xc4a
[2010/04/15 15:19:44 | 000,013,176 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\480Xc4a
[2010/02/22 16:14:37 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2010/02/16 22:21:19 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/02 11:33:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/02 11:26:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/07/02 09:43:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/07/02 09:43:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/07/02 09:43:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/07/02 09:43:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/07/02 09:43:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/07/02 09:43:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/02 09:07:20 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/02 08:20:42 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/07/02 08:20:42 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/02 08:20:42 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/07/02 08:20:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/12 14:51:50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/04/14 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010/02/12 11:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/01/27 12:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2010/02/20 08:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009/07/02 10:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/31 21:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/29 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/16 22:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Bytemobile
[2010/06/14 12:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\InterVideo
[2010/02/16 22:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Sierra Wireless
[2010/07/11 19:51:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Presenter\Application Data\SystemProc
[2010/01/27 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Desktop Search
[2010/01/31 00:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Search
[2009/10/08 09:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Xerox
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/02 15:36:05 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/07/11 19:30:59 | 000,001,018 | ---- | M] () -- C:\avenger.txt
[2009/07/02 16:54:14 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/07/02 15:36:05 | 000,000,000 | ---- | M] () -- C:\config.sys
[2010/02/16 22:19:14 | 000,220,926 | ---- | M] () -- C:\drivers.log
[2009/07/02 15:36:05 | 000,000,000 | RHS- | M] () -- C:\io.sys
[2009/07/02 15:36:05 | 000,000,000 | RHS- | M] () -- C:\msdos.sys
[2009/07/02 15:36:05 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/02 15:36:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/11 20:59:17 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/07/02 15:36:22 | 000,008,196 | ---- | M] () -- C:\smsbootsect.bak
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/07/02 08:31:25 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/04/23 15:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
[2004/04/23 15:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP64.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/07/02 04:16:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/02 04:16:25 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/02 04:16:25 | 000,950,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 08:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 08:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 02:35:23
< End of report >
OTL.text was the only file to showfollowing the otl scan.
So I ran it again and it happened again. Below is the log.
OTL logfile created on: 7/11/2010 9:13:00 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Presenter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 257.38 Gb Free Space | 86.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.47 Gb Total Space | 7.46 Gb Free Space | 99.80% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TS8730WIMAGE
Current User Name: Presenter
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/11 21:04:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
PRC - [2010/07/11 19:51:44 | 000,074,752 | -HS- | M] (Jznof) -- C:\Documents and Settings\Presenter\Application Data\SystemProc\lsass.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/02 10:40:46 | 000,755,200 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2009/07/02 10:40:46 | 000,189,952 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/07/02 08:18:25 | 002,058,776 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/02 08:18:25 | 000,367,128 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2009/07/02 08:18:24 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/07/02 08:16:16 | 001,044,480 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/12/11 07:08:52 | 003,575,808 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\ntmulti.exe
PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files\Lotus\Notes\nsd.exe
PRC - [2008/10/14 16:10:32 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/08/08 07:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/12 14:55:10 | 001,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/05/12 14:55:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 12:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/06/06 13:25:22 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/06/06 13:24:22 | 000,116,928 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/06/06 13:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/06/06 13:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 16:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2010/07/11 21:04:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
MOD - [2008/05/12 14:51:24 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/02 08:18:25 | 002,058,776 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/07/02 08:18:24 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2008/12/11 07:08:52 | 003,575,808 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/08/08 07:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/04/14 08:00:00 | 000,066,048 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\ahuia.exe -- (NetDDEdsdmmnmsrvc)
SRV - [2008/03/18 12:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/06 13:24:22 | 000,116,928 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/06/06 13:23:46 | 001,821,376 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/06/06 13:22:34 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/03/28 18:52:18 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\lugsj.sys -- (tmiqfnpo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys -- (Nmea)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\dapfem.sys -- (icpptwc)
DRV - [2010/06/17 08:36:44 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100707.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/06/17 08:36:44 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100707.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/21 18:41:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/21 18:41:01 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/17 18:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/12/02 13:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/07/02 10:12:45 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/07/02 08:21:44 | 000,205,232 | R--- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/02 08:21:36 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/07/02 08:21:36 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/07/02 08:20:41 | 006,251,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/07/02 08:18:38 | 004,202,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/07/02 08:18:25 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/02 08:17:38 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2009/07/02 08:16:16 | 000,338,944 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/07/02 08:16:16 | 000,024,064 | R--- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/03/27 05:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/03/19 11:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/05 23:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 15:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/29 15:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/06/12 14:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/28 18:51:48 | 000,189,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/03/28 18:51:42 | 000,024,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/12/20 01:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[2010/07/11 19:51:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 19:51:47 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Presenter\Application Data\SystemProc\lsass.exe (Jznof)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 15:36:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ed575268-74a7-11df-b938-0016eaef0590}\Shell - "" = AutoRun
O33 - MountPoints2\{ed575268-74a7-11df-b938-0016eaef0590}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ed575268-74a7-11df-b938-0016eaef0590}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/07/11 21:04:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2010/07/11 19:51:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Presenter\Application Data\SystemProc
[2010/07/11 19:30:59 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/07/09 23:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/09 22:54:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/09 22:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/09 03:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/09 00:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/07/08 23:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/08 23:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/08 21:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/08 21:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/08 19:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/08 19:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/07 21:54:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/05 16:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/05 16:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/05 16:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/05 16:50:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/22 18:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Application Data\U3
[2010/06/14 12:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Application Data\InterVideo
[2010/06/10 21:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\IWA
[2010/06/10 21:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\MCO
[2010/06/10 21:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\SJU
[2010/06/10 21:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\PSE
[2010/06/08 20:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\JFK T5
[2010/04/21 08:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/15 16:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Application Data\Malwarebytes
[2010/04/15 16:02:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/15 16:02:30 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 16:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/15 16:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
========== Files - Modified Within 90 Days ==========
[2010/07/11 21:13:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/11 21:04:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
[2010/07/11 21:00:03 | 000,039,602 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/07/11 21:00:02 | 000,225,031 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/11 20:59:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/11 20:59:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 20:59:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/11 20:56:13 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
[2010/07/11 20:06:49 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Presenter\NTUSER.DAT
[2010/07/11 19:46:33 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Presenter\NTUSER.bak
[2010/07/11 19:46:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Presenter\ntuser.ini
[2010/07/11 19:37:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
[2010/07/11 19:26:50 | 000,000,235 | --S- | M] () -- C:\WINDOWS\System32\1266212616.dat
[2010/07/10 22:47:30 | 005,361,092 | -H-- | M] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\IconCache.db
[2010/07/10 22:16:54 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
[2010/07/10 22:16:54 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/09 22:54:23 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\NTREGOPT.lnk
[2010/07/09 22:54:23 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\ERUNT.lnk
[2010/07/05 17:19:23 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/27 16:53:36 | 000,130,560 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Task_100626_1700.doc
[2010/06/27 16:51:31 | 000,078,397 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\TO2 July Only_R1.xlsx
[2010/06/26 23:00:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/22 22:34:31 | 000,530,788 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 22:34:31 | 000,462,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 22:34:31 | 000,078,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 20:46:51 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Site Validation Check List Rev - RDU Checkpoint 1.xls
[2010/06/21 16:22:55 | 000,807,611 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\RDU Electrical Verification Rpt (SIB-081).pdf
[2010/06/21 07:42:25 | 002,174,464 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO ARRA GC ELEC SOWv3.doc
[2010/06/21 07:41:18 | 002,208,256 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA GC-Elec SOWv3.doc
[2010/06/18 12:20:33 | 002,170,368 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO ARRA GC ELEC SOW.doc
[2010/06/18 12:20:23 | 002,438,144 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\ATTCCB3U.doc
[2010/06/18 12:20:11 | 002,208,768 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA GC-Elec SOW.doc
[2010/06/18 11:37:21 | 002,880,000 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA Rigging SOWv2.doc
[2010/06/14 21:33:41 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 12:28:18 | 000,018,191 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Requisition MCO non-ARRA.xlsx
[2010/06/14 12:28:07 | 000,018,192 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Requisition MCO ARRA.xlsx
[2010/06/14 11:19:23 | 000,018,776 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\YYYY-MM-DD_Airport Code Daily Site Rpt.xlsx
[2010/06/14 11:19:14 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\2010-06-10 OMA Daily Site Rpt.xls
[2010/06/14 11:19:02 | 000,020,114 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\2010-06-10 ELP Daily Site Rpt.xlsx
[2010/06/14 11:17:15 | 002,470,912 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Ancillary Equipment Guide June 2010.doc
[2010/06/14 11:15:20 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\SOW_PSE_ARRAv1.doc
[2010/06/14 11:12:39 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\SOW_PSE_Non-ARRAv1.doc
[2010/06/11 15:03:18 | 001,472,512 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Cost estimate for Electrical- General at BUF for ARRA.xls
[2010/06/11 15:02:53 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Site Validation Check List Rev - 100525.xls
[2010/06/10 20:14:20 | 002,562,560 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\ARRA - Non ARRA Shipping Rigging Warehouse Template FINAL.doc
[2010/06/10 12:58:15 | 000,148,992 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\SOW_JFKT5_Non-ARRA.doc
[2010/06/10 03:26:38 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 03:10:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/08 21:26:53 | 000,203,264 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\JFK T5 Comments.doc
[2010/06/08 15:58:42 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\SOW_BUF_Non-ARRA.doc
[2010/06/08 15:58:30 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\Presenter\My Documents\SOW_BUF_ARRA.doc
[2010/05/24 22:15:39 | 000,167,440 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Exit doors Lane 1
[2010/04/15 16:02:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Presenter\My Documents\Malwarebytes' Anti-Malware.lnk
[2010/04/15 15:35:16 | 000,013,176 | -HS- | M] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\480Xc4a
[2010/04/15 15:35:16 | 000,013,176 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\480Xc4a
========== Files Created - No Company Name ==========
[2010/07/11 19:46:16 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Presenter\NTUSER.tmp.LOG
[2010/07/09 22:54:23 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\NTREGOPT.lnk
[2010/07/09 22:54:23 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\ERUNT.lnk
[2010/07/08 19:00:11 | 000,000,235 | --S- | C] () -- C:\WINDOWS\System32\1266212616.dat
[2010/07/05 16:54:33 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/27 16:53:36 | 000,130,560 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Task_100626_1700.doc
[2010/06/27 16:51:31 | 000,078,397 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\TO2 July Only_R1.xlsx
[2010/06/26 23:00:11 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/21 16:35:37 | 000,169,472 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Site Validation Check List Rev - RDU Checkpoint 1.xls
[2010/06/21 16:22:55 | 000,807,611 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\RDU Electrical Verification Rpt (SIB-081).pdf
[2010/06/21 07:42:25 | 002,174,464 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO ARRA GC ELEC SOWv3.doc
[2010/06/21 07:41:18 | 002,208,256 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA GC-Elec SOWv3.doc
[2010/06/18 12:20:33 | 002,170,368 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO ARRA GC ELEC SOW.doc
[2010/06/18 12:20:23 | 002,438,144 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\ATTCCB3U.doc
[2010/06/18 12:20:11 | 002,208,768 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA GC-Elec SOW.doc
[2010/06/18 11:07:38 | 002,880,000 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\MCO Non-ARRA Rigging SOWv2.doc
[2010/06/14 12:28:17 | 000,018,191 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Requisition MCO non-ARRA.xlsx
[2010/06/14 12:28:06 | 000,018,192 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Requisition MCO ARRA.xlsx
[2010/06/14 11:19:23 | 000,018,776 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\YYYY-MM-DD_Airport Code Daily Site Rpt.xlsx
[2010/06/14 11:19:13 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\2010-06-10 OMA Daily Site Rpt.xls
[2010/06/14 11:19:02 | 000,020,114 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\2010-06-10 ELP Daily Site Rpt.xlsx
[2010/06/14 11:17:15 | 002,470,912 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Ancillary Equipment Guide June 2010.doc
[2010/06/14 11:15:19 | 000,162,816 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\SOW_PSE_ARRAv1.doc
[2010/06/14 11:12:39 | 000,164,352 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\SOW_PSE_Non-ARRAv1.doc
[2010/06/11 15:02:53 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Site Validation Check List Rev - 100525.xls
[2010/06/11 15:02:11 | 001,472,512 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Cost estimate for Electrical- General at BUF for ARRA.xls
[2010/06/10 19:50:16 | 002,562,560 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\ARRA - Non ARRA Shipping Rigging Warehouse Template FINAL.doc
[2010/06/10 12:43:44 | 000,148,992 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\SOW_JFKT5_Non-ARRA.doc
[2010/06/08 21:25:56 | 000,203,264 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\JFK T5 Comments.doc
[2010/06/08 15:58:41 | 000,164,352 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\SOW_BUF_Non-ARRA.doc
[2010/06/08 15:58:30 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Presenter\My Documents\SOW_BUF_ARRA.doc
[2010/05/24 22:15:39 | 000,167,440 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Exit doors Lane 1
[2010/04/15 16:02:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Presenter\My Documents\Malwarebytes' Anti-Malware.lnk
[2010/04/15 15:19:44 | 000,013,176 | -HS- | C] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\480Xc4a
[2010/04/15 15:19:44 | 000,013,176 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\480Xc4a
[2010/02/22 16:14:37 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2010/02/16 22:21:19 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/02 11:33:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/02 11:26:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/07/02 09:43:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/07/02 09:43:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/07/02 09:43:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/07/02 09:43:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/07/02 09:43:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/07/02 09:43:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/02 09:07:20 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/07/02 08:20:42 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/07/02 08:20:42 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/02 08:20:42 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/07/02 08:20:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/12 14:51:50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/04/14 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010/02/12 11:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/01/27 12:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2010/02/20 08:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009/07/02 10:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/31 21:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/29 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/16 22:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Bytemobile
[2010/06/14 12:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\InterVideo
[2010/02/16 22:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Sierra Wireless
[2010/07/11 19:51:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Presenter\Application Data\SystemProc
[2010/01/27 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Desktop Search
[2010/01/31 00:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Search
[2009/10/08 09:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Xerox
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/02 15:36:05 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/07/11 19:30:59 | 000,001,018 | ---- | M] () -- C:\avenger.txt
[2009/07/02 16:54:14 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/07/02 15:36:05 | 000,000,000 | ---- | M] () -- C:\config.sys
[2010/02/16 22:19:14 | 000,220,926 | ---- | M] () -- C:\drivers.log
[2009/07/02 15:36:05 | 000,000,000 | RHS- | M] () -- C:\io.sys
[2009/07/02 15:36:05 | 000,000,000 | RHS- | M] () -- C:\msdos.sys
[2009/07/02 15:36:05 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/02 15:36:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/11 20:59:17 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/07/02 15:36:22 | 000,008,196 | ---- | M] () -- C:\smsbootsect.bak
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/07/02 08:31:25 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/04/23 15:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD64.DLL
[2004/04/23 15:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP64.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/04 13:20:32 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/05/04 13:20:33 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/04 13:20:36 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/07/02 04:16:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/02 04:16:25 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/02 04:16:25 | 000,950,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 08:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 08:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 02:35:23
< End of report >
Please help. Thanks.