Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FakeAert!grb and Files hidden

Started by jogibso1 , Oct 21 2011 07:27 AM

  • This topic is locked This topic is locked

#1
jogibso1
Posted 21 October 2011 - 07:27 AM

jogibso1

    Member

  • Member
  • PipPipPip
  • 135 posts
I clicked on a bad link in an email and started getting bombarded with obviously fake scans that read "System Restore: Pc Performance & Stability Report". Then 20 or so warnings/alerts popped up reading "Windows delayed write failed...etc." and a few reading "files indexation process failed". The biggest issue is that it hid all of my files and folders. I ran a couple scans, cleaned some things up, and unhid all my files through the command prompt and it worked for about 24 hrs just fine. Now it is back doing the exact same thing so I must no have cleaned it all up. Any help would be GREATLY appreciated!

OTL logfile created on: 10/21/2011 9:11:51 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = E:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 71.61% Memory free

4.82 Gb Paging File | 3.98 Gb Available in Paging File | 82.51% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.87 Gb Total Space | 153.73 Gb Free Space | 66.01% Space Free | Partition Type: NTFS

Drive E: | 1.94 Gb Total Space | 0.65 Gb Free Space | 33.66% Space Free | Partition Type: FAT

Computer Name: NG00158029 | User Name: jeh46727 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/21 09:10:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

PRC - [2011/10/21 09:05:06 | 000,397,312 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe

PRC - [2011/10/21 09:03:45 | 000,516,096 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\mUFSibFuIkV.exe

PRC - [2010/12/14 18:22:37 | 000,075,608 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe

PRC - [2010/10/15 16:05:00 | 000,185,664 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

PRC - [2010/10/15 16:05:00 | 000,140,608 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe

PRC - [2010/10/15 16:05:00 | 000,120,128 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe

PRC - [2010/10/15 16:05:00 | 000,075,072 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe

PRC - [2010/09/27 12:35:58 | 002,093,322 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\blackd.exe

PRC - [2010/09/27 12:35:58 | 001,274,122 | -H-- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\RapApp.exe

PRC - [2010/09/27 12:35:58 | 000,405,770 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\ISS\Proventia Desktop\vpatch.exe

PRC - [2010/02/26 02:37:06 | 001,287,464 | -H-- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

PRC - [2010/02/26 02:37:00 | 000,173,352 | -H-- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe

PRC - [2010/02/23 12:58:10 | 000,385,133 | -H-- | M] (Altiris) -- C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\Cache\AeXRunControl.exe

PRC - [2009/11/18 05:19:46 | 000,229,458 | -H-- | M] (IDT, Inc.) -- c:\Drivers\Audio\stacsv.exe

PRC - [2009/04/22 10:53:40 | 001,221,928 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe

PRC - [2009/04/22 10:53:34 | 000,148,768 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\eSupport\bin\tgsrvc.exe

PRC - [2009/04/22 10:53:30 | 000,202,016 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\eSupport\bin\sprtsvc.exe

PRC - [2009/04/22 10:53:18 | 000,202,016 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\eSupport\bin\sprtcmd.exe

PRC - [2009/04/21 22:01:56 | 000,737,280 | -H-- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe

PRC - [2009/03/27 19:10:56 | 000,014,336 | -H-- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe

PRC - [2009/01/27 20:50:00 | 000,144,704 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

PRC - [2009/01/27 20:50:00 | 000,111,952 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2009/01/27 20:50:00 | 000,054,608 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

PRC - [2008/04/17 09:08:46 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/03/07 15:41:18 | 001,437,696 | -H-- | M] (Altiris) -- C:\Program Files\Altiris\Carbon Copy\Client.exe

PRC - [2007/03/07 15:41:18 | 000,724,992 | -H-- | M] (Altiris) -- C:\Program Files\Altiris\Carbon Copy\ShellKer.exe

PRC - [2007/03/07 15:18:58 | 000,049,152 | -H-- | M] (Altiris) -- C:\WINDOWS\system32\CCSRVC.exe

PRC - [2007/01/31 14:55:42 | 000,096,370 | -H-- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2006/09/21 05:20:00 | 000,127,036 | -H-- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005/07/15 17:48:33 | 000,479,232 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe



========== Modules (No Company Name) ==========

MOD - [2011/05/22 13:21:36 | 000,093,696 | -H-- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2010/10/15 16:05:00 | 000,065,536 | -H-- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll

MOD - [2010/09/27 12:35:54 | 000,745,984 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\libxml2.dll

MOD - [2010/09/27 12:35:54 | 000,147,968 | ---- | M] () -- C:\Program Files\ISS\Proventia Desktop\libxslt.dll

MOD - [2010/09/22 21:12:20 | 000,016,832 | -H-- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll

MOD - [2009/04/16 17:49:04 | 000,756,040 | -H-- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

MOD - [2008/10/26 05:42:14 | 000,065,376 | -H-- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

MOD - [2008/04/17 09:08:56 | 000,197,408 | -H-- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2007/08/14 14:43:46 | 006,365,184 | -H-- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll

MOD - [2007/07/12 22:33:58 | 000,087,552 | -H-- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll

MOD - [2007/07/12 12:55:52 | 000,131,072 | -H-- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007/07/12 12:55:28 | 001,581,056 | -H-- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

MOD - [2007/04/18 20:30:46 | 000,471,040 | -H-- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll

MOD - [2007/04/18 20:30:46 | 000,393,216 | -H-- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll

MOD - [2006/11/30 08:50:00 | 000,149,080 | -H-- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL

MOD - [2006/10/27 15:35:18 | 000,436,512 | -H-- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

MOD - [2001/07/31 03:17:12 | 000,094,274 | -H-- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL



========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Running] -- -- (VPatch)

SRV - File not found [Unknown | Running] -- -- (RapApp)

SRV - File not found [Unknown | Running] -- -- (BlackICE)

SRV - [2010/12/14 18:22:37 | 000,075,608 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe -- (FIMPasswordReset)

SRV - [2010/10/15 16:05:00 | 000,120,128 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2010/02/26 02:37:06 | 001,287,464 | -H-- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)

SRV - [2009/11/18 05:19:46 | 000,229,458 | -H-- | M] (IDT, Inc.) [Auto | Running] -- c:\Drivers\Audio\stacsv.exe -- (STacSV)

SRV - [2009/04/22 10:53:40 | 001,221,928 | -H-- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)

SRV - [2009/04/22 10:53:34 | 000,148,768 | -H-- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\eSupport\bin\tgsrvc.exe -- (tgsrvc_esupport) SupportSoft Repair Service (esupport)

SRV - [2009/04/22 10:53:30 | 000,202,016 | -H-- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\eSupport\bin\sprtsvc.exe -- (sprtsvc_esupport) SupportSoft Sprocket Service (esupport)

SRV - [2009/03/27 19:10:56 | 000,014,336 | -H-- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2009/01/27 20:50:00 | 000,144,704 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)

SRV - [2009/01/27 20:50:00 | 000,054,608 | -H-- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2008/04/17 09:08:46 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007/03/07 15:18:58 | 000,049,152 | -H-- | M] (Altiris) [Auto | Running] -- C:\WINDOWS\system32\CCSRVC.exe -- (CarbonCopy32)

SRV - [2007/01/31 14:55:42 | 000,096,370 | -H-- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)



========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (MBAMSwissArmy)

DRV - [2010/09/27 12:35:58 | 000,050,163 | -H-- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (rap)

DRV - [2010/09/27 12:35:56 | 000,205,938 | -H-- | M] (Internet Security Systems, Inc.) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\Blackcat.sys -- (black)

DRV - [2010/09/27 12:35:56 | 000,080,512 | -H-- | M] (Internet Security Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\isskboep.sys -- (MakoNT)

DRV - [2010/04/05 11:44:28 | 006,601,216 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2010/02/25 15:19:12 | 000,016,768 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2010/01/28 20:55:06 | 000,058,600 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2009/12/10 09:33:34 | 000,167,080 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®

DRV - [2009/12/03 07:57:48 | 000,045,984 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2009/11/20 20:15:18 | 000,137,728 | -H-- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2009/11/20 20:15:16 | 000,058,880 | -H-- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2009/11/18 05:19:46 | 001,654,723 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2009/09/17 13:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2009/07/21 15:18:58 | 001,161,760 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/20 15:05:16 | 000,049,152 | -H-- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)

DRV - [2009/06/25 16:58:10 | 000,048,128 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2009/04/21 23:13:34 | 000,113,664 | -H-- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2009/01/27 20:50:00 | 000,177,864 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/01/27 20:50:00 | 000,073,512 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/01/27 20:50:00 | 000,065,000 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2009/01/27 20:50:00 | 000,052,168 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2009/01/27 20:50:00 | 000,034,408 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/01/27 20:50:00 | 000,031,848 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)

DRV - [2008/11/21 09:57:04 | 000,238,736 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®

DRV - [2008/10/11 15:56:00 | 000,045,056 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2008/07/29 15:41:36 | 000,038,400 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2008/07/23 11:31:38 | 000,044,800 | -H-- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2008/04/17 09:07:52 | 000,306,299 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008/03/29 17:36:28 | 000,125,328 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/03/07 15:22:54 | 000,009,216 | -H-- | M] (Altiris) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CCDevice.sys -- (CCDevice)

DRV - [2007/01/18 17:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/09/21 05:20:00 | 000,094,460 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/09/21 05:20:00 | 000,088,476 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/09/21 05:20:00 | 000,087,004 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/09/21 05:20:00 | 000,026,044 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/09/21 05:20:00 | 000,015,068 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/09/21 05:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/09/21 05:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2006/07/24 01:00:04 | 000,022,016 | -H-- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2006/07/24 01:00:04 | 000,017,920 | -H-- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2006/03/17 08:35:24 | 000,005,660 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/03/17 08:34:46 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005/01/26 11:22:20 | 000,280,344 | -H-- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vofonline.org

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vofonline.org

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: c:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010/10/21 14:49:18 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 10:32:57 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/01 13:47:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\jeh46727\Application Data\Mozilla\Extensions

[2011/07/18 10:06:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\jeh46727\Application Data\Mozilla\Firefox\Profiles\u5rmbpk9.default\extensions

[2011/07/18 10:06:14 | 000,000,000 | -H-D | M] (StartNow Toolbar) -- C:\Documents and Settings\jeh46727\Application Data\Mozilla\Firefox\Profiles\u5rmbpk9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

[2011/07/01 13:43:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/30 11:44:25 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/10/04 16:36:57 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/04 16:36:54 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/30 08:52:58 | 000,001,665 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 10.192.32.76 COVSMICES-ANS01 COVSMICES-ANS01.vita.virginia.gov COVSMICES-ANS01.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***

O1 - Hosts: 10.192.32.77 COVSMICES-ANS03 COVSMICES-ANS03.vita.virginia.gov COVSMICES-ANS03.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***

O1 - Hosts: 10.192.32.78 COVSMICES-ANS04 COVSMICES-ANS04.vita.virginia.gov COVSMICES-ANS04.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***

O1 - Hosts: 10.192.32.79 COVSMICES-ANS05 COVSMICES-ANS05.vita.virginia.gov COVSMICES-ANS05.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***

O1 - Hosts: 10.192.32.80 COVSMICES-ANS06 COVSMICES-ANS06.vita.virginia.gov COVSMICES-ANS06.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***

O1 - Hosts: 10.192.32.45 COVSMICES-ANS07 COVSMICES-ANS07.vita.virginia.gov COVSMICES-ANS07.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***

O1 - Hosts: 172.22.234.78 cov-rpb-nas002.cov.virginia.gov

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [eSupport] C:\Program Files\eSupport\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [mUFSibFuIkV.exe] C:\Documents and Settings\All Users\Application Data\mUFSibFuIkV.exe (Mozilla Foundation)

O4 - HKLM..\Run: [PasswordRegistration] C:\WINDOWS\system32\MsPwdRegistration.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 32000

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = speech.cpl

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = wscui.cpl (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O15 - HKCU\..Trusted Domains: virginia.gov ([]* in Local intranet)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} Reg Error: Key error. (Macromedia Authorware Web Player Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 208.67.222.222 208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cov.virginia.gov

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9349DAF-DAF6-4F51-9E8F-558564BD41CE}: DhcpNameServer = 192.168.1.1 208.67.222.222 208.67.220.220

O20 - AppInit_DLLs: (AMINIT32.dll) -C:\WINDOWS\System32\AMInit32.dll (Altiris, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (MsPwdGina.dll) -C:\WINDOWS\System32\MsPwdGina.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/10/21 13:49:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{66608724-a3e0-11e0-8bea-183da27742a0}\Shell - "" = AutoRun

O33 - MountPoints2\{66608724-a3e0-11e0-8bea-183da27742a0}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{66608724-a3e0-11e0-8bea-183da27742a0}\Shell\AutoRun\command - "" = E:\HPLauncher.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HPLauncher.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 09:15:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jeh46727\Recent

[2011/10/21 09:11:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jeh46727\Desktop\OTL.exe

[2011/10/21 09:05:06 | 000,397,312 | -H-- | C] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe

[2011/10/21 09:04:17 | 000,516,096 | -H-- | C] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\mUFSibFuIkV.exe

[2011/10/18 16:14:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Application Data\Malwarebytes

[2011/10/18 16:13:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/10/18 16:13:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/10/18 16:13:00 | 000,022,216 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/10/18 16:12:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/10/18 15:40:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Start Menu\Programs\System Restore

[2011/10/13 16:45:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\XSxS

[2011/10/13 16:45:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Xenocode

[2011/10/05 10:32:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2011/10/05 10:32:19 | 000,000,000 | -H-D | C] -- C:\Program Files\QuickTime

[2011/10/05 10:32:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2011/09/29 10:06:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Desktop\junk external

[2011/09/28 12:27:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\Microsoft Help

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/21 09:14:02 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E4FB61D-FD24-4CAA-971B-7D1C6622E1F5}.job

[2011/10/21 09:14:02 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD47D710-2AAD-4188-9F7D-8E132E50A387}.job

[2011/10/21 09:10:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jeh46727\Desktop\OTL.exe

[2011/10/21 09:05:39 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011/10/21 09:05:39 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\System Restore.lnk

[2011/10/21 08:35:43 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\wininet_dll.iss

[2011/10/21 08:35:42 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\url_dll.iss

[2011/10/21 08:35:41 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\urlmon_dll.iss

[2011/10/21 08:35:23 | 000,000,892 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/10/21 08:33:55 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/10/21 08:33:18 | 002,622,912 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/10/21 08:33:01 | 000,002,048 | -H-- | M] () -- C:\WINDOWS\bootstat.dat

[2011/10/20 16:01:56 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D0ECDD89-2BB9-45B6-B552-6ED5D53B024C}.job

[2011/10/20 14:42:08 | 000,011,318 | RHS- | M] () -- C:\Documents and Settings\jeh46727\ntuser.pol

[2011/10/20 14:18:28 | 000,062,402 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2011/10/20 13:59:22 | 000,001,504 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk

[2011/10/20 13:52:58 | 000,001,519 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk

[2011/10/20 12:38:03 | 000,000,484 | -H-- | M] () -- C:\WINDOWS\tasks\Computer Account Inventory Update.job

[2011/10/20 12:09:05 | 000,444,966 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/10/20 12:09:05 | 000,072,676 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/10/20 12:04:04 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK

[2011/10/20 09:00:12 | 000,000,491 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to START.mxd.lnk

[2011/10/20 00:27:49 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/10/19 16:22:20 | 000,000,496 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ProposedEasements.lnk

[2011/10/18 15:44:46 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\crypt32_dll.iss

[2011/10/18 15:43:33 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/10/18 09:19:19 | 000,015,582 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\PTO Leave Form.pdf

[2011/10/17 10:36:22 | 000,510,061 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\fw9-1.pdf

[2011/10/17 10:34:58 | 000,114,345 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\fw9.pdf

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 09:05:39 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

[2011/10/21 09:05:39 | 000,000,839 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\System Restore.lnk

[2011/10/20 13:59:22 | 000,001,504 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk

[2011/10/20 13:52:58 | 000,001,519 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk

[2011/10/20 09:00:12 | 000,000,491 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to START.mxd.lnk

[2011/10/19 16:22:20 | 000,000,496 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ProposedEasements.lnk

[2011/10/18 13:24:00 | 002,421,472 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\2855-2856AEP_DeedEsmt.pdf

[2011/10/17 10:36:15 | 000,510,061 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\fw9-1.pdf

[2011/10/17 10:34:58 | 000,114,345 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\fw9.pdf

[2011/09/15 14:43:09 | 000,110,060 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat

[2011/09/15 14:43:09 | 000,006,947 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat

[2011/07/29 09:12:27 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2011/07/25 09:48:59 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\wpd99.drv

[2011/07/25 09:48:58 | 000,051,716 | -H-- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2011/07/07 13:40:23 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\$_hpcst$.hpc

[2011/07/01 13:43:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat

[2011/06/30 15:33:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\client.INI

[2011/06/30 11:29:25 | 000,032,256 | -H-- | C] () -- C:\WINDOWS\System32\ntrights.exe

[2011/06/27 15:36:56 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL

[2011/06/27 15:36:56 | 000,000,484 | -H-- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT

[2011/06/27 15:16:04 | 000,000,108 | -H-- | C] () -- C:\WINDOWS\ArcPad.INI

[2011/06/21 17:54:58 | 002,185,518 | -H-- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2011/06/21 16:00:12 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI

[2011/06/21 15:55:23 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/02/04 10:17:36 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini

[2010/10/26 13:51:52 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig

[2010/10/21 17:36:51 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/10/21 17:36:46 | 000,444,966 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/21 17:36:46 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2010/10/21 17:36:46 | 000,072,676 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/21 17:36:46 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2010/10/21 17:36:45 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2010/10/21 17:36:45 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

[2010/10/21 17:36:43 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

[2010/10/21 17:36:37 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2010/10/21 17:36:36 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2010/10/21 17:36:23 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2010/10/21 17:36:20 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin

[2010/10/21 14:56:11 | 000,001,617 | -H-- | C] () -- C:\WINDOWS\wininit.ini

[2010/10/21 14:47:02 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2010/10/21 14:47:02 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2010/10/21 14:47:02 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2010/10/21 14:47:02 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2010/10/21 14:47:02 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2010/10/21 14:47:02 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2010/10/21 13:55:35 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL

[2010/10/21 13:55:35 | 000,000,311 | -H-- | C] () -- C:\WINDOWS\System32\HPB2550V.DAT

[2010/10/21 13:55:34 | 000,094,274 | -H-- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2010/10/21 13:54:17 | 000,002,030 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.ini

[2010/10/21 13:53:45 | 000,002,401 | -H-- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys

[2010/10/21 13:52:08 | 000,002,048 | -H-- | C] () -- C:\WINDOWS\bootstat.dat

[2010/10/21 13:47:17 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/10/21 09:42:40 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/10/21 09:42:03 | 002,622,912 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/04/17 09:08:56 | 000,197,408 | -H-- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2008/04/17 09:08:44 | 000,193,312 | -H-- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2007/07/12 22:33:58 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2006/09/26 17:49:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/12 18:17:36 | 000,000,258 | -H-- | C] () -- C:\WINDOWS\AWSHKWV.ini

[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[1997/06/25 15:24:16 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== LOP Check ==========

[2011/07/01 08:34:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems

[2011/06/27 14:30:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI

[2011/07/25 09:48:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2010/10/21 14:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2011/06/30 18:44:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\DataEast

[2011/08/04 10:53:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\ESRI

[2011/09/07 22:29:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\Ewywe

[2011/09/09 15:20:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\FileZilla

[2011/09/08 06:31:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\Ispase

[2011/07/25 09:52:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\PDF reDirect

[2011/07/27 12:59:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\Softland

[2011/07/27 11:49:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\VITA

[2011/07/27 16:18:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\webex

[2011/10/20 12:38:03 | 000,000,484 | -H-- | M] () -- C:\WINDOWS\Tasks\Computer Account Inventory Update.job

[2011/10/21 09:14:02 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E4FB61D-FD24-4CAA-971B-7D1C6622E1F5}.job

[2011/10/21 09:14:02 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD47D710-2AAD-4188-9F7D-8E132E50A387}.job

[2011/10/20 16:01:56 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D0ECDD89-2BB9-45B6-B552-6ED5D53B024C}.job

========== Purity Check ==========





< End of report >
  • 0

Advertisements

#2
ali.B
Posted 21 October 2011 - 01:14 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

please do not separate the lines in your logs with spaces.

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKLM..\Run: [mUFSibFuIkV.exe] C:\Documents and Settings\All Users\Application Data\mUFSibFuIkV.exe (Mozilla Foundation)
O33 - MountPoints2\{66608724-a3e0-11e0-8bea-183da27742a0}\Shell - "" = AutoRun
O33 - MountPoints2\{66608724-a3e0-11e0-8bea-183da27742a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{66608724-a3e0-11e0-8bea-183da27742a0}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HPLauncher.exe
[2011/10/21 09:05:06 | 000,397,312 | -H-- | C] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/21 09:04:17 | 000,516,096 | -H-- | C] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\mUFSibFuIkV.exe
[2011/10/21 08:35:43 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\wininet_dll.iss
[2011/10/21 08:35:42 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\url_dll.iss
[2011/10/21 08:35:41 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\urlmon_dll.iss
[2011/10/18 15:44:46 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\crypt32_dll.iss

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#3
jogibso1
Posted 21 October 2011 - 02:05 PM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Thank you for the response...this seems to have taken an entirely different turn. The machine restarted and will not reboot (even in safe mode). Windows is not loading. I am on an HP lapop, so when I turn the machine on, it does power up and I see the HP logo, then a blinking cursor in the top left corner of a blank black screen, and nothing else. Will sit there for hours. No function keys have worked. I cannot run anything or access anything. Any ideas??
  • 0

#4
ali.B
Posted 22 October 2011 - 03:04 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

turn on your laptop, while its booting hit repeatedly the F8 button.

Choose "Last Known Good Configuration" and hit enter.

see if that works.
  • 0

#5
jogibso1
Posted 22 October 2011 - 06:49 AM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Hi, I tried. F8 does nothing. Still the cursor. :)
  • 0

#6
ali.B
Posted 23 October 2011 - 04:00 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi


Download the attached Scan.txt file and put it on a USB.

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Copy the contents of the attached scan.txt into the Custom scans and fixes box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

Attached Files

  • Attached File  Scan.txt   260bytes   115 downloads

  • 0

#7
jogibso1
Posted 23 October 2011 - 07:09 AM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Thanks

It started to install as you mention, with a status bar stating Starting Reatogo-X-PE
then I received this message:

The file atapi.sys is corrupted. Press any key to continue.

I hit a key, and it restarted. The same thing started again (Starting Reatogo-X-PE) then I received this message:

The file asc.sys is corrupted. Press any key to continue.
  • 0

#8
jogibso1
Posted 23 October 2011 - 07:40 AM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Ok, I noticed a scratch, re-burned a new CD and it seems to be running ok now...standby...
  • 0

#9
jogibso1
Posted 23 October 2011 - 07:45 AM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Okay getting ready to follow instructions. My current files and folders should not be effected correct?
  • 0

#10
jogibso1
Posted 23 October 2011 - 08:38 AM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
OTL logfile created on: 10/23/2011 11:09:56 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 153.82 Gb Free Space | 66.05% Space Free | Partition Type: NTFS
Drive D: | 1.94 Gb Total Space | 0.65 Gb Free Space | 33.65% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/12/14 18:22:37 | 000,075,608 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe -- (FIMPasswordReset)
SRV - [2010/10/15 16:05:00 | 000,120,128 | -H-- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/09/27 12:35:58 | 002,093,322 | ---- | M] (Internet Security Systems, Inc.) [Auto] -- C:\Program Files\ISS\Proventia Desktop\blackd.exe -- (BlackICE)
SRV - [2010/09/27 12:35:58 | 001,274,122 | -H-- | M] (Internet Security Systems, Inc.) [Auto] -- C:\Program Files\ISS\Proventia Desktop\RapApp.exe -- (RapApp)
SRV - [2010/09/27 12:35:58 | 000,405,770 | ---- | M] (Internet Security Systems, Inc.) [Auto] -- C:\Program Files\ISS\Proventia Desktop\vpatch.exe -- (VPatch)
SRV - [2010/02/26 02:37:06 | 001,287,464 | -H-- | M] (Altiris, Inc.) [Auto] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2009/11/18 05:19:46 | 000,229,458 | -H-- | M] (IDT, Inc.) [Auto] -- C:\Drivers\Audio\stacsv.exe -- (STacSV)
SRV - [2009/04/22 10:53:40 | 001,221,928 | -H-- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2009/04/22 10:53:34 | 000,148,768 | -H-- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\eSupport\bin\tgsrvc.exe -- (tgsrvc_esupport) SupportSoft Repair Service (esupport)
SRV - [2009/04/22 10:53:30 | 000,202,016 | -H-- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\eSupport\bin\sprtsvc.exe -- (sprtsvc_esupport) SupportSoft Sprocket Service (esupport)
SRV - [2009/03/27 19:10:56 | 000,014,336 | -H-- | M] (LSI Corporation) [Auto] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/01/27 20:50:00 | 000,144,704 | -H-- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/01/27 20:50:00 | 000,054,608 | -H-- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008/04/17 09:08:46 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/07 15:18:58 | 000,049,152 | -H-- | M] (Altiris) [Auto] -- C:\WINDOWS\system32\CCSRVC.exe -- (CarbonCopy32)
SRV - [2007/01/31 14:55:42 | 000,096,370 | -H-- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/27 12:35:58 | 000,050,163 | -H-- | M] (Internet Security Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RapDrv.sys -- (rap)
DRV - [2010/09/27 12:35:56 | 000,205,938 | -H-- | M] (Internet Security Systems, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Blackcat.sys -- (black)
DRV - [2010/09/27 12:35:56 | 000,080,512 | -H-- | M] (Internet Security Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\isskboep.sys -- (MakoNT)
DRV - [2010/04/05 11:44:28 | 006,601,216 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2010/02/25 15:19:12 | 000,016,768 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/01/28 20:55:06 | 000,058,600 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/12/10 09:33:34 | 000,167,080 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/12/03 07:57:48 | 000,045,984 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/11/20 20:15:18 | 000,137,728 | -H-- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/11/20 20:15:16 | 000,058,880 | -H-- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/18 05:19:46 | 001,654,723 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/09/17 13:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/21 15:18:58 | 001,161,760 | -H-- | M] (LSI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 15:05:16 | 000,049,152 | -H-- | M] (RICOH Company, Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/06/25 16:58:10 | 000,048,128 | -H-- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/21 23:13:34 | 000,113,664 | -H-- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/01/27 20:50:00 | 000,177,864 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/01/27 20:50:00 | 000,073,512 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/01/27 20:50:00 | 000,065,000 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/01/27 20:50:00 | 000,052,168 | -H-- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/01/27 20:50:00 | 000,034,408 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/01/27 20:50:00 | 000,031,848 | -H-- | M] (McAfee, Inc.) [Kernel | System] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2008/11/21 09:57:04 | 000,238,736 | -H-- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/10/11 15:56:00 | 000,045,056 | -H-- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/29 15:41:36 | 000,038,400 | -H-- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/23 11:31:38 | 000,044,800 | -H-- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/04/17 09:07:52 | 000,306,299 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/03/07 15:22:54 | 000,009,216 | -H-- | M] (Altiris) [Kernel | System] -- C:\WINDOWS\System32\drivers\CCDevice.sys -- (CCDevice)
DRV - [2007/01/18 17:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/21 05:20:00 | 000,094,460 | -H-- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/09/21 05:20:00 | 000,088,476 | -H-- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/09/21 05:20:00 | 000,087,004 | -H-- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/21 05:20:00 | 000,026,044 | -H-- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/09/21 05:20:00 | 000,015,068 | -H-- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/09/21 05:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/09/21 05:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/07/24 01:00:04 | 000,022,016 | -H-- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/07/24 01:00:04 | 000,017,920 | -H-- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2006/03/17 08:35:24 | 000,005,660 | -H-- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/26 11:22:20 | 000,280,344 | -H-- | M] (Zone Labs LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\aaDave.Morton_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.state.va.us/cmsportal3
IE - HKU\aaDave.Morton_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\aaDave.Morton_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\aaDave.Morton_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.state.va.us/cmsportal3
IE - HKU\aaDave.Morton_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\aaDave.Morton_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\A-VITA_SD_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.state.va.us/cmsportal3
IE - HKU\A-VITA_SD_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\A-VITA_SD_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\A-VITA_SD_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.state.va.us/cmsportal3
IE - HKU\A-VITA_SD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\A-VITA_SD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\jeh46727_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vofonline.org
IE - HKU\jeh46727_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://vofonline.org
IE - HKU\jeh46727_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\jeh46727_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>




========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010/10/21 14:49:18 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 10:32:57 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/01 13:47:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\jeh46727\Application Data\Mozilla\Extensions
[2011/07/18 10:06:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\jeh46727\Application Data\Mozilla\Firefox\Profiles\u5rmbpk9.default\extensions
[2011/07/18 10:06:14 | 000,000,000 | -H-D | M] (StartNow Toolbar) -- C:\Documents and Settings\jeh46727\Application Data\Mozilla\Firefox\Profiles\u5rmbpk9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/01 13:43:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/30 11:44:25 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/04 16:36:57 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/04 16:36:54 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/30 08:52:58 | 000,001,665 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.192.32.76 COVSMICES-ANS01 COVSMICES-ANS01.vita.virginia.gov COVSMICES-ANS01.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.77 COVSMICES-ANS03 COVSMICES-ANS03.vita.virginia.gov COVSMICES-ANS03.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.78 COVSMICES-ANS04 COVSMICES-ANS04.vita.virginia.gov COVSMICES-ANS04.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.79 COVSMICES-ANS05 COVSMICES-ANS05.vita.virginia.gov COVSMICES-ANS05.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.80 COVSMICES-ANS06 COVSMICES-ANS06.vita.virginia.gov COVSMICES-ANS06.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 10.192.32.45 COVSMICES-ANS07 COVSMICES-ANS07.vita.virginia.gov COVSMICES-ANS07.cov.virginia.gov # Altiris NS ***DO NOT REMOVE OR MODIFY***
O1 - Hosts: 172.22.234.78 cov-rpb-nas002.cov.virginia.gov
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [eSupport] C:\Program Files\eSupport\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mUFSibFuIkV.exe] C:\Documents and Settings\All Users\Application Data\mUFSibFuIkV.exe (Mozilla Foundation)
O4 - HKLM..\Run: [PasswordRegistration] C:\WINDOWS\system32\MsPwdRegistration.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 32000
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\aaDave.Morton_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\aaDave.Morton_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = speech.cpl
O7 - HKU\aaDave.Morton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = wscui.cpl (Microsoft Corporation)
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = speech.cpl
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = wscui.cpl (Microsoft Corporation)
O7 - HKU\A-VITA_SD_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\A-VITA_SD_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = speech.cpl
O7 - HKU\A-VITA_SD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = wscui.cpl (Microsoft Corporation)
O7 - HKU\jeh46727_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\jeh46727_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = speech.cpl
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = wscui.cpl (Microsoft Corporation)
O7 - HKU\jeh46727_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} Reg Error: Key error. (Macromedia Authorware Web Player Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cov.virginia.gov
O20 - AppInit_DLLs: (AMINIT32.dll) - C:\WINDOWS\System32\AMInit32.dll (Altiris, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MsPwdGina.dll) - C:\WINDOWS\System32\MsPwdGina.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/21 13:49:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{66608724-a3e0-11e0-8bea-183da27742a0}\Shell - "" = AutoRun
O33 - MountPoints2\{66608724-a3e0-11e0-8bea-183da27742a0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{66608724-a3e0-11e0-8bea-183da27742a0}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 09:36:48 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jeh46727\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/21 09:35:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jeh46727\Recent
[2011/10/21 09:11:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jeh46727\Desktop\OTL.exe
[2011/10/21 09:05:06 | 000,397,312 | -H-- | C] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/21 09:04:17 | 000,516,096 | -H-- | C] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\mUFSibFuIkV.exe
[2011/10/18 16:14:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Application Data\Malwarebytes
[2011/10/18 16:13:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/18 16:13:00 | 000,022,216 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/18 16:12:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/18 15:40:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Start Menu\Programs\System Restore
[2011/10/13 16:45:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\XSxS
[2011/10/13 16:45:45 | 000,000,000 | -H-D | C] -- C:\Program Files\Xenocode
[2011/10/05 10:32:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/05 10:32:19 | 000,000,000 | -H-D | C] -- C:\Program Files\QuickTime
[2011/10/05 10:32:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/29 10:06:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Desktop\junk external
[2011/09/28 12:27:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jeh46727\Local Settings\Application Data\Microsoft Help
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/21 09:42:06 | 000,002,048 | -H-- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/21 09:39:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E4FB61D-FD24-4CAA-971B-7D1C6622E1F5}.job
[2011/10/21 09:39:00 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD47D710-2AAD-4188-9F7D-8E132E50A387}.job
[2011/10/21 09:34:02 | 000,000,892 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/21 09:34:02 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/21 09:10:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jeh46727\Desktop\OTL.exe
[2011/10/21 09:05:39 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/21 09:05:39 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\System Restore.lnk
[2011/10/21 09:05:06 | 000,397,312 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
[2011/10/21 09:03:45 | 000,516,096 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\All Users\Application Data\mUFSibFuIkV.exe
[2011/10/21 08:35:43 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\wininet_dll.iss
[2011/10/21 08:35:42 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\url_dll.iss
[2011/10/21 08:35:41 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\urlmon_dll.iss
[2011/10/21 08:33:18 | 002,622,912 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 16:01:56 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D0ECDD89-2BB9-45B6-B552-6ED5D53B024C}.job
[2011/10/20 14:42:08 | 000,011,318 | RHS- | M] () -- C:\Documents and Settings\jeh46727\ntuser.pol
[2011/10/20 14:18:28 | 000,062,402 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/20 13:59:22 | 000,001,504 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2011/10/20 13:52:58 | 000,001,519 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/10/20 12:38:03 | 000,000,484 | -H-- | M] () -- C:\WINDOWS\tasks\Computer Account Inventory Update.job
[2011/10/20 12:09:05 | 000,444,966 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/20 12:09:05 | 000,072,676 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/20 12:05:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/10/20 12:04:04 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/20 09:00:12 | 000,000,491 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to START.mxd.lnk
[2011/10/20 00:27:49 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/19 16:22:20 | 000,000,496 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ProposedEasements.lnk
[2011/10/18 15:57:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jeh46727\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/18 15:44:46 | 000,000,028 | -H-- | M] () -- C:\WINDOWS\System32\crypt32_dll.iss
[2011/10/18 15:43:33 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/18 15:40:09 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/10/18 15:40:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roxio
[2011/10/18 15:40:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/10/18 15:40:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/18 15:40:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Python 2.5
[2011/10/18 15:40:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/10/18 15:40:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/18 15:40:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/10/18 15:40:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FYZip
[2011/10/18 15:40:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2011/10/18 15:40:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ExtractNow
[2011/10/18 15:40:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\doPDF 7
[2011/10/18 15:40:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Systems VPN Client
[2011/10/18 15:40:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcGIS
[2011/10/18 15:40:06 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/10/18 15:40:06 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/10/18 15:40:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Altiris
[2011/10/18 09:19:19 | 000,015,582 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\PTO Leave Form.pdf
[2011/10/17 10:36:22 | 000,510,061 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\fw9-1.pdf
[2011/10/17 10:34:58 | 000,114,345 | -H-- | M] () -- C:\Documents and Settings\jeh46727\Desktop\fw9.pdf
[2011/10/03 04:35:11 | 005,971,456 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/26 11:41:20 | 000,611,328 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 09:05:39 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/21 09:05:39 | 000,000,839 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\System Restore.lnk
[2011/10/20 13:59:22 | 000,001,504 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2011/10/20 13:52:58 | 000,001,519 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011/10/20 09:00:12 | 000,000,491 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to START.mxd.lnk
[2011/10/19 16:22:20 | 000,000,496 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ProposedEasements.lnk
[2011/10/18 13:24:00 | 002,421,472 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\2855-2856AEP_DeedEsmt.pdf
[2011/10/17 10:36:15 | 000,510,061 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\fw9-1.pdf
[2011/10/17 10:34:58 | 000,114,345 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Desktop\fw9.pdf
[2011/09/15 14:43:09 | 000,110,060 | -H-- | C] () -- C:\WINDOWS\hpoins11.dat
[2011/09/15 14:43:09 | 000,006,947 | -H-- | C] () -- C:\WINDOWS\hpomdl11.dat
[2011/07/29 09:12:27 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011/07/27 11:36:32 | 000,006,964 | RH-- | C] () -- C:\Documents and Settings\aaDave.Morton\ntuser.pol
[2011/07/25 09:48:59 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2011/07/25 09:48:58 | 000,051,716 | -H-- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/07/07 13:40:23 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\jeh46727\Application Data\$_hpcst$.hpc
[2011/07/01 13:43:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/30 15:33:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\client.INI
[2011/06/30 11:43:12 | 000,011,318 | RHS- | C] () -- C:\Documents and Settings\jeh46727\ntuser.pol
[2011/06/30 11:29:25 | 000,032,256 | -H-- | C] () -- C:\WINDOWS\System32\ntrights.exe
[2011/06/27 18:55:41 | 000,006,964 | RH-- | C] () -- C:\Documents and Settings\A-VITA_SD\ntuser.pol
[2011/06/27 15:36:56 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2011/06/27 15:36:56 | 000,000,484 | -H-- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2011/06/27 15:16:11 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\A-VITA_SD\Application Data\$_hpcst$.hpc
[2011/06/27 15:16:04 | 000,000,108 | -H-- | C] () -- C:\WINDOWS\ArcPad.INI
[2011/06/21 17:54:58 | 002,185,518 | -H-- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/06/21 16:00:12 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/21 15:55:23 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/04 10:17:36 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2010/10/26 13:51:52 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2010/10/21 17:36:51 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/10/21 17:36:46 | 000,444,966 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/21 17:36:46 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/10/21 17:36:46 | 000,072,676 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/21 17:36:46 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/10/21 17:36:45 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/10/21 17:36:45 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/10/21 17:36:43 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/10/21 17:36:37 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/10/21 17:36:36 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/10/21 17:36:23 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/10/21 17:36:20 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/10/21 14:56:11 | 000,001,617 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/21 14:47:02 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/10/21 14:47:02 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/10/21 14:47:02 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/10/21 14:47:02 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/10/21 14:47:02 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/10/21 14:47:02 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/10/21 14:15:55 | 000,006,964 | RH-- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2010/10/21 13:55:35 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL
[2010/10/21 13:55:35 | 000,000,311 | -H-- | C] () -- C:\WINDOWS\System32\HPB2550V.DAT
[2010/10/21 13:55:34 | 000,094,274 | -H-- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2010/10/21 13:54:17 | 000,002,030 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.ini
[2010/10/21 13:53:45 | 000,002,401 | -H-- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2010/10/21 13:52:08 | 000,002,048 | -H-- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 13:47:17 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/21 09:42:40 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/21 09:42:03 | 002,622,912 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/17 09:08:56 | 000,197,408 | -H-- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/04/17 09:08:44 | 000,193,312 | -H-- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/07/12 22:33:58 | 000,087,552 | -H-- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/09/26 17:49:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/12 18:17:36 | 000,000,258 | -H-- | C] () -- C:\WINDOWS\AWSHKWV.ini
[2001/07/07 03:00:00 | 000,003,399 | -H-- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/06/25 15:24:16 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== LOP Check ==========

[2011/07/27 12:59:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/06/27 16:14:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\A-VITA_SD\Application Data\DataEast
[2011/06/27 14:48:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\A-VITA_SD\Application Data\ESRI
[2011/06/30 18:44:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\DataEast
[2011/08/04 10:53:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\ESRI
[2011/09/07 22:29:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\Ewywe
[2011/09/09 15:20:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\FileZilla
[2011/09/08 06:31:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\Ispase
[2011/07/25 09:52:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\PDF reDirect
[2011/07/27 12:59:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\Softland
[2011/07/27 11:49:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\VITA
[2011/07/27 16:18:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jeh46727\Application Data\webex
[2011/07/01 08:34:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/06/27 14:30:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2011/07/25 09:48:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/10/21 14:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/10/20 12:38:03 | 000,000,484 | -H-- | M] () -- C:\WINDOWS\Tasks\Computer Account Inventory Update.job
[2011/10/21 09:39:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E4FB61D-FD24-4CAA-971B-7D1C6622E1F5}.job
[2011/10/21 09:39:00 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD47D710-2AAD-4188-9F7D-8E132E50A387}.job
[2011/10/20 16:01:56 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D0ECDD89-2BB9-45B6-B552-6ED5D53B024C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/04 16:36:53 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/04 16:36:53 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/04 16:36:53 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/04 16:36:56 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/04 16:36:56 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/04 16:36:56 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 07:56:56 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 07:56:56 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 07:56:56 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/04 16:36:53 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/04 16:36:53 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/04 16:36:53 | 000,713,016 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/04 16:36:56 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/04 16:36:56 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/04 16:36:56 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 07:56:56 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 07:56:56 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 07:56:56 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< CREATERESTOREPOINT >
< End of report >
  • 0

Advertisements

#11
jogibso1
Posted 24 October 2011 - 06:48 AM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
It worked that time, thanks. Posted resultant log above
  • 0

#12
ali.B
Posted 27 October 2011 - 02:14 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Sorry for the delay i did not receive an email notification, i am going through the logs now and will respond shortly.
  • 0

#13
ali.B
Posted 30 October 2011 - 02:36 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
do you have a windows CD?
  • 0

#14
jogibso1
Posted 30 October 2011 - 05:18 AM

jogibso1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Hi....yes....I just had to reload windows for the sake of time. I was able to backup everything thanks to your suggestions though...thank you!!!
  • 0

#15
ali.B
Posted 04 November 2011 - 11:42 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
are you able now to access your windows ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP