Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hiloti virus on Win Xp pro


  • Please log in to reply

#1
RedfordRenegade

RedfordRenegade

    New Member

  • Member
  • Pip
  • 4 posts
Hello. For the past few weeks my work cpu has been extremely slow. The tech guys are on vacation this week so I have to fix my cpu myself. Anyhow we have McAfee which should be up to current update as that is done automatically.

McAfee never picked up on it until I ran the CCleaner this morning to delete any unused or extra files which I try to do about every month. Then I got a "virus detected" warning from McAfee and it just said contact system administrator (who is on vacation btw.) I thought it may have fixed but it may have regenerated because when I downloaded OTL.exe, it would not run.

So, I simply changed the file extension to OTL.com then right click, run, and it ran fine and came up with the following log I will post.
I have (tried to) put XXX over ip addresses and any stuff that may be work sensitive since I do use my work CPU to check my personal email (which is against company policy oops!). If it is needed let me know and I'll post it as an attatchment or something. We have a websense filter at work so there have never been any egregious sites accessed and we have a firewall.

As far as getting it, I remember one of my friends email addresses got phished and I did click on a link that was definately not authentic. Also one time I needed an extension for Design Cad 2K which we didn't have and I tried to download it from a site that was a definite redirect. Those are the only two times that I definitely were had.

I may have more than one virus running by the looks of it. I'm not very keen on file names but the one for Adaptec,INC is running and DEVGURU Co.,LTD seems suspect. Anyhow please let me know what you think!

I thank you in advance,
-J

____________________________________________________OTL LOG_________________________________________________

OTL logfile created on: 7/25/2011 9:32:32 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\XXX\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000XXX | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.98 Mb Total Physical Memory | 488.68 Mb Available Physical Memory | 47.77% Memory free
2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 11.22 Gb Free Space | 30.13% Space Free | Partition Type: NTFS
Drive D: | 3.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 194.72 Gb Total Space | 74.73 Gb Free Space | 38.38% Space Free | Partition Type: NWFS
Drive K: | 194.72 Gb Total Space | 74.73 Gb Free Space | 38.38% Space Free | Partition Type: NWFS
Drive R: | 194.72 Gb Total Space | 74.73 Gb Free Space | 38.38% Space Free | Partition Type: NWFS
Drive S: | 194.72 Gb Total Space | 74.73 Gb Free Space | 38.38% Space Free | Partition Type: NWFS
Drive X: | 232.88 Gb Total Space | 84.56 Gb Free Space | 36.31% Space Free | Partition Type: NTFS
Drive Z: | 15.87 Gb Total Space | 3.68 Gb Free Space | 23.19% Space Free | Partition Type: NWFS

Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/25 09:12:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XXX\My Documents\Downloads\OTL.com
PRC - [2010/12/21 14:02:40 | 000,049,152 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
PRC - [2010/12/21 14:02:38 | 000,360,448 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\Asset Management\bin\cclient.exe
PRC - [2010/07/09 12:13:20 | 007,629,400 | ---- | M] (Novell, Inc.) -- C:\Novell\GroupWise\grpwise.exe
PRC - [2009/09/22 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/22 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/07/28 18:01:32 | 000,081,920 | ---- | M] (Novell, Inc.) -- C:\Program Files\ZENworks\Patch Management Agent\GravitixService.exe
PRC - [2009/07/28 18:01:12 | 000,401,408 | ---- | M] (Novell, Inc.) -- C:\Program Files\ZENworks\Patch Management Agent\pddm.exe
PRC - [2009/06/24 17:13:18 | 000,057,344 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntlgn.exe
PRC - [2009/06/24 17:13:12 | 000,053,248 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\iprntctl.exe
PRC - [2009/01/27 21:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/01/27 21:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/01/27 21:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/01/23 10:17:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/28 20:34:14 | 013,145,448 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
PRC - [2008/05/30 10:01:00 | 000,062,800 | ---- | M] (Avantstar, Inc.) -- C:\Program Files\Quick View Plus\Program\qvp32.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/21 19:30:14 | 000,113,152 | R--- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
PRC - [2008/01/11 20:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/12/24 11:51:44 | 000,152,128 | R--- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WM.EXE
PRC - [2007/12/24 11:51:42 | 000,012,224 | R--- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
PRC - [2007/12/24 11:51:26 | 000,061,440 | R--- | M] (Novell, Inc.) -- C:\WINDOWS\system32\novell\xtagent.exe
PRC - [2007/12/24 11:51:12 | 000,392,704 | R--- | M] (Novell, Inc) -- C:\Program Files\Novell\ZENworks\NalAgent.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/10/19 10:48:20 | 000,618,496 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
PRC - [2006/10/19 10:45:28 | 000,294,912 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\CSAgent\bin\csacontrol.exe
PRC - [2006/05/09 11:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
PRC - [2004/04/28 14:02:22 | 000,042,496 | ---- | M] (Standard Microsystems Corp.) -- C:\Program Files\SMSC\SetIcon.exe
PRC - [2002/03/12 11:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


========== Modules (SafeList) ==========

MOD - [2011/07/25 09:12:44 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jmbrown\My Documents\Downloads\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/10/19 10:45:30 | 000,147,456 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\csauser.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/21 14:02:40 | 000,049,152 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe -- (TSCensus Collection Client)
SRV - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/07/28 18:01:32 | 000,081,920 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\ZENworks\Patch Management Agent\GravitixService.exe -- (PatchLink Update)
SRV - [2009/01/27 21:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/01/27 21:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/01/23 10:17:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/04 15:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2008/01/21 19:30:14 | 000,113,152 | R--- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
SRV - [2007/12/24 11:51:44 | 000,152,128 | R--- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\WM.EXE -- (ZFDWM)
SRV - [2007/12/24 11:51:26 | 000,061,440 | R--- | M] (Novell, Inc.) [Auto | Running] -- C:\WINDOWS\system32\novell\xtagent.exe -- (XTAgent)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/19 10:45:28 | 000,294,912 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe -- (CSAgent)
SRV - [2006/05/09 11:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent)
SRV - [2002/04/26 20:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)


========== Driver Services (SafeList) ==========

DRV - [2009/06/24 17:24:34 | 000,034,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2009/01/27 21:50:00 | 000,177,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/01/27 21:50:00 | 000,073,512 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/01/27 21:50:00 | 000,065,000 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/01/27 21:50:00 | 000,052,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/01/27 21:50:00 | 000,031,848 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GzOFVsp.sys -- (GzOFVsp)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GzOFMdm.sys -- (GzOFMdm)
DRV - [2008/12/16 01:43:48 | 000,033,408 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GzOFBus.sys -- (GzOFBus)
DRV - [2008/12/11 17:21:30 | 000,554,112 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2008/08/27 13:57:30 | 000,093,056 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2008/08/27 13:50:20 | 000,214,912 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\KR10I.sys -- (KR10I)
DRV - [2008/08/27 13:47:52 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2008/08/27 13:47:13 | 000,091,611 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\afamgt.sys -- (AFAMgt)
DRV - [2008/08/27 13:47:11 | 000,217,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2008/08/27 13:47:11 | 000,214,528 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aarich.sys -- (aarich)
DRV - [2008/08/27 13:47:11 | 000,048,140 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aac.sys -- (aac)
DRV - [2008/08/27 13:37:18 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\atiide.sys -- (atiide)
DRV - [2008/08/04 17:17:14 | 000,185,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2008/08/04 17:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2008/07/21 14:45:20 | 000,017,664 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2008/07/21 13:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2008/07/21 13:39:20 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2008/04/04 15:32:46 | 000,020,208 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2008/01/08 10:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
DRV - [2007/10/16 21:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/10/19 10:45:06 | 000,262,272 | ---- | M] (Cisco Systems, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\csanet.sys -- (csanet)
DRV - [2006/10/19 10:44:36 | 000,230,912 | ---- | M] (Cisco Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\csatdi.sys -- (csatdi)
DRV - [2006/10/19 10:44:20 | 000,040,704 | ---- | M] (Cisco Systems, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\csareg.sys -- (csareg)
DRV - [2006/10/19 10:44:16 | 000,084,224 | ---- | M] (Cisco Systems, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\csafile.sys -- (csafile)
DRV - [2006/10/19 10:44:08 | 000,337,920 | ---- | M] (Cisco Systems, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\csacentr.sys -- (csacenter)
DRV - [2005/11/22 10:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/12 13:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 13:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
DRV - [2005/05/23 15:47:18 | 000,006,899 | ---- | M] (Novell Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\blankscr.sys -- (BlankScr)
DRV - [2005/05/23 15:11:14 | 000,002,773 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Darpan.sys -- (Darpan)
DRV - [2004/08/03 18:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/02/26 14:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2001/03/20 11:55:42 | 000,009,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WNTHW.SYS -- (WNTHW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://XXX
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://XXX/proxy.pac

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.mail.com/"
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:XXX
FF - prefs.js..network.proxy.autoconfig_url: "http://XXX/proxy.pac"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,XXX"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@novell.com/iPrint: C:\WINDOWS\system32 [2011/07/25 08:13:59 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/07 07:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/07 08:01:34 | 000,000,000 | ---D | M]

[2008/11/13 14:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXX\Application Data\Mozilla\Extensions
[2011/05/10 08:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXX\Application Data\Mozilla\Firefox\Profiles\gzthw8ap.default\extensions
[2011/03/22 14:14:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\XXX\Application Data\Mozilla\Firefox\Profiles\gzthw8ap.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/08 13:32:18 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\XXX\Application Data\Mozilla\Firefox\Profiles\gzthw8ap.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/05/10 08:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XXX\Application Data\Mozilla\Firefox\Profiles\gzthw8ap.default\extensions\nostmp
[2011/05/10 08:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/06/30 00:01:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/07 07:57:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [LogEnable] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDDM] C:\Program Files\ZENworks\Patch Management Agent\pddm.exe (Novell, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PtiuPbmd] C:\WINDOWS\System32\ptipbm.dll (Promise Technology,Inc.)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [SetIcon] \Program Files\SMSC\SetIcon.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe (Novell, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Security Agent.lnk = C:\Program Files\Cisco Systems\CSAgent\bin\okclient.exe (Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKLM\..Trusted Domains: state.ny.us ([*.XXX] * in Trusted sites)
O15 - HKLM\..Trusted Domains: state.ny.us ([portal.dec] https in Trusted sites)
O15 - HKLM\..Trusted Domains: zpm.XXX ([]* in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKCU\..Trusted Domains: XXX ([*.XXX] * in Trusted sites)
O15 - HKCU\..Trusted Domains: XXX ([XXX] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} https://XXX/nps/port...t/LocalExec.CAB (LocalExec Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193340393849 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193340353349 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.179.74.22 134.179.250.37 134.179.250.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dec.state.ny.us
O20 - AppInit_DLLs: (csauser.dll) - C:\WINDOWS\System32\csauser.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (ziswin.exe) - C:\WINDOWS\System32\ZISWIN.EXE (Novell)
O20 - HKLM Winlogon: GinaDLL - (NWGina.dll) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\jmbrown\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jmbrown\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Avantstar, Inc.)
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/09 08:50:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{963694ca-a1b4-11db-a99f-000874dc3a12}\Shell - "" = AutoRun
O33 - MountPoints2\{963694ca-a1b4-11db-a99f-000874dc3a12}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{963694ca-a1b4-11db-a99f-000874dc3a12}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/25 09:27:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/25 09:15:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jmbrown\Recent
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[33 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/25 09:27:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/25 09:09:03 | 000,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2011/07/25 09:07:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 09:07:36 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 09:07:35 | 000,025,166 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/07/25 09:07:33 | 000,007,234 | RHS- | M] () -- C:\Documents and Settings\jmbrown\ntuser.pol
[2011/07/25 09:06:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/25 08:15:28 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{78546F2A-0335-4166-8D08-EA2CB32615E5}.job
[2011/07/22 11:30:30 | 000,000,050 | ---- | M] () -- C:\WINDOWS\TOPO.INI
[2011/07/21 00:55:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/05 16:29:21 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[33 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/07 12:37:54 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2009/11/19 00:59:58 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\npnipp.dll
[2009/09/30 15:27:29 | 000,168,208 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/04/03 08:47:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\TOPO.INI
[2009/01/27 13:59:04 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\jmbrown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 19:04:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/05 19:02:57 | 000,009,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\WNTHW.SYS
[2008/12/18 15:58:23 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2008/11/18 12:43:28 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\EA80ED151D.sys
[2008/11/18 12:43:27 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/11/13 14:18:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/13 14:15:53 | 000,008,074 | ---- | C] () -- C:\Documents and Settings\jmbrown\Local Settings\Application Data\WT61US.UWL
[2008/11/12 16:33:05 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2008/11/12 12:27:01 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\asasrv.ini
[2008/11/12 12:24:50 | 000,000,031 | ---- | C] () -- C:\WINDOWS\opera.ini
[2008/08/27 13:50:43 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/27 13:50:42 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/08/27 13:50:39 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008/08/27 13:49:04 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2008/08/27 13:38:12 | 000,282,624 | ---- | C] () -- C:\WINDOWS\UIUHWScan.exe
[2008/08/27 13:38:12 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\uiulah.exe
[2008/08/27 13:38:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\UIUHWSSvc.exe
[2008/08/27 11:57:52 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/08/01 09:06:19 | 000,074,368 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/12/24 11:51:10 | 000,212,480 | R--- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[2007/12/24 11:51:06 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2007/04/02 13:50:25 | 000,000,890 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/22 09:32:39 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\nipplpte.exe
[2007/01/22 09:32:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\icapture.exe
[2007/01/22 09:32:39 | 000,034,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2007/01/16 10:06:20 | 000,000,391 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/12 09:31:55 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2007/01/11 17:23:09 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[2007/01/11 17:23:09 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2007/01/11 17:23:08 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007/01/11 17:23:07 | 000,262,227 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2007/01/11 17:23:05 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2007/01/11 17:23:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2007/01/11 17:22:59 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2007/01/11 17:22:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2007/01/11 17:22:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2007/01/11 17:22:52 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2007/01/09 10:32:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/09 08:53:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/01/09 08:46:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/01/08 12:38:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/01/08 12:37:13 | 002,146,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/09 17:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/09/29 20:47:52 | 000,001,088 | ---- | C] () -- C:\WINDOWS\System32\Generic.ini
[2005/09/29 20:22:50 | 000,000,232 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini
[2005/09/29 20:22:42 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,441,816 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,071,468 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/17 04:39:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
[2004/03/17 04:38:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll
[2002/06/20 17:11:48 | 000,000,218 | ---- | C] () -- C:\WINDOWS\ORAODBC.INI
[2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1997/06/25 15:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

< End of report >
  • 0

Advertisements


#2
RedfordRenegade

RedfordRenegade

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I forgot to add when McAfee detected the virus it labeled it "Hiloti.gen.Z and the exe file name it was operating under was ixumd1n2[1].exe

It was operating out of my C:/doc&setting/XXX/local/temp/content.IE51syr39zmo......exe (the dots mean the file extension was a real long list of numbers.

I don't know if that helps or not.

-J
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP