[pattyL]

Just recently my computer has become really, really slow. I ran Malwarebytes, but it did not find any infections. I have posted the GMER and OTL logs below. There was also an "OTL extras" file that was generated, so I posted that as well (wasn't sure if you need it)


Please help!

Thanks!

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-07 08:52:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ecoles\LOCALS~1\Temp\pxloikow.sys


---- System - GMER 1.0.15 ----

SSDT 86E12D70 ZwAlertResumeThread
SSDT 86E12DA8 ZwAlertThread
SSDT 86EA4008 ZwAllocateVirtualMemory
SSDT 86EAC830 ZwConnectPort
SSDT 86E85B48 ZwCreateMutant
SSDT 86E35260 ZwCreateThread
SSDT 86F7ABF8 ZwFreeVirtualMemory
SSDT 86E8C8C0 ZwImpersonateAnonymousToken
SSDT 86E86B58 ZwImpersonateThread
SSDT 86FC9160 ZwMapViewOfSection
SSDT 86E85AC8 ZwOpenEvent
SSDT 86E57368 ZwOpenProcessToken
SSDT 86EAD148 ZwOpenThreadToken
SSDT 86E06140 ZwResumeThread
SSDT 86E9D198 ZwSetContextThread
SSDT 86E2D188 ZwSetInformationProcess
SSDT 86E10148 ZwSetInformationThread
SSDT 86E85A90 ZwSuspendProcess
SSDT 86E22F48 ZwSuspendThread
SSDT 86EB2988 ZwTerminateProcess
SSDT 86F80058 ZwTerminateThread
SSDT 86EB2218 ZwUnmapViewOfSection
SSDT 86F2F008 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 8 Bytes CALL 627D7337

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxIndirectParamW 7E432072 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E352076 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FF7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35203B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F83 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351FBD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3520B1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3212] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201772 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3212] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352273 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3aa583c5
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3aa583c5@000d3aa4de49 0xD8 0xA9 0xFC 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d3aa583c5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d3aa583c5@000d3aa4de49 0xD8 0xA9 0xFC 0x22 ...

---- EOF - GMER 1.0.15 ----


OTL logfile created on: 10/7/2010 8:54:41 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\ecoles\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 347.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 41.11 Gb Free Space | 55.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 279.37 Gb Total Space | 78.01 Gb Free Space | 27.92% Space Free | Partition Type: NTFS
Drive P: | 279.37 Gb Total Space | 78.01 Gb Free Space | 27.92% Space Free | Partition Type: NTFS
Drive Z: | 279.37 Gb Total Space | 78.01 Gb Free Space | 27.92% Space Free | Partition Type: NTFS

Computer Name: STATION113
Current User Name: ecoles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/07 08:53:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ecoles\Desktop\OTL.exe
PRC - [2010/06/23 17:07:02 | 012,315,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2010/05/20 15:19:06 | 000,196,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\ecoles\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe
PRC - [2009/11/11 13:49:14 | 000,819,200 | ---- | M] (RISA Technologies, LLC) -- C:\RISA\Sentinel RMS\lservnt.exe
PRC - [2008/04/16 15:04:30 | 000,156,320 | ---- | M] (Bluebeam Software, Inc.) -- C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 15:16:57 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/02/25 15:16:53 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/25 15:16:48 | 002,569,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/02/25 15:16:48 | 001,643,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/02/25 15:16:47 | 000,324,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
PRC - [2008/02/25 15:16:44 | 002,189,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2007/08/31 11:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/07/21 13:54:45 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/16 21:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\SYSTEM32\ASTSRV.EXE
PRC - [2006/10/26 14:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WISPTIS.EXE
PRC - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2000/06/29 01:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\SYSTEM32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2010/10/07 08:53:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ecoles\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2010/06/18 15:49:13 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/02/28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/11/11 13:49:14 | 000,819,200 | ---- | M] (RISA Technologies, LLC) [Auto | Running] -- C:\RISA\Sentinel RMS\lservnt.exe -- (Sentinel RMS License Manager)
SRV - [2008/09/18 16:16:10 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/02/25 15:16:57 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/25 15:16:57 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/02/25 15:16:48 | 002,569,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/02/25 15:16:48 | 000,234,888 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/02/25 15:16:44 | 002,189,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/08/11 21:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/02/16 21:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ASTSRV.EXE -- (astcc)
SRV - [2004/04/01 17:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BAsfIpM.exe -- (BAsfIpM)
SRV - [2000/06/29 01:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2010/09/28 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101007.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/28 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101007.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/24 01:10:54 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Sftvolxp.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Sftredirxp.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,211,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Sftplayxp.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Sftfsxp.sys -- (Sftfs)
DRV - [2009/09/17 07:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2009/09/17 07:05:02 | 000,038,376 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/25 15:18:32 | 000,136,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/02/25 15:17:00 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys -- (SRTSPL)
DRV - [2008/02/25 15:17:00 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys -- (SRTSP)
DRV - [2008/02/25 15:17:00 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys -- (SRTSPX)
DRV - [2008/02/25 15:16:32 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/02/25 15:16:32 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/02/25 15:16:31 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/08/06 23:16:00 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/05/29 16:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/05/25 22:19:00 | 000,729,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2003/04/24 15:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BASFND.sys -- (BASFND)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/02/03 12:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2010/06/16 15:03:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2010/09/15 10:09:38 | 000,000,000 | ---D | M]

[2010/09/21 08:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ecoles\Application Data\Mozilla\Extensions
[2010/09/30 15:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ecoles\Application Data\Mozilla\Firefox\Profiles\pdv1t84t.default\extensions
[2010/09/23 08:27:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ecoles\Application Data\Mozilla\Firefox\Profiles\pdv1t84t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1114007357442 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1 216.70.224.17 216.70.224.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lovelaceeng.local
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/18 09:48:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/07 08:53:32 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ecoles\Desktop\OTL.exe
[2010/10/06 08:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Application Data\Malwarebytes
[2010/10/06 08:55:58 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ecoles\Desktop\mbam-setup.exe
[2010/10/06 08:55:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/06 08:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/06 08:53:47 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\ecoles\Desktop\erunt-setup.exe
[2010/10/06 08:32:29 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ecoles\Desktop\TFC.exe
[2010/09/28 06:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/09/28 06:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Self-Extractor
[2010/09/27 13:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Local Settings\Application Data\Bluebeam Software
[2010/09/27 13:40:34 | 000,213,664 | ---- | C] (Bluebeam Software, Inc.) -- C:\WINDOWS\System32\BBPdfPortMon.DLL
[2010/09/27 13:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bluebeam Software
[2010/09/27 13:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bluebeam Software
[2010/09/27 13:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2010/09/27 13:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Local Settings\Application Data\Downloaded Installations
[2010/09/24 10:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Application Data\InstallShield
[2010/09/24 10:28:12 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2010/09/24 10:28:12 | 000,052,224 | ---- | C] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\Crypserv.exe
[2010/09/24 10:28:05 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHACTIVEX.DLL
[2010/09/24 10:28:05 | 000,331,776 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\VSPRINT7.ocx
[2010/09/24 10:28:05 | 000,247,496 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsocx6.ocx
[2010/09/24 10:28:05 | 000,086,288 | ---- | C] (Rational Software) -- C:\WINDOWS\System32\sqaote32.ocx
[2010/09/24 10:28:04 | 000,743,504 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\SS32X25.OCX
[2010/09/24 10:28:04 | 000,118,272 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\WINDOWS\System32\qpro32.dll
[2010/09/24 10:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TJ Shared
[2010/09/24 10:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trus Joist
[2010/09/22 10:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Application Data\AdobeUM
[2010/09/21 08:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Local Settings\Application Data\Mozilla
[2010/09/21 08:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Application Data\Mozilla
[2010/09/15 12:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/09/15 10:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Local Settings\Application Data\SoftGrid Client
[2010/09/15 10:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Application Data\SoftGrid Client
[2010/09/15 08:33:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ecoles\My Documents\My Videos
[2010/09/15 08:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\My Documents\SafeNet Sentinel
[2010/09/15 08:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\My Documents\My eBooks
[2010/09/15 08:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\My Documents\ENERCALC Data Files
[2010/09/15 08:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\My Documents\Downloaded Installations
[2010/09/15 08:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ecoles\Local Settings\Application Data\Adobe
[2010/08/26 08:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/08/25 15:17:02 | 000,038,376 | ---- | C] (SafeNet, Inc.) -- C:\WINDOWS\System32\drivers\SNTNLUSB.SYS
[2010/08/25 15:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2010/08/17 13:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/08/17 11:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2010/08/17 11:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/17 11:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2010/08/17 11:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/08/17 11:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/07/29 10:13:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/22 14:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/19 10:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/07/15 13:55:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/07/15 13:54:06 | 000,000,000 | ---D | C] -- C:\RISA

========== Files - Modified Within 90 Days ==========

[2010/10/07 08:53:36 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ecoles\Desktop\OTL.exe
[2010/10/07 08:06:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/07 08:06:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/06 14:50:21 | 000,397,901 | ---- | M] () -- C:\Documents and Settings\ecoles\Desktop\Application for SB 1838 Project Building Permit.pdf
[2010/10/06 09:10:04 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\ecoles\Desktop\gmer.zip
[2010/10/06 08:56:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/06 08:56:10 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ecoles\Desktop\mbam-setup.exe
[2010/10/06 08:54:38 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\ecoles\Desktop\NTREGOPT.lnk
[2010/10/06 08:54:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\ecoles\Desktop\ERUNT.lnk
[2010/10/06 08:53:52 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\ecoles\Desktop\erunt-setup.exe
[2010/10/06 08:49:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/10/06 08:48:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/06 08:48:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/10/06 08:48:06 | 1071,788,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/06 08:47:17 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\ecoles\NTUSER.DAT
[2010/10/06 08:47:01 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/10/06 08:46:57 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ecoles\NTUSER.INI
[2010/10/06 08:32:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ecoles\Desktop\TFC.exe
[2010/10/06 08:31:43 | 000,508,174 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/06 08:31:43 | 000,445,814 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/10/06 08:31:43 | 000,072,762 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/10/05 13:35:20 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\ecoles\Desktop\Biweekly time sheet.xls
[2010/10/04 13:29:18 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\ecoles\Desktop\remove the Acad vIRUS.doc
[2010/10/04 10:09:21 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/04 09:54:30 | 000,324,773 | ---- | M] () -- C:\Documents and Settings\ecoles\Desktop\Johnston Residence.pdf
[2010/10/01 13:26:16 | 000,003,378 | ---- | M] () -- C:\WINDOWS\EC_55.INI
[2010/10/01 10:42:02 | 001,703,007 | ---- | M] () -- C:\Documents and Settings\ecoles\Desktop\ATC Design Report.pdf
[2010/09/30 15:05:06 | 002,001,543 | ---- | M] () -- C:\Documents and Settings\ecoles\Desktop\1tree.JPG
[2010/09/30 11:33:12 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\EC_StartupLog.INI
[2010/09/27 13:48:22 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Bluebeam PDF Revu.lnk
[2010/09/27 09:09:38 | 000,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2010/09/24 13:49:19 | 000,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2010/09/24 10:59:39 | 000,000,851 | ---- | M] () -- C:\iLevelRegInf.rgi
[2010/09/24 10:34:24 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\TJ-Beam.lnk
[2010/09/24 10:28:15 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2010/09/23 12:37:35 | 000,352,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/23 12:07:00 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google SketchUp 8.lnk
[2010/09/22 14:53:44 | 000,102,424 | ---- | M] () -- C:\Documents and Settings\ecoles\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/22 14:14:51 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/09/22 13:15:44 | 000,000,442 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ec55.lnk
[2010/09/22 12:43:07 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk
[2010/09/22 12:42:53 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to EXCEL.lnk
[2010/09/21 08:27:54 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mayer Pickup.lnk
[2010/09/21 08:23:26 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mayer Plotting.lnk
[2010/09/16 10:48:04 | 004,843,544 | -H-- | M] () -- C:\Documents and Settings\ecoles\Local Settings\Application Data\IconCache.db
[2010/09/15 12:53:48 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2010/09/15 12:50:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/09/15 12:50:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/09/15 12:50:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 12:29:51 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to 2010.lnk
[2010/09/15 12:28:29 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\COD 2.lnk
[2010/09/15 12:28:25 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\RP9.lnk
[2010/09/15 12:28:22 | 000,001,149 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\RISA-3D 8.0.lnk
[2010/09/15 12:28:19 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\ENERCALC SEL V6.lnk
[2010/09/15 12:28:15 | 000,001,840 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\AutoCAD LT 2011.lnk
[2010/09/15 08:41:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/14 15:36:16 | 000,000,654 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/08/31 09:04:26 | 000,000,017 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2010/08/31 09:04:05 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/08/31 09:04:05 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/08/27 15:32:25 | 000,294,752 | ---- | M] () -- C:\acadminidump.dmp
[2010/08/17 15:25:10 | 000,446,464 | ---- | M] (eHelp Corporation.) -- C:\WINDOWS\System32\HHACTIVEX.DLL
[2010/08/17 15:25:10 | 000,331,776 | ---- | M] (VideoSoft) -- C:\WINDOWS\System32\VSPRINT7.ocx
[2010/08/17 15:25:10 | 000,247,496 | ---- | M] (VideoSoft) -- C:\WINDOWS\System32\Vsocx6.ocx
[2010/08/17 15:25:08 | 000,743,504 | ---- | M] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\SS32X25.OCX
[2010/08/17 15:25:08 | 000,118,272 | ---- | M] (Crescent Division of Progress Software Corporation) -- C:\WINDOWS\System32\qpro32.dll
[2010/08/17 15:25:08 | 000,097,802 | ---- | M] () -- C:\WINDOWS\System32\Crp32dll.dll
[2010/08/17 15:25:08 | 000,086,288 | ---- | M] (Rational Software) -- C:\WINDOWS\System32\sqaote32.ocx
[2010/08/17 15:25:08 | 000,065,024 | ---- | M] (Desaware Inc.) -- C:\WINDOWS\System32\APIGID32.DLL
[2010/08/17 10:43:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/15 13:56:12 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/07/15 13:56:12 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll

========== Files Created - No Company Name ==========

[2010/10/06 14:50:20 | 000,397,901 | ---- | C] () -- C:\Documents and Settings\ecoles\Desktop\Application for SB 1838 Project Building Permit.pdf
[2010/10/06 09:10:02 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\ecoles\Desktop\gmer.zip
[2010/10/06 08:56:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/06 08:54:38 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\ecoles\Desktop\NTREGOPT.lnk
[2010/10/06 08:54:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\ecoles\Desktop\ERUNT.lnk
[2010/10/04 13:29:18 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\ecoles\Desktop\remove the Acad vIRUS.doc
[2010/10/04 09:54:28 | 000,324,773 | ---- | C] () -- C:\Documents and Settings\ecoles\Desktop\Johnston Residence.pdf
[2010/10/01 10:42:01 | 001,703,007 | ---- | C] () -- C:\Documents and Settings\ecoles\Desktop\ATC Design Report.pdf
[2010/09/30 15:05:04 | 002,001,543 | ---- | C] () -- C:\Documents and Settings\ecoles\Desktop\1tree.JPG
[2010/09/27 13:48:22 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Bluebeam PDF Revu.lnk
[2010/09/24 10:59:39 | 000,000,851 | ---- | C] () -- C:\iLevelRegInf.rgi
[2010/09/24 10:34:55 | 000,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2010/09/24 10:34:55 | 000,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2010/09/24 10:34:24 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\TJ-Beam.lnk
[2010/09/24 10:28:15 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/09/24 10:28:12 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2010/09/24 10:28:12 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/09/24 10:28:12 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/09/24 10:28:12 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2010/09/24 10:28:06 | 000,097,802 | ---- | C] () -- C:\WINDOWS\System32\Crp32dll.dll
[2010/09/24 07:47:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/23 12:07:00 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google SketchUp 8.lnk
[2010/09/22 13:15:44 | 000,000,442 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ec55.lnk
[2010/09/22 12:43:07 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.lnk
[2010/09/22 12:42:53 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to EXCEL.lnk
[2010/09/21 08:27:54 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mayer Pickup.lnk
[2010/09/21 08:23:26 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mayer Plotting.lnk
[2010/09/15 12:50:48 | 000,000,292 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2010/09/15 12:50:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2010/09/15 12:50:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/09/15 12:29:51 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to 2010.lnk
[2010/09/15 12:28:29 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\COD 2.lnk
[2010/09/15 12:28:25 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\RP9.lnk
[2010/09/15 12:28:22 | 000,001,149 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\RISA-3D 8.0.lnk
[2010/09/15 12:28:19 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\ENERCALC SEL V6.lnk
[2010/09/15 12:28:15 | 000,001,840 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\AutoCAD LT 2011.lnk
[2010/09/15 10:34:34 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\EC_StartupLog.INI
[2010/09/15 08:41:06 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\ecoles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/15 08:31:42 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\ecoles\Desktop\Biweekly time sheet.xls
[2010/07/15 13:56:12 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2010/07/15 13:56:12 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/07/15 13:56:12 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2010/07/15 13:56:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/07/15 13:56:12 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\servdat.slm
[2010/06/24 10:46:49 | 000,952,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/07/01 11:30:04 | 000,000,581 | ---- | C] () -- C:\WINDOWS\RP2007.INI
[2008/05/06 09:39:42 | 000,688,128 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam Javascript Library.dll
[2008/04/24 13:18:29 | 000,000,070 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/03/04 10:35:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/09/12 17:33:20 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/04/10 09:43:24 | 003,563,520 | R--- | C] () -- C:\WINDOWS\System32\BGP856.dll
[2006/09/12 16:14:30 | 000,000,315 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2005/10/19 09:00:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/19 10:36:28 | 000,164,618 | ---- | C] () -- C:\Program Files\Uninstal.exe
[2005/09/07 10:34:30 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/09/06 08:58:16 | 000,000,055 | ---- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2005/09/06 08:41:30 | 000,000,302 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/09/06 08:40:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/09/01 11:18:23 | 000,003,378 | ---- | C] () -- C:\WINDOWS\EC_55.INI
[2005/09/01 11:13:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2005/03/22 08:17:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/22 08:11:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/22 07:45:48 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 16:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/07 06:30:19 | 000,261,601 | ---- | C] () -- C:\Program Files\Install.iip
[1979/12/31 23:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/06/18 16:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/09/27 13:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2010/06/16 16:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ENERCALC Common Data Files
[2008/05/01 14:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MayerPickup
[2010/08/26 08:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2006/11/20 19:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/17 11:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2010/09/18 06:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/09/28 06:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2010/09/23 08:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ecoles\Application Data\Autodesk
[2010/09/22 12:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ecoles\Application Data\SoftGrid Client

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/27 15:32:25 | 000,294,752 | ---- | M] () -- C:\acadminidump.dmp
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/04/23 11:16:51 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/03/22 07:47:40 | 000,003,774 | RH-- | M] () -- C:\DELL.SDR
[2010/10/06 08:48:06 | 1071,788,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/24 10:59:39 | 000,000,851 | ---- | M] () -- C:\iLevelRegInf.rgi
[2004/08/11 16:27:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/26 11:00:23 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/10/06 08:48:04 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/04/23 14:03:43 | 000,005,236 | ---- | M] () -- C:\Waiting_for_the_sun_again_by_lassekongo83.jpg

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 16:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 16:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 16:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-06 15:33:06
< End of report >


OTL Extras logfile created on: 10/7/2010 8:54:41 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\ecoles\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 347.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 41.11 Gb Free Space | 55.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 279.37 Gb Total Space | 78.01 Gb Free Space | 27.92% Space Free | Partition Type: NTFS
Drive P: | 279.37 Gb Total Space | 78.01 Gb Free Space | 27.92% Space Free | Partition Type: NTFS
Drive Z: | 279.37 Gb Total Space | 78.01 Gb Free Space | 27.92% Space Free | Partition Type: NTFS

Computer Name: STATION113
Current User Name: ecoles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager" = %ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager -- File not found
"%ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application" = %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application -- File not found
"%ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager" = %ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager -- File not found
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance -- (Microsoft Corporation)
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Disabled:CoD2MP_s -- ()
"C:\Program Files\Mayer\Plotting.exe" = C:\Program Files\Mayer\Plotting.exe:*:Enabled:Plotting -- ()
"C:\Program Files\ENERCALC_6\ec6.exe" = C:\Program Files\ENERCALC_6\ec6.exe:*:Enabled:ec6 -- ()
"C:\Program Files\ENERCALC_6_NLM\ENERCALC_NetworkLicenseManager.exe" = C:\Program Files\ENERCALC_6_NLM\ENERCALC_NetworkLicenseManager.exe:*:Enabled:ENERCALC_NetworkLicenseManager -- File not found
"C:\Program Files\ENERCALC_6\EC6WebUpdate.EXE" = C:\Program Files\ENERCALC_6\EC6WebUpdate.EXE:*:Enabled:ENERCALC Web Update Check -- (ENERCALC, INC.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Program Files\ENERCALC_6\EC6WebUpdate.EXE" = C:\Program Files\ENERCALC_6\EC6WebUpdate.EXE:*:Enabled:ENERCALC SEL Web Update Check -- (ENERCALC, INC.)
"C:\Program Files\ENERCALC_6\ec6.exe" = C:\Program Files\ENERCALC_6\ec6.exe:*:Enabled:ENERCALC SEL License Activation -- ()
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49D5CD5E-5923-4ED2-9654-26D9DA684560}" = RISA-3D 8.0 Standalone
"{4E7C8500-3D69-11DB-390C-1F56BA3C7E87}" = ENERCALC Structural Engineering Library 6.1.03
"{5783F2D7-7009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2009 - English
"{5783F2D7-9009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2011 - English
"{5783F2D7-9009-0409-1002-0060B0CE6BBA}" = AutoCAD LT 2011 Language Pack - English
"{6554D28E-F3F5-4DAE-AB38-45B707F6E629}" = TJ-Beam
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{888C835E-16FD-4F0F-8DF2-9B7CF039C889}" = TJ-Beam
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB9A07EF-5889-495F-9C03-76DA31E8126F}" = RISAFoundation 3.0 Server (3.0.0.0)
"{BF9E346B-5ECE-4A18-9510-55729FD08323}" = Sentinel System Driver Installer 7.5.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{E46601FA-2CA8-4F48-B743-DE27D8A30416}" = ML-1430 Series
"{E84BBD49-8D38-459B-96E3-D88A7291BC37}" = Bluebeam PDF Revu v6.5.1
"{F3862C8A-B25F-4DB2-AF00-B634FAAF867C}" = DWGgateway
"{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}" = Symantec Endpoint Protection
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMA" = AutoCAD 2000 Migration Assistance
"ATI Display Driver" = ATI Display Driver
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"AutoCAD LT 2009 - English" = AutoCAD LT 2009 - English
"AutoCAD LT 2011 - English" = AutoCAD LT 2011 - English
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"Google Calendar Sync" = Google Calendar Sync
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{E84BBD49-8D38-459B-96E3-D88A7291BC37}" = Bluebeam PDF Revu v6.5.1
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mayer Pickup" = Mayer Pickup
"Mayer Reprographics Plotting Setup" = Mayer Reprographics Plotting Setup
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ObjectDock" = ObjectDock
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"RoadRunner" = RoadRunner
"Simpson AutoCAD Menu" = Simpson AutoCAD Menu
"Structural Engineering Library" = Structural Engineering Library
"Version 5.6.1 Security Key Update" = Version 5.6.1 Security Key Update
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2010 7:39:22 AM | Computer Name = STATION113 | Source = Userenv | ID = 1058
Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=lovelaceeng,DC=local.
The file must be present at the location <\\lovelaceeng.local\sysvol\lovelaceeng.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The format of the specified network name is invalid. ). Group Policy processing
aborted.

Error - 10/7/2010 7:39:22 AM | Computer Name = STATION113 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 10/7/2010 8:59:50 AM | Computer Name = STATION113 | Source = Userenv | ID = 1058
Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=lovelaceeng,DC=local.
The file must be present at the location <\\lovelaceeng.local\sysvol\lovelaceeng.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The format of the specified network name is invalid. ). Group Policy processing
aborted.

Error - 10/7/2010 8:59:50 AM | Computer Name = STATION113 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 10/7/2010 9:38:23 AM | Computer Name = STATION113 | Source = Userenv | ID = 1058
Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=lovelaceeng,DC=local.
The file must be present at the location <\\lovelaceeng.local\sysvol\lovelaceeng.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The format of the specified network name is invalid. ). Group Policy processing
aborted.

Error - 10/7/2010 9:38:23 AM | Computer Name = STATION113 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 10/7/2010 10:40:57 AM | Computer Name = STATION113 | Source = Userenv | ID = 1058
Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=lovelaceeng,DC=local.
The file must be present at the location <\\lovelaceeng.local\sysvol\lovelaceeng.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The format of the specified network name is invalid. ). Group Policy processing
aborted.

Error - 10/7/2010 10:40:57 AM | Computer Name = STATION113 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 10/7/2010 11:27:25 AM | Computer Name = STATION113 | Source = Userenv | ID = 1058
Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=lovelaceeng,DC=local.
The file must be present at the location <\\lovelaceeng.local\sysvol\lovelaceeng.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The format of the specified network name is invalid. ). Group Policy processing
aborted.

Error - 10/7/2010 11:27:25 AM | Computer Name = STATION113 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

[ System Events ]
Error - 10/6/2010 11:36:45 AM | Computer Name = STATION113 | Source = Service Control Manager | ID = 7034
Description = The Broadcom ASF IP monitoring service v6.0.4 service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/6/2010 11:36:45 AM | Computer Name = STATION113 | Source = Service Control Manager | ID = 7034
Description = The AST Service service terminated unexpectedly. It has done this
1 time(s).

Error - 10/6/2010 11:36:45 AM | Computer Name = STATION113 | Source = Service Control Manager | ID = 7034
Description = The Crypkey License service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/6/2010 11:36:45 AM | Computer Name = STATION113 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/6/2010 11:36:45 AM | Computer Name = STATION113 | Source = Service Control Manager | ID = 7034
Description = The Sentinel RMS License Manager service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/6/2010 11:36:45 AM | Computer Name = STATION113 | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Service Agent service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/6/2010 11:36:45 AM | Computer Name = STATION113 | Source = Service Control Manager | ID = 7034
Description = The Client Virtualization Handler service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/6/2010 11:36:45 AM | Computer Name = STATION113 | Source = Service Control Manager | ID = 7034
Description = The Application Virtualization Client service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/6/2010 11:36:45 AM | Computer Name = STATION113 | Source = Service Control Manager | ID = 7031
Description = The Symantec Endpoint Protection service terminated unexpectedly.
It has done this 8 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 10/6/2010 12:03:38 PM | Computer Name = STATION113 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{2ED9915C-DB67-45BD-8EC5-925B654AE4AF}. The
backup browser is stopping.


< End of report >

[Advertisements]

Hi PattyL,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  
• English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

Firstly....

We need fresh logs:

Step One

OTL

• Download OTL to your Desktop
• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

  netsvcs
  drivers32
  /md5start
  explorer.exe
  winlogon.exe
  userinit.exe
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  /md5stop
  c:\windows\system32\*.dll /lockedfiles
  c:\windows\system32\drivers\*.sys /lockedfiles
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Step Two

GMER Rootkit Scanner

• GMER Rootkit Scanner - Download - Homepage
• Download GMER
• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.
  
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

[Salagubang]

Hi PattyL,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  
• English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

Firstly....

We need fresh logs:

Step One

OTL

• Download OTL to your Desktop
• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

  netsvcs
  drivers32
  /md5start
  explorer.exe
  winlogon.exe
  userinit.exe
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  /md5stop
  c:\windows\system32\*.dll /lockedfiles
  c:\windows\system32\drivers\*.sys /lockedfiles
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Step Two

GMER Rootkit Scanner

• GMER Rootkit Scanner - Download - Homepage
• Download GMER
• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)
  
  NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.
  
  
  Click the image to enlarge it

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.