Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

404 Bad Request Error

Started by jjones312 , Jul 09 2011 12:38 PM

  • Please log in to reply

#1
jjones312
Posted 09 July 2011 - 12:38 PM

jjones312

    New Member

  • Member
  • Pip
  • 4 posts
Hello everyone... I'm trying to troubleshoot an issue on a webserver, which gets the following error attempting to hit any website through IE or Firefox.

IE shows:
Error 400 bad request

Firefox shows:
Bad Request (Invalid Hostname)

It sounds almost just like this topic: Bad Request So I'm attempting the troubleshooting process by running HijackThis.

I ran the do a system scan and save log. Below are the results

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:13:31 AM, on 7/9/2011
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ServerAppliance\appmgr.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
C:\WINDOWS\system32\ServerAppliance\elementmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ServerAppliance\srvcsurg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\x_jesse.jones\Desktop\Malware Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191627984843
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF00875F-0C8D-4FC6-AA41-5F4363A97C80}: NameServer = 10.0.0.1
O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DSM SA Event Manager (dcevt32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
O23 - Service: DSM SA Data Manager (dcstor32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
O23 - Service: DSM SA Shared Services (omsad) - Dell Inc. - C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
O23 - Service: DSM SA Connection Service (Server Administrator) - Unknown owner - C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe

--
End of file - 5269 bytes


Then I ran the following steps:

Download the HostsXpert 3.7 - Hosts File Manager.

Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
Click "Make Hosts Writable?" in the upper right corner (If available).
Click Restore Microsoft's Hosts file and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



Tested both IE and Firefox and same issue.

UPDATED HIJACKTHIS Log after running hostsxpert

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:54 AM, on 7/9/2011
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ServerAppliance\appmgr.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
C:\WINDOWS\system32\ServerAppliance\elementmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ServerAppliance\srvcsurg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\x_jesse.jones\Desktop\Malware Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191627984843
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF00875F-0C8D-4FC6-AA41-5F4363A97C80}: NameServer = 10.0.0.1
O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DSM SA Event Manager (dcevt32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
O23 - Service: DSM SA Data Manager (dcstor32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
O23 - Service: DSM SA Shared Services (omsad) - Dell Inc. - C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
O23 - Service: DSM SA Connection Service (Server Administrator) - Unknown owner - C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe

--
End of file - 5269 bytes
  • 0

Advertisements

#2
jjones312
Posted 09 July 2011 - 12:57 PM

jjones312

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 7/9/2011 11:44:35 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\(Replace_MyName)\Desktop\Malware Tools
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.26 Gb Available Physical Memory | 81.64% Memory free
5.83 Gb Paging File | 5.38 Gb Available in Paging File | 92.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.47 Gb Total Space | 11.84 Gb Free Space | 57.82% Space Free | Partition Type: NTFS
Drive E: | 116.22 Gb Total Space | 100.31 Gb Free Space | 86.31% Space Free | Partition Type: NTFS

Computer Name: (Computer_Name) | User Name: (Replace_MyName) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\(Replace_MyName)\Desktop\Malware Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe (LSI Logic Corporation)
PRC - C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe ()
PRC - C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\logon.scr (Microsoft Corporation)
PRC - C:\WINDOWS\system32\rdpclip.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ServerAppliance\appmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ServerAppliance\elementmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe (Dell Inc.)
PRC - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\ServerAppliance\srvcsurg.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\(Replace_MyName)\Desktop\Malware Tools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WinHttpAutoProxySvc) -- File not found
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe (Symantec Corporation)
SRV - (SepMasterService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Symantec Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (mr2kserv) -- C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe (LSI Logic Corporation)
SRV - (Server Administrator) -- C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe ()
SRV - (omsad) -- C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe (Dell Inc.)
SRV - (Tssdis) -- C:\WINDOWS\system32\tssdis.exe (Microsoft Corporation)
SRV - (RSoPProv) -- C:\WINDOWS\system32\rsopprov.exe (Microsoft Corporation)
SRV - (Pop3Svc) -- C:\WINDOWS\system32\pop3server\POP3Svc.exe (Microsoft Corporation)
SRV - (NtFrs) -- C:\WINDOWS\system32\ntfrs.exe (Microsoft Corporation)
SRV - (LicenseService) -- C:\WINDOWS\system32\llssrv.exe (Microsoft Corporation)
SRV - (IsmServ) -- C:\WINDOWS\system32\ismserv.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Dfs) -- C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (appmgr) -- C:\WINDOWS\system32\ServerAppliance\appmgr.exe (Microsoft Corporation)
SRV - (elementmgr) -- C:\WINDOWS\system32\ServerAppliance\elementmgr.exe (Microsoft Corporation)
SRV - (dcevt32) -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe (Dell Inc.)
SRV - (dcstor32) -- C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe (Dell Inc.)
SRV - (TrkSvr) -- C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation)
SRV - (sacsvr) -- C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation)
SRV - (srvcsurg) -- C:\WINDOWS\system32\ServerAppliance\srvcsurg.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20110516.040\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20110516.040\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20110514.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20110514.005\IDSXpx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\symtdi.sys (Symantec Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (l2nd) -- C:\WINDOWS\system32\drivers\bxnd52x.sys (Broadcom Corporation)
DRV - (dcdbas) -- C:\WINDOWS\system32\drivers\dcdbas32.sys (Dell Inc.)
DRV - (WLBS) -- C:\WINDOWS\system32\drivers\wlbs.sys (Microsoft Corporation)
DRV - (ClusDisk) -- C:\WINDOWS\system32\drivers\clusdisk.sys (Microsoft Corporation)
DRV - (DfsDriver) -- C:\WINDOWS\system32\drivers\Dfs.sys (Microsoft Corporation)
DRV - (BASFND) -- C:\Program Files\Broadcom\SNMP\BASFND.sys (Broadcom Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2011/07/08 23:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/08 22:33:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/09 10:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\(Replace_MyName)\Application Data\Mozilla\Extensions
[2011/07/08 22:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/08 22:33:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 01:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/01/01 01:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 01:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/07/09 11:34:10 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1191627984843 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SEP: DllName - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/05 14:24:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/09 11:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(Replace_MyName)\Desktop\Malware Tools
[2011/07/09 10:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(Replace_MyName)\Local Settings\Application Data\Mozilla
[2011/07/09 10:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(Replace_MyName)\Application Data\Mozilla
[2011/07/09 10:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(Replace_MyName)\Local Settings\Application Data\Symantec
[2011/07/09 10:41:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\(Replace_MyName)\Local Settings\Application Data\Microsoft
[2011/07/09 10:41:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\(Replace_MyName)\Application Data\Microsoft
[2011/07/09 10:41:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\(Replace_MyName)\SendTo
[2011/07/09 10:41:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\(Replace_MyName)\Recent
[2011/07/09 10:41:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\(Replace_MyName)\Application Data
[2011/07/09 10:41:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\(Replace_MyName)\My Documents
[2011/07/09 10:41:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\(Replace_MyName)\Favorites
[2011/07/09 10:41:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\(Replace_MyName)\Start Menu\Programs\Accessories
[2011/07/09 10:41:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\(Replace_MyName)\Cookies
[2011/07/09 10:41:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\(Replace_MyName)\PrintHood
[2011/07/09 10:41:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\(Replace_MyName)\NetHood
[2011/07/09 10:41:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\(Replace_MyName)\Local Settings
[2011/07/09 10:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(Replace_MyName)\Application Data\Identities
[2011/07/09 10:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\(Replace_MyName)\Desktop
[2011/07/09 10:41:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\(Replace_MyName)\Start Menu\Programs\Startup
[2011/07/09 10:41:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\(Replace_MyName)\Start Menu
[2011/07/09 10:41:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\(Replace_MyName)\Templates
[2011/07/08 23:53:50 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/07/08 23:53:50 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/07/08 23:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/07/08 23:53:34 | 000,240,048 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2011/07/08 23:53:34 | 000,094,128 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2011/07/08 23:53:34 | 000,032,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WGX.SYS
[2011/07/08 23:52:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86
[2011/07/08 23:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2011/07/08 23:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/07/08 23:52:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP
[2011/07/08 23:52:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105
[2011/07/08 23:52:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\SEP\0C01029F
[2011/07/08 23:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/07/08 22:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2011/07/08 22:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/07/08 22:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2011/07/08 22:50:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/08 22:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/08 22:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/15 11:14:27 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/09 11:34:10 | 000,000,723 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/09 11:09:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/09 10:41:26 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\(Replace_MyName)\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/09 10:06:18 | 183,403,263 | ---- | M] () -- C:\7-8-2-2011.pcap
[2011/07/09 05:24:26 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B8C74696-51D7-4108-AB56-0B755088C999}.job
[2011/07/08 23:53:56 | 000,605,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2011/07/08 23:53:50 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/07/08 23:53:50 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/07/08 23:53:50 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/07/08 23:53:50 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/07/08 23:53:34 | 000,240,048 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2011/07/08 23:53:34 | 000,094,128 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2011/07/08 23:53:34 | 000,032,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WGX.SYS
[2011/07/08 23:53:34 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini
[2011/07/08 22:51:23 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireshark.lnk
[2011/07/08 22:44:41 | 000,489,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/08 22:44:41 | 000,086,694 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/08 22:33:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/07/08 22:33:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/08 22:22:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/08 22:14:16 | 000,004,087 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/08 21:40:13 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/09 10:41:26 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\(Replace_MyName)\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/09 10:41:26 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\(Replace_MyName)\Start Menu\Programs\Internet Explorer.lnk
[2011/07/09 10:41:20 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\(Replace_MyName)\Start Menu\Programs\Outlook Express.lnk
[2011/07/09 10:41:09 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\(Replace_MyName)\Start Menu\Programs\Remote Assistance.lnk
[2011/07/09 10:05:57 | 183,403,263 | ---- | C] () -- C:\7-8-2-2011.pcap
[2011/07/08 23:53:51 | 000,605,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2011/07/08 23:53:50 | 000,007,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/07/08 23:53:50 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/07/08 23:53:34 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini
[2011/07/08 22:51:23 | 000,001,497 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
[2011/07/08 22:51:23 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireshark.lnk
[2011/07/08 22:33:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/08 22:33:38 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/08 22:33:38 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/08 12:58:31 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B8C74696-51D7-4108-AB56-0B755088C999}.job
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/11/17 18:28:09 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcesmwdm.sys
[2007/10/08 20:51:56 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/10/08 20:51:56 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/10/08 20:51:53 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/10/08 20:51:51 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/10/08 20:51:49 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/10/08 19:39:52 | 000,061,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/10/05 14:27:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/10/05 14:20:59 | 000,021,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/05 06:26:58 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/10/05 06:24:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/05 06:24:11 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/05 05:56:54 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini
[2007/10/05 05:56:54 | 000,004,725 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/10/05 05:56:46 | 000,489,644 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/10/05 05:56:46 | 000,275,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/10/05 05:56:46 | 000,086,694 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/10/05 05:56:46 | 000,029,710 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/10/05 05:56:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/10/05 05:56:44 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/10/05 05:56:34 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini
[2007/10/05 05:56:34 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini
[2007/10/05 05:56:34 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini
[2007/10/05 05:56:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/10/05 05:56:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/10/05 05:56:12 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2007/10/05 05:55:40 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini
[2007/10/05 05:55:34 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini
[2007/10/05 05:55:10 | 000,216,006 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/10/05 05:54:36 | 000,005,644 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/10/05 05:54:24 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\mqtgsvc.exe.cfg

========== LOP Check ==========

[2011/07/08 22:50:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/08 22:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/08 22:20:51 | 000,011,612 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2011/07/09 05:24:26 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B8C74696-51D7-4108-AB56-0B755088C999}.job

========== Purity Check ==========



< End of report >
  • 0

#3
jjones312
Posted 09 July 2011 - 12:59 PM

jjones312

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
here is the Extra.txt log file

OTL Extras logfile created on: 7/9/2011 11:44:35 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\(Replace_MyName)\Desktop\Malware Tools
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.26 Gb Available Physical Memory | 81.64% Memory free
5.83 Gb Paging File | 5.38 Gb Available in Paging File | 92.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.47 Gb Total Space | 11.84 Gb Free Space | 57.82% Space Free | Partition Type: NTFS
Drive E: | 116.22 Gb Total Space | 100.31 Gb Free Space | 86.31% Space Free | Partition Type: NTFS

Computer Name: (Computer_Name) | User Name: (Replace_MyName) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{89C7A9F7-2C31-4739-842D-F037B6C9B674}" = Dell OpenManage Server Administrator
"{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}" = Symantec Endpoint Protection
"{A4F8313B-0E21-478B-B289-BFB7736CA7AA}" = Remote Administration Tools
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"ATI Display Driver" = ATI Display Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"WIC" = Windows Imaging Component
"Windows Server 2003 Service Pack" = Windows Server 2003 Service Pack 2
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2011 10:35:39 AM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/9/2011 12:16:39 PM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/9/2011 12:16:39 PM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/9/2011 12:26:57 PM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/9/2011 12:26:57 PM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/9/2011 1:41:13 PM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/9/2011 1:41:13 PM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/9/2011 2:09:56 PM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/9/2011 2:09:56 PM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/9/2011 2:13:39 PM | Computer Name = (Computer_Name) | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 7/9/2011 1:53:55 AM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver Canon MP470 series Printer required for printer Canon MP470
series Printer is unknown. Contact the administrator to install the driver before
you log in again.

Error - 7/9/2011 1:53:55 AM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Shared Fax Driver required for printer Fax is unknown.
Contact the administrator to install the driver before you log in again.

Error - 7/9/2011 1:53:56 AM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver ActPrint required for printer Nefsis Printer is unknown. Contact
the administrator to install the driver before you log in again.

Error - 7/9/2011 1:53:56 AM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver WebEx Document Loader required for printer WebEx Document Loader
is unknown. Contact the administrator to install the driver before you log in again.

Error - 7/9/2011 1:41:16 PM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver HP psc 2350 series required for printer HP psc 2350 series
is unknown. Contact the administrator to install the driver before you log in again.

Error - 7/9/2011 1:41:16 PM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
Contact the administrator to install the driver before you log in again.

Error - 7/9/2011 1:41:17 PM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Shared Fax Driver required for printer Fax is unknown.
Contact the administrator to install the driver before you log in again.

Error - 7/9/2011 2:09:57 PM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Shared Fax Driver required for printer Fax is unknown.
Contact the administrator to install the driver before you log in again.

Error - 7/9/2011 2:09:57 PM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver HP psc 2350 series required for printer HP psc 2350 series
is unknown. Contact the administrator to install the driver before you log in again.

Error - 7/9/2011 2:09:57 PM | Computer Name = (Computer_Name) | Source = TermServDevices | ID = 1111
Description = Driver CutePDF Writer required for printer CutePDF Writer is unknown.
Contact the administrator to install the driver before you log in again.


< End of report >
  • 0

#4
jjones312
Posted 09 July 2011 - 07:09 PM

jjones312

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Anyone see anything in the logs posted or advice or suggestion ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP