Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32/patchload.U problem


  • This topic is locked This topic is locked

#1
cavearch

cavearch

    New Member

  • Member
  • Pip
  • 3 posts
I started noticing some strange things with my computer. I kept getting these svchost.exe errors It stated "The instruction at "0x037c2ee6" referenced memory at "0x074dcd36". The memory could not be "written"." Click on OK to terminate the program Click on Cancel to debug the program.

After doing a Malwarebytes scan, I was informed of 7 infections (trojans and the like - log included below). Spybot Search and Destroy found nothing. Finally, my CA antivirus, detected 12 virus, which were all described as "Win32/Patchload.U". The infections were located within various applications, including two components of CA. I also noticed that some of my files had been changed to read-only, including spybot, thus preventing update. CA only detected the viruses, but did not remove them. A second scan listed the same infections. Also, my CA seems to be running in a crippled mode, and is thus very slow.

The computer itself seems to be responding ok at the moment.

Any help with securing the computer would be appreciated.

Thanks,
Mike


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7987

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/20/2011 12:20:10 PM
mbam-log-2011-10-20 (12-19-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 518744
Time elapsed: 2 hour(s), 38 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\117dff84 (Backdoor.0Access) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent.Gen) -> Value: Shell -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINXP\2231336209:4001497211.exe (Backdoor.0Access) -> No action taken.
c:\SymNoNav\esugdlgcontrol.exe (Malware.Gen) -> No action taken.
c:\SymNoNav\ESUGMSI.exe (Malware.Gen) -> No action taken.
c:\SymNoNav\esugregex.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\mmirro.applied\local settings\application data\117dff84\X (Backdoor.0Access) -> No action taken.
c:\documents and settings\mmirro.applied\local settings\application data\117dff84\U\[email protected] (Spyware.Agent) -> No action taken.
c:\documents and settings\mmirro.applied\local settings\application data\117dff84\U\[email protected] (Backdoor.0Access) -> No action taken.
  • 0

Advertisements


#2
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi cavearch, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

First I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.*
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.

Now I'd like you to run a few scans to give me an idea of what we are dealing with.

Step One: OTL Custom Scan

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Under Extra Registry heading, select Use Safelist.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the logs it produces in your next reply, OTL.txt and Extras.txt.

Step Two: aswMBR Scan

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.

What I need in your next post:
1. The logs produced by OTL - OTL.txt and Extras.txt.
2. The log produced by aswMBR.
  • 0

#3
cavearch

cavearch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for getting back to me. Since I last posted, I have a few updates. In the meantime since the last post, I ran a Kaspersky online virus scan (virus removal tool) in safe mode, which identified a win32.trojan type virus and removed it. Afterwards, out of safe mode, a scan with my native antivirus, CA antivirus, revealed no viruses (it previously detected 12). Nevertheless, I still don't trust that the computer is really virus free or completely cured and I would still like to go through scanning to ensure the machine is clean. I have run the OTL and aswMBR scans you recommended and the logs are posted below.

Another point to note, which I think may be a direct result of the infection, is that I can no longer update,install, or uninstall programs. It appears that their uninstallers have been corrupted or deleted (or are otherwise not accessible). Since I use microsoft word freqently, I have been removing the program with revo uninstaller and will reinstall it soon. (I will use open office until we finish this process, however.)

I appreciate your help.

cavearch



OTL logfile created on: 10/25/2011 8:00:36 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = X:\AE Computer Maintenance\Useful Software\Oldtimerstools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 78.76% Memory free
10.80 Gb Paging File | 10.38 Gb Available in Paging File | 96.17% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 118.66 Gb Free Space | 62.48% Space Free | Partition Type: NTFS
Drive D: | 410.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 305.36 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive K: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive L: | 1857.58 Gb Total Space | 782.33 Gb Free Space | 42.12% Space Free | Partition Type: NTFS
Drive M: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive O: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive P: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive S: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive T: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive X: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive Y: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive Z: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS

Computer Name: APPLIED-MIKEX64 | User Name: mmirro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2011/10/20 15:33:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/10/20 15:33:52 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2011/10/20 15:33:52 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2011/10/20 15:33:51 | 001,672,192 | ---- | M] (ESRI) -- C:\Program Files\ArcGIS\License10.0\bin\ARCGIS.exe
PRC - [2011/10/20 15:33:51 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2011/10/20 15:33:51 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2011/10/20 15:33:51 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2011/10/20 15:33:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe
PRC - [2011/10/20 15:33:50 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2011/10/20 08:44:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- X:\AE Computer Maintenance\Useful Software\Oldtimerstools\OTL.exe
PRC - [2011/10/17 09:03:20 | 000,206,152 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe
PRC - [2011/09/20 17:25:53 | 001,570,128 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2011/08/18 07:24:22 | 000,807,936 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:43 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\logon.scr
PRC - [2008/04/13 17:12:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\rdpclip.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2006/06/19 16:19:26 | 000,304,944 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\WgaTray.exe
PRC - [2005/11/30 14:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [2004/07/21 17:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/17 09:03:20 | 000,222,536 | ---- | M] () -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\Flipster.dll
MOD - [2011/09/20 17:25:53 | 000,589,824 | ---- | M] () -- C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll
MOD - [2011/08/18 07:24:22 | 000,807,936 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
MOD - [2011/08/18 07:24:22 | 000,055,808 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\WyseWebServerLib.dll
MOD - [2011/08/18 07:24:22 | 000,054,272 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
MOD - [2011/08/18 07:24:22 | 000,027,648 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudHelper.dll
MOD - [2011/08/11 03:14:56 | 000,998,400 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011/08/11 03:13:41 | 000,971,264 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/11 03:11:02 | 001,049,600 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
MOD - [2011/08/11 03:11:01 | 000,447,488 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
MOD - [2011/08/11 03:11:00 | 005,450,752 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/11 03:10:54 | 012,430,848 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/11 03:10:40 | 001,587,200 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/11 03:09:22 | 003,325,440 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
MOD - [2011/08/11 03:09:06 | 007,950,848 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/30 03:11:08 | 000,025,600 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/06/30 03:09:49 | 000,187,904 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\3740d6db28af31a6523a79fcdd71fbeb\UIAutomationTypes.ni.dll
MOD - [2011/06/30 03:09:49 | 000,060,928 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
MOD - [2011/06/30 03:07:56 | 011,490,816 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2005/11/30 14:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
MOD - [2003/02/25 12:19:56 | 000,094,274 | ---- | M] () -- C:\WINXP\system32\HPBHEALR.DLL
MOD - [1999/09/22 18:32:20 | 000,025,088 | ---- | M] () -- C:\WINXP\system32\HOTFLDR.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/10/25 12:09:03 | 000,103,424 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2011/10/25 12:08:47 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Trimble\Mapping & GIS License Manager\TrimbleMappingAndGISService.exe -- (Trimble Mapping And GIS License Service)
SRV - [2011/10/20 15:33:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/20 15:33:52 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2011/10/20 15:33:52 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2011/10/20 15:33:51 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2011/10/20 15:33:51 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2011/10/20 15:33:51 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2011/10/20 15:33:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager)
SRV - [2011/10/20 15:33:50 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2011/10/17 09:03:20 | 000,206,152 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2011/04/04 12:42:28 | 000,662,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] () [On_Demand | Stopped] -- C:\WINXP\System32\msiexec.exe -- (MSIServer)
SRV - [2007/01/15 17:11:26 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\WINXP\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe -- (NetFxUpdate_v1.1.4322)


========== Driver Services (SafeList) ==========

DRV - [2011/10/21 19:42:14 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINXP\system32\drivers\1855709drv.sys -- (1855709drv)
DRV - [2011/10/21 19:42:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\81208720.sys -- (81208720)
DRV - [2011/10/21 19:42:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\77038714.sys -- (77038714)
DRV - [2011/10/21 19:42:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\46384050.sys -- (46384050)
DRV - [2011/07/29 10:39:28 | 000,331,344 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2011/07/29 10:39:28 | 000,164,944 | ---- | M] (CA) [File_System | Boot | Running] -- C:\WINXP\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2011/07/29 10:39:28 | 000,123,984 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINXP\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2011/07/29 10:39:28 | 000,083,536 | ---- | M] (CA) [File_System | System | Running] -- C:\WINXP\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2006/12/21 08:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINXP\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/21 08:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINXP\system32\speedfan.sys -- (speedfan)
DRV - [2006/01/04 20:46:40 | 001,420,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/25 16:04:40 | 002,314,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/19 17:45:30 | 000,088,960 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINXP\System32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/01/13 01:45:46 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/01/13 01:45:44 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/03 06:08:36 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2004/08/03 06:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2004/05/02 01:47:08 | 000,023,040 | R--- | M] () [Kernel | Disabled | Stopped] -- C:\WINXP\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2001/08/17 06:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\irsir.sys -- (irsir)
DRV - [2000/09/27 09:46:00 | 000,047,328 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\HP DesignJet 500PS\Program\Par1284.sys -- (Par1284)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINXP\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websoilsurvey...pp/HomePage.htm
IE - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 F2 0A B4 15 59 CC 01 [binary data]
IE - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.8
FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.8


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Fiddler2\FiddlerHook [2011/05/09 15:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 09:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 16:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/09/30 09:14:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/09/30 15:29:39 | 000,000,000 | ---D | M]

[2010/09/14 15:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Mozilla\Extensions
[2010/09/14 15:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/17 16:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Mozilla\Firefox\Profiles\jmpnkon6.default\extensions
[2011/01/27 10:48:32 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Mozilla\Firefox\Profiles\jmpnkon6.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/04/28 06:46:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Mozilla\Firefox\Profiles\jmpnkon6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/12 08:24:58 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Mozilla\Firefox\Profiles\jmpnkon6.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/03/24 12:59:59 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Mozilla\Firefox\Profiles\jmpnkon6.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99}
[2009/10/09 06:17:16 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Mozilla\Firefox\Profiles\jmpnkon6.default\searchplugins\thesaurus---referencecom.xml
[2011/04/22 09:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MMIRRO.APPLIED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMPNKON6.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MMIRRO.APPLIED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMPNKON6.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MMIRRO.APPLIED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMPNKON6.DEFAULT\EXTENSIONS\{C151D79E-E61B-4A90-A887-5A46D38FBA99}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MMIRRO.APPLIED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMPNKON6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MMIRRO.APPLIED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMPNKON6.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MMIRRO.APPLIED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMPNKON6.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MMIRRO.APPLIED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMPNKON6.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MMIRRO.APPLIED\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMPNKON6.DEFAULT\EXTENSIONS\[email protected]
[2009/03/25 07:16:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 09:20:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2005/05/19 16:18:18 | 000,520,192 | ---- | M] (Lizardtech Software) -- C:\Program Files\mozilla firefox\plugins\npexview.dll
[2011/08/19 07:44:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 05:00:00 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (del.icio.us Toolbar Helper) - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\..\Toolbar\WebBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [ClipX] C:\Program Files\ClipX\clipx.exe ()
O4 - HKLM..\Run: [PocketCloud Location] C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe ()
O4 - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator.APPLIED-MIKEX64\Start Menu\Programs\Startup\Iomega Product Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\mmirro.APPLIED\Start Menu\Programs\Startup\AutorunsDisabled [2010/09/16 10:26:56 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\mmirro.APPLIED\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\mmirro.APPLIED\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-3610928051-2832601510-1758602751-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINXP\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINXP\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - mswsock.dll File not found
O16 - DPF: {2513AB48-1AEF-4E55-8329-927FF97C9DCE} http://www.lizardtec...n/MrSID_BPI.cab (ExpressView Class)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} https://sims.is.ch2m...ab/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} https://www.theteaml.../js/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.3.0.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = applied.hemet
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F3B68FF-3BDA-43BD-A0B5-B747A3A96188}: DhcpNameServer = 192.168.0.21
O18 - Protocol\Handler\jpip {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\sidlet {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
O20 - AppInit_DLLs: (acaptuser32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) -C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/22 20:43:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/10/30 13:20:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/27 22:28:35 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{23c1b828-e35a-11dd-8e06-00148512150e}\Shell - "" = AutoRun
O33 - MountPoints2\{23c1b828-e35a-11dd-8e06-00148512150e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{23c1b828-e35a-11dd-8e06-00148512150e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f566e2cf-d105-11dd-8e03-00148512150e}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [2006/10/27 22:28:35 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell\configure\command - "" = D:\setup.exe -- [2006/10/27 22:28:35 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\D\Shell\install\command - "" = D:\setup.exe -- [2006/10/27 22:28:35 | 000,463,152 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

File not found -- C:\WINXP\System32\
[2011/10/25 19:26:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mmirro.APPLIED\Recent
[2011/10/25 14:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmirro.APPLIED\Start Menu\Programs\Revo Uninstaller
[2011/10/25 12:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmirro.APPLIED\My Documents\Remote sensing and Maps
[2011/10/21 13:43:16 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINXP\System32\drivers\77038714.sys
[2011/10/21 10:31:30 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINXP\System32\drivers\81208720.sys
[2011/10/21 10:30:45 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINXP\System32\drivers\1855709drv.sys
[2011/10/21 10:30:45 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINXP\System32\drivers\46384050.sys
[2011/10/12 12:27:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\mmirro.APPLIED\Local Settings\Application Data\117dff84
[2011/10/06 13:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Google Earth
[2011/10/05 09:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Esri Editing Labs
[2011/09/30 15:28:37 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2011/09/30 12:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmirro.APPLIED\Application Data\SystemRequirementsLab
[2011/09/29 10:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmirro.APPLIED\Desktop\Jay Emigdio
[2011/09/28 16:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmirro.APPLIED\Desktop\Clay GIS
[2011/09/09 15:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\Trimble
[2011/09/09 13:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Wyse
[2011/09/09 13:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Wyse
[2011/09/09 13:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmirro.APPLIED\Local Settings\Application Data\Downloaded Installations
[2011/09/08 11:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmirro.APPLIED\My Documents\MtB_ProposedActionElements_8272011a_utm83
[2011/09/08 11:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmirro.APPLIED\My Documents\temp
[2011/09/08 10:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mmirro.APPLIED\My Documents\R082608A
[2011/09/03 03:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\crypt32.dll
[2006/01/12 13:22:48 | 000,018,944 | ---- | C] ( ) -- C:\WINXP\System32\IMPLODE.DLL

========== Files - Modified Within 60 Days ==========

File not found -- C:\WINXP\System32\
[2011/10/25 19:56:00 | 000,000,886 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/25 19:36:44 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2011/10/25 19:36:42 | 000,000,882 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/25 19:36:42 | 000,000,820 | RHS- | M] () -- C:\Documents and Settings\mmirro.APPLIED\ntuser.pol
[2011/10/25 19:29:40 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2011/10/25 19:29:37 | 3220,758,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/25 19:28:00 | 000,052,876 | ---- | M] () -- C:\WINXP\System32\drivers\KmxAgent.asc
[2011/10/25 19:28:00 | 000,048,161 | ---- | M] () -- C:\WINXP\System32\drivers\kmxcfg.u2k0
[2011/10/25 19:28:00 | 000,000,085 | ---- | M] () -- C:\WINXP\System32\drivers\kmxcfg.u2k7
[2011/10/25 19:28:00 | 000,000,085 | ---- | M] () -- C:\WINXP\System32\drivers\kmxcfg.u2k6
[2011/10/25 19:28:00 | 000,000,085 | ---- | M] () -- C:\WINXP\System32\drivers\kmxcfg.u2k5
[2011/10/25 19:28:00 | 000,000,085 | ---- | M] () -- C:\WINXP\System32\drivers\kmxcfg.u2k4
[2011/10/25 19:28:00 | 000,000,085 | ---- | M] () -- C:\WINXP\System32\drivers\kmxcfg.u2k3
[2011/10/25 19:28:00 | 000,000,085 | ---- | M] () -- C:\WINXP\System32\drivers\kmxcfg.u2k2
[2011/10/25 19:28:00 | 000,000,085 | ---- | M] () -- C:\WINXP\System32\drivers\kmxcfg.u2k1
[2011/10/25 19:28:00 | 000,000,049 | ---- | M] () -- C:\WINXP\System32\drivers\kmxzone.u2k7
[2011/10/25 19:28:00 | 000,000,049 | ---- | M] () -- C:\WINXP\System32\drivers\kmxzone.u2k6
[2011/10/25 19:28:00 | 000,000,049 | ---- | M] () -- C:\WINXP\System32\drivers\kmxzone.u2k5
[2011/10/25 19:28:00 | 000,000,049 | ---- | M] () -- C:\WINXP\System32\drivers\kmxzone.u2k4
[2011/10/25 19:28:00 | 000,000,049 | ---- | M] () -- C:\WINXP\System32\drivers\kmxzone.u2k3
[2011/10/25 19:28:00 | 000,000,049 | ---- | M] () -- C:\WINXP\System32\drivers\kmxzone.u2k2
[2011/10/25 19:28:00 | 000,000,049 | ---- | M] () -- C:\WINXP\System32\drivers\kmxzone.u2k1
[2011/10/25 19:28:00 | 000,000,049 | ---- | M] () -- C:\WINXP\System32\drivers\kmxzone.u2k0
[2011/10/25 14:30:30 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\Desktop\Revo Uninstaller.lnk
[2011/10/25 13:57:04 | 000,420,632 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2011/10/25 13:45:06 | 000,064,546 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20111025_134503.reg
[2011/10/25 11:52:46 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\regbackup_2011-10-26.reg
[2011/10/25 09:48:26 | 000,000,414 | -HS- | M] () -- C:\boot.ini
[2011/10/25 08:53:08 | 000,002,048 | -HS- | M] () -- C:\WINXP\System32\c_12385.nl_
[2011/10/24 13:49:35 | 000,000,609 | ---- | M] () -- C:\WINXP\TRIMSURV.INI
[2011/10/21 19:42:14 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINXP\System32\drivers\1855709drv.sys
[2011/10/21 19:42:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINXP\System32\drivers\81208720.sys
[2011/10/21 19:42:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINXP\System32\drivers\77038714.sys
[2011/10/21 19:42:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINXP\System32\drivers\46384050.sys
[2011/10/21 10:33:10 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20111021_103307.reg
[2011/10/20 12:40:49 | 000,004,382 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20111020_124046.reg
[2011/10/20 09:17:38 | 000,116,856 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20111020_091734.reg
[2011/10/14 14:36:39 | 121,360,052 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\Desktop\RIV Concordance.pdf
[2011/10/13 09:02:46 | 000,000,000 | ---- | M] () -- C:\WINXP\2231336209
[2011/10/13 03:03:16 | 048,324,552 | ---- | M] () -- C:\WINXP\System32\MRT.exe
[2011/10/12 12:28:11 | 000,000,000 | -HS- | M] () -- C:\WINXP\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/12 09:20:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl
[2011/10/06 17:00:11 | 000,000,664 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat
[2011/10/06 11:15:44 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\Desktop\Information Centers.URL
[2011/10/03 01:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mshtml.dll
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\oleaccrc.dll
[2011/09/23 09:26:19 | 000,078,132 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20110923_092616.reg
[2011/09/20 17:25:52 | 000,128,336 | ---- | M] (Computer Associates International, Inc.) -- C:\WINXP\System32\isafeif.dll
[2011/09/20 17:25:52 | 000,095,568 | ---- | M] (Computer Associates International, Inc.) -- C:\WINXP\System32\vetredir.dll
[2011/09/09 15:47:12 | 000,000,298 | ---- | M] () -- C:\WINXP\PFO.lic
[2011/09/09 02:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\crypt32.dll
[2011/09/08 11:06:47 | 000,008,081 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\MtB_ProposedActionElements_8272011a_utm83.inf
[2011/09/08 11:00:22 | 000,007,178 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\temp.inf
[2011/09/08 10:53:03 | 000,007,178 | ---- | M] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\R082608A.inf
[2011/09/06 06:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\win32k.sys
[2011/09/06 06:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\win32k.sys
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/10/25 14:30:30 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\Desktop\Revo Uninstaller.lnk
[2011/10/25 13:45:04 | 000,064,546 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20111025_134503.reg
[2011/10/25 12:23:52 | 3220,758,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/25 11:52:46 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\regbackup_2011-10-26.reg
[2011/10/21 10:33:08 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20111021_103307.reg
[2011/10/20 12:40:48 | 000,004,382 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20111020_124046.reg
[2011/10/20 09:17:36 | 000,116,856 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20111020_091734.reg
[2011/10/13 09:02:29 | 000,002,048 | -HS- | C] () -- C:\WINXP\System32\c_12385.nl_
[2011/10/12 12:28:11 | 000,000,000 | -HS- | C] () -- C:\WINXP\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/12 12:27:39 | 000,000,000 | ---- | C] () -- C:\WINXP\2231336209
[2011/10/06 11:15:44 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\Desktop\Information Centers.URL
[2011/10/04 12:20:15 | 121,360,052 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\Desktop\RIV Concordance.pdf
[2011/09/26 10:20:57 | 000,052,876 | ---- | C] () -- C:\WINXP\System32\drivers\KmxAgent.asc
[2011/09/23 09:26:17 | 000,078,132 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\cc_20110923_092616.reg
[2011/09/21 08:55:48 | 000,048,161 | ---- | C] () -- C:\WINXP\System32\drivers\kmxcfg.u2k0
[2011/09/21 08:55:48 | 000,000,085 | ---- | C] () -- C:\WINXP\System32\drivers\kmxcfg.u2k7
[2011/09/21 08:55:48 | 000,000,085 | ---- | C] () -- C:\WINXP\System32\drivers\kmxcfg.u2k6
[2011/09/21 08:55:48 | 000,000,085 | ---- | C] () -- C:\WINXP\System32\drivers\kmxcfg.u2k5
[2011/09/21 08:55:48 | 000,000,085 | ---- | C] () -- C:\WINXP\System32\drivers\kmxcfg.u2k4
[2011/09/21 08:55:48 | 000,000,085 | ---- | C] () -- C:\WINXP\System32\drivers\kmxcfg.u2k3
[2011/09/21 08:55:48 | 000,000,085 | ---- | C] () -- C:\WINXP\System32\drivers\kmxcfg.u2k2
[2011/09/21 08:55:48 | 000,000,085 | ---- | C] () -- C:\WINXP\System32\drivers\kmxcfg.u2k1
[2011/09/21 08:55:48 | 000,000,049 | ---- | C] () -- C:\WINXP\System32\drivers\kmxzone.u2k7
[2011/09/21 08:55:48 | 000,000,049 | ---- | C] () -- C:\WINXP\System32\drivers\kmxzone.u2k6
[2011/09/21 08:55:48 | 000,000,049 | ---- | C] () -- C:\WINXP\System32\drivers\kmxzone.u2k5
[2011/09/21 08:55:48 | 000,000,049 | ---- | C] () -- C:\WINXP\System32\drivers\kmxzone.u2k4
[2011/09/21 08:55:48 | 000,000,049 | ---- | C] () -- C:\WINXP\System32\drivers\kmxzone.u2k3
[2011/09/21 08:55:48 | 000,000,049 | ---- | C] () -- C:\WINXP\System32\drivers\kmxzone.u2k2
[2011/09/21 08:55:48 | 000,000,049 | ---- | C] () -- C:\WINXP\System32\drivers\kmxzone.u2k1
[2011/09/21 08:55:48 | 000,000,049 | ---- | C] () -- C:\WINXP\System32\drivers\kmxzone.u2k0
[2011/09/09 15:47:12 | 000,000,298 | ---- | C] () -- C:\WINXP\PFO.lic
[2011/09/08 11:06:47 | 000,008,081 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\MtB_ProposedActionElements_8272011a_utm83.inf
[2011/09/08 11:00:22 | 000,007,178 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\temp.inf
[2011/09/08 10:53:03 | 000,007,178 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\My Documents\R082608A.inf
[2010/09/14 16:05:30 | 000,038,482 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Comma Separated Values (DOS).ADR
[2010/07/19 15:44:41 | 000,038,481 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\Application Data\Comma Separated Values (Windows).ADR
[2010/05/07 14:37:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\Local Settings\Application Data\PUTTY.RND
[2010/03/18 12:16:26 | 000,000,000 | ---- | C] () -- C:\WINXP\import71.INI
[2010/02/09 15:31:45 | 000,000,000 | ---- | C] () -- C:\WINXP\link32.INI
[2010/02/09 15:30:56 | 000,000,020 | ---- | C] () -- C:\WINXP\lursslg.dat
[2009/06/05 06:37:44 | 000,000,049 | ---- | C] () -- C:\WINXP\CoolRead.ini
[2009/03/24 07:38:52 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/20 07:03:36 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2009/03/19 14:27:00 | 000,000,020 | ---- | C] () -- C:\WINXP\forffsg.dat
[2009/03/16 11:16:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\Application Data\$_hpcst$.hpc
[2009/03/16 08:06:24 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\mmirro.APPLIED\Local Settings\Application Data\fusioncache.dat
[2008/09/16 15:06:52 | 000,872,448 | ---- | C] () -- C:\WINXP\System32\iconv.dll
[2008/09/16 15:06:52 | 000,710,656 | ---- | C] () -- C:\WINXP\System32\libxml2.dll
[2008/06/20 06:39:00 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat
[2007/09/14 15:17:02 | 000,000,000 | ---- | C] () -- C:\WINXP\ssfedit.INI
[2007/06/15 10:59:47 | 000,000,000 | ---- | C] () -- C:\WINXP\check.INI
[2007/05/18 09:08:44 | 000,000,049 | ---- | C] () -- C:\WINXP\NeroDigital.ini
[2007/04/27 13:56:57 | 000,017,555 | ---- | C] () -- C:\WINXP\hpclj5550.ini
[2007/04/27 13:56:47 | 000,003,068 | ---- | C] () -- C:\WINXP\mariner.ini
[2007/01/26 17:15:15 | 000,001,045 | ---- | C] () -- C:\WINXP\ArcPad.INI
[2006/10/30 08:46:26 | 000,000,169 | ---- | C] () -- C:\WINXP\RtlRack.ini
[2006/10/25 15:42:51 | 000,025,088 | ---- | C] () -- C:\WINXP\System32\HOTFLDR.DLL
[2006/05/17 15:05:32 | 000,000,000 | ---- | C] () -- C:\WINXP\VPC32.INI
[2006/05/01 15:04:03 | 000,000,591 | ---- | C] () -- C:\WINXP\1Way.ini
[2006/05/01 15:04:03 | 000,000,026 | ---- | C] () -- C:\WINXP\Progs_.ini
[2006/03/21 14:46:17 | 000,000,164 | ---- | C] () -- C:\WINXP\avrack.ini
[2006/03/21 14:46:15 | 000,156,672 | ---- | C] () -- C:\WINXP\System32\RTLCPAPI.dll
[2006/03/21 14:46:15 | 000,040,960 | ---- | C] () -- C:\WINXP\System32\ChCfg.exe
[2006/03/20 12:06:59 | 000,000,223 | ---- | C] () -- C:\WINXP\hpbafd.ini
[2006/03/01 15:30:27 | 000,000,754 | ---- | C] () -- C:\WINXP\WORDPAD.INI
[2006/03/01 14:55:58 | 000,049,152 | ---- | C] () -- C:\WINXP\System32\OctaneARM.dll
[2006/01/25 15:54:04 | 000,000,020 | ---- | C] () -- C:\WINXP\rorhrpg.dat
[2006/01/16 16:16:52 | 000,043,520 | ---- | C] () -- C:\WINXP\System32\CmdLineExt03.dll
[2006/01/13 12:58:38 | 000,000,037 | ---- | C] () -- C:\WINXP\export.INI
[2006/01/13 12:54:03 | 000,000,000 | ---- | C] () -- C:\WINXP\correct.INI
[2006/01/13 08:08:09 | 000,001,786 | ---- | C] () -- C:\WINXP\wbocx.ini
[2006/01/12 11:43:42 | 000,077,824 | ---- | C] () -- C:\WINXP\System32\adistres.dll
[2006/01/09 16:12:58 | 000,016,384 | ---- | C] () -- C:\WINXP\System32\FileOps.exe
[2006/01/09 10:56:50 | 000,299,073 | ---- | C] () -- C:\WINXP\System32\PythonCOM21.dll
[2006/01/09 10:56:50 | 000,065,536 | ---- | C] () -- C:\WINXP\System32\PyWinTypes21.dll
[2006/01/01 18:09:07 | 000,210,944 | ---- | C] () -- C:\WINXP\System32\MSVCRT10.DLL
[2006/01/01 18:09:07 | 000,049,152 | ---- | C] () -- C:\WINXP\catalogSubInstaller.exe
[2006/01/01 17:52:29 | 000,000,609 | ---- | C] () -- C:\WINXP\TRIMSURV.INI
[2006/01/01 17:52:25 | 000,000,899 | ---- | C] () -- C:\WINXP\timezone.ini
[2006/01/01 17:52:24 | 000,057,344 | ---- | C] () -- C:\WINXP\pfochk.exe
[2006/01/01 17:49:54 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat
[2006/01/01 17:28:20 | 048,324,552 | ---- | C] () -- C:\WINXP\System32\MRT.exe
[2006/01/01 16:24:19 | 000,000,370 | ---- | C] () -- C:\WINXP\ODBC.INI
[2006/01/01 15:34:21 | 000,520,192 | ---- | C] () -- C:\WINXP\System32\ati2sgag.exe
[2006/01/01 15:33:21 | 000,023,040 | R--- | C] () -- C:\WINXP\System32\drivers\GVCplDrv.sys
[2005/12/22 15:44:29 | 000,112,425 | ---- | C] () -- C:\WINXP\System32\atiicdxx.dat
[2005/12/15 23:38:04 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2005/12/15 23:32:58 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
[2005/12/15 15:15:24 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2005/12/15 15:13:57 | 000,420,632 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2003/02/25 12:19:56 | 000,094,274 | ---- | C] () -- C:\WINXP\System32\HPBHEALR.DLL
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat
[2001/08/23 05:00:00 | 000,444,456 | ---- | C] () -- C:\WINXP\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat
[2001/08/23 05:00:00 | 000,095,744 | ---- | C] () -- C:\WINXP\System32\msiexec.exe
[2001/08/23 05:00:00 | 000,072,332 | ---- | C] () -- C:\WINXP\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINXP\System32\oembios.dat
[2001/08/23 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINXP\System32\dcache.bin
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINXP\System32\UNZDLL.DLL
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINXP\System32\UNRAR.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINXP\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINXP\System32\ZIPDLL.DLL
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINXP\System32\UNACE.DLL
[1997/06/25 15:24:16 | 000,040,448 | ---- | C] () -- C:\WINXP\System32\RegObj.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINXP\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/02/08 15:43:16 | 000,528,384 | ---- | M] (TODO: <Company name>) -- C:\topo_dll.exe

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINXP\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINXP\ServicePackFiles\i386\explorer.exe
[2005/03/25 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) MD5=4B93BB34AF478A0FD9765D9B73356DC9 -- C:\WINDOWS\SysWOW64\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINXP\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINXP\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINXP\$NtUninstallKB938828$\explorer.exe
[2005/03/25 05:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=B46A49BD599EBB0A6D97F64E02CF5D51 -- C:\WINDOWS\explorer.exe
[2005/03/25 05:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=B46A49BD599EBB0A6D97F64E02CF5D51 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINXP\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINXP\system32\svchost.exe
[2004/08/04 00:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINXP\$NtServicePackUninstall$\svchost.exe
[2005/03/25 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BDDFEB952617080316692951215793E9 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2005/03/25 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=BDDFEB952617080316692951215793E9 -- C:\WINDOWS\system32\svchost.exe
[2005/03/25 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=CA8E6441930B54A8B8210061CE5FCCE7 -- C:\WINDOWS\SysWOW64\svchost.exe

< MD5 for: USERINIT.EXE >
[2005/03/25 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\SysWOW64\userinit.exe
[2004/08/04 00:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINXP\$NtServicePackUninstall$\userinit.exe
[2005/03/25 05:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=5EF907A339CAF229F3CE38909C93F53B -- C:\WINDOWS\system32\dllcache\userinit.exe
[2005/03/25 05:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=5EF907A339CAF229F3CE38909C93F53B -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINXP\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINXP\system32\userinit.exe

< MD5 for: VOLSNAP.INF >
[2005/03/25 05:00:00 | 000,001,143 | ---- | M] () MD5=1A0C5B4B2D808FDE795DD3995E42FA97 -- C:\WINDOWS\inf\volsnap.inf
[2001/08/23 05:00:00 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINXP\inf\volsnap.inf

< MD5 for: VOLSNAP.PNF >
[2005/10/30 05:07:29 | 000,005,136 | ---- | M] () MD5=1C7A7BF4D7F550F1FDA8DF3C88F6BEA9 -- C:\WINDOWS\inf\volsnap.PNF
[2005/12/15 15:15:06 | 000,004,964 | ---- | M] () MD5=ED799F4B3808A25CE71FED0C3DDAF4B4 -- C:\WINXP\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINXP\ServicePackFiles\i386\volsnap.sys
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINXP\system32\drivers\volsnap.sys
[2005/03/25 05:00:00 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=507B666F8E5749DB59BD581B207C1F44 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/03 23:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINXP\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINXP\$NtServicePackUninstall$\winlogon.exe
[2005/03/25 05:00:00 | 000,922,624 | ---- | M] (Microsoft Corporation) MD5=2412D710F07F527E99D5FCBD8D6E5B89 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2005/03/25 05:00:00 | 000,922,624 | ---- | M] (Microsoft Corporation) MD5=2412D710F07F527E99D5FCBD8D6E5B89 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINXP\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINXP\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 09:20:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 09:20:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 09:20:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 09:20:19 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 09:20:19 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 09:20:19 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINXP\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINXP\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINXP\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 09:20:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 09:20:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 09:20:08 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/03 09:20:19 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 09:20:19 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 09:20:19 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINXP\system32\ie4uinit.exe" -reinstall [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINXP\system32\ie4uinit.exe" -hide [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINXP\system32\ie4uinit.exe" -show [2011/08/22 04:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINXP\$NtUninstallKB4358$] -> Error: Cannot create file handle -> Unknown point type

< End of report >








OTL Extras logfile created on: 10/25/2011 8:00:37 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = X:\AE Computer Maintenance\Useful Software\Oldtimerstools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 78.76% Memory free
10.80 Gb Paging File | 10.38 Gb Available in Paging File | 96.17% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 118.66 Gb Free Space | 62.48% Space Free | Partition Type: NTFS
Drive D: | 410.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 305.36 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
Drive K: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive L: | 1857.58 Gb Total Space | 782.33 Gb Free Space | 42.12% Space Free | Partition Type: NTFS
Drive M: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive O: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive P: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive S: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive T: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive X: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive Y: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
Drive Z: | 5297.78 Gb Total Space | 4178.07 Gb Free Space | 78.86% Space Free | Partition Type: NTFS

Computer Name: APPLIED-MIKEX64 | User Name: mmirro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3610928051-2832601510-1758602751-1108\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"44335:UDP" = 44335:UDP:*:Enabled:Push Technology

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINXP\system32\mmc.exe" = C:\WINXP\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\WINXP\system32\usmt\migwiz.exe" = C:\WINXP\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\cwRsync\bin\rsync.exe" = C:\Program Files\cwRsync\bin\rsync.exe:*:Enabled:rsync -- ()
"C:\Program Files\ArcGIS\Desktop10.0\Bin\ArcMap.exe" = C:\Program Files\ArcGIS\Desktop10.0\Bin\ArcMap.exe:*:Enabled:ArcMap -- (ESRI )
"C:\Documents and Settings\mmirro.APPLIED\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\mmirro.APPLIED\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\ArcGIS\Desktop10.0\Bin\ArcCatalog.exe" = C:\Program Files\ArcGIS\Desktop10.0\Bin\ArcCatalog.exe:*:Enabled:ArcCatalog Application -- (ESRI )
"C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe" = C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe:*:Enabled:PocketCloudInstallWizard -- ()
"C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" = C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe:*:Enabled:WyseBrowser -- ()
"C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe" = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe:*:Enabled:Google Calendar Sync -- (Google)
"C:\WINXP\explorer.exe" = C:\WINXP\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\CA\CA Internet Security Suite\casc.exe" = C:\Program Files\CA\CA Internet Security Suite\casc.exe:*:Enabled:CA Security Center -- (CA, Inc.)
"C:\Program Files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe" = C:\Program Files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe:*:Enabled:CCUpdate -- (CA, Inc.)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Thunderbird -- (Mozilla Messaging)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082FA29F-143B-47ED-B66A-A11F0E6EA4A9}" = DNRGarmin
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0EB21F41-2647-4FED-B05B-FC4C02A5EFD8}" = ForeSight DXM
"{181E3E88-4589-482D-8AA8-E845892C0948}" = GPScorrect
"{181EAEE6-AAE5-485B-8BAC-0FB564626781}" = Brava! Reader 7.0
"{1968465A-D76E-4B88-8401-DAF9E5C82A87}" = Document Express DjVu Plug-in
"{1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67}" = ArcGIS License Manager 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24290100-F740-4389-AABF-B5485247DB29}" = PocketCloud Windows Companion
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{2F314F78-689D-4380-A969-594C40988DCD}" = ET GeoWizards 10.0 for ArcGIS 10
"{31E930DF-B986-43D5-AF4E-61E2B9D94A98}" = ET GeoTools 10.0 for ArcGIS 10
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10.0.3
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4834C9F4-97B4-4CA1-99D7-EE7B67945F7F}" = Curved Construction Tool
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{506957A6-6D28-4CDD-9951-9FB9F78CF17D}" = TerraSync
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{5239C7CC-2FB7-4994-B81D-853E8421B6FA}" = Mapping & GIS License Manager
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}" = ATI Catalyst Control Center
"{63CD54F0-AC47-4AC9-987C-2DE632AF6588}" = TerraSync
"{641FEB7A-27D7-4786-AE35-9F6E377F4AAD}" = TerraSync 4.00 for Windows Mobile
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{6832CA38-64C6-4166-A214-3FAABB239D6C}_is1" = XTools Pro 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81EBF3DA-65FD-4862-AE33-964CAF246BBD}" = TerraSync 5.10 for Windows Mobile
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
"{8DE65D02-48F3-4833-8D5B-D5FC8F4F6DE4}" = ArcMap TerraServer Download
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95C06C1D-D7C5-4B49-9995-F75C341F6F4C}" = TrimPix
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD8FC8E-A1CA-4634-96BC-CD6B2D4797CC}" = Lizardtech Express View Browser Plug-in
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AFD1BE8A-E2E6-4B1B-9BDC-C439BD1CED80}" = Microsoft Pocket Streets for Pocket PC
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2D40BAE-7B66-11D3-882B-00105A64914B}" = Trimble Data Transfer
"{DF51BF3F-A323-4BD2-ABBA-37A530D16F05}" = Auto Complete Freehand Construction Tool
"{E6992682-EE20-4B51-90DE-99641F6DDB6C}" = CAD2POLY
"{E74666C1-EAE4-4D59-B9CB-9E63255CD312}" = ForeSight
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EDB0794A-1BE2-4373-B6C5-1CA909DCBF32}" = TerraSync 2.41
"{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F71A7621-3BC2-42F0-AF99-234F546BA023}" = Survey Link
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FA757C52-4369-48AB-9E3A-F98E3A1444E4}" = GPS Pathfinder Office
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"7-Zip" = 7-Zip 4.58 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"All ATI Software" = ATI - Software Uninstall Utility
"Any DWF to DWG Converter_is1" = Any DWF to DWG Converter 2010
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"ArcGIS Desktop 10 SP1" = ArcGIS Desktop 10 Service Pack 1
"ArcGIS Desktop 10 SP2" = ArcGIS Desktop 10 Service Pack 2
"ArcGIS License Manager 10" = ArcGIS License Manager 10
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"ClipX" = ClipX
"cwRsync" = cwRsync (remove only)
"DWG TrueView 2011" = DWG TrueView 2011
"eDATA Unerase" = eDATA Unerase
"ESRI ArcPad 7.0.1" = ESRI ArcPad 7.0.1
"eTrust Suite Personal" = CA Internet Security Suite
"Fiddler2" = Fiddler2
"FWTools247" = FWTools 2.4.7
"Google Calendar Sync" = Google Calendar Sync
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{5239C7CC-2FB7-4994-B81D-853E8421B6FA}" = Mapping & GIS License Manager
"InstallShield_{641FEB7A-27D7-4786-AE35-9F6E377F4AAD}" = TerraSync 4.00 for Windows Mobile
"InstallShield_{81EBF3DA-65FD-4862-AE33-964CAF246BBD}" = TerraSync 5.10 for Windows Mobile
"InstallShield_{95C06C1D-D7C5-4B49-9995-F75C341F6F4C}" = TrimPix
"InstallShield_{FA757C52-4369-48AB-9E3A-F98E3A1444E4}" = GPS Pathfinder Office
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MapLogic Layout Manager for ArcGIS 10.0_is1" = MapLogic Layout Manager 4.1 for ArcGIS 10.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.15)" = Mozilla Thunderbird (3.1.15)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"NVIDIA Drivers" = NVIDIA Drivers
"Python 2.1" = Python 2.1
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"Python 2.4.1" = Python 2.4.1
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"ReNamer_is1" = ReNamer
"Revo Uninstaller" = Revo Uninstaller 1.93
"SpeedFan" = SpeedFan (remove only)
"TeraCopy_is1" = TeraCopy 1.22
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3610928051-2832601510-1758602751-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2011 4:34:55 PM | Computer Name = APPLIED-MIKEX64 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


Error - 10/24/2011 6:29:55 PM | Computer Name = APPLIED-MIKEX64 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


Error - 10/24/2011 7:45:54 PM | Computer Name = APPLIED-MIKEX64 | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\EM_BU.bat. The system cannot
find the file specified. .

Error - 10/25/2011 6:00:25 AM | Computer Name = APPLIED-MIKEX64 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2572073,
P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 10/25/2011 2:42:51 PM | Computer Name = APPLIED-MIKEX64 | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\EM_BU.bat. The system cannot
find the file specified. .

Error - 10/25/2011 2:43:08 PM | Computer Name = APPLIED-MIKEX64 | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\EM_BU.bat. The system cannot
find the file specified. .

Error - 10/25/2011 3:10:40 PM | Computer Name = APPLIED-MIKEX64 | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\EM_BU.bat. The system cannot
find the file specified. .

Error - 10/25/2011 3:10:41 PM | Computer Name = APPLIED-MIKEX64 | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\EM_BU.bat. The system cannot
find the file specified. .

Error - 10/25/2011 3:22:52 PM | Computer Name = APPLIED-MIKEX64 | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\EM_BU.bat. The system cannot
find the file specified. .

Error - 10/25/2011 3:22:53 PM | Computer Name = APPLIED-MIKEX64 | Source = UserInit | ID = 1000
Description = Could not execute the following script C:\EM_BU.bat. The system cannot
find the file specified. .

[ OSession Events ]
Error - 5/5/2008 4:50:23 PM | Computer Name = APPLIED-MIKEX64 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 416
seconds with 180 seconds of active time. This session ended with a crash.

Error - 9/11/2008 6:40:37 PM | Computer Name = APPLIED-MIKEX64 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9760
seconds with 180 seconds of active time. This session ended with a crash.

Error - 9/24/2008 5:32:25 PM | Computer Name = APPLIED-MIKEX64 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13528
seconds with 960 seconds of active time. This session ended with a crash.

Error - 3/18/2009 4:33:17 PM | Computer Name = APPLIED-MIKEX64 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24765
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 7/7/2009 7:17:50 PM | Computer Name = APPLIED-MIKEX64 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/25/2010 1:35:49 PM | Computer Name = APPLIED-MIKEX64 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 91144
seconds with 4140 seconds of active time. This session ended with a crash.

Error - 10/12/2010 4:48:31 PM | Computer Name = APPLIED-MIKEX64 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 133
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/25/2011 10:36:57 PM | Computer Name = APPLIED-MIKEX64 | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%5

Error - 10/25/2011 10:36:57 PM | Computer Name = APPLIED-MIKEX64 | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%5

Error - 10/25/2011 10:36:57 PM | Computer Name = APPLIED-MIKEX64 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 10/25/2011 10:36:57 PM | Computer Name = APPLIED-MIKEX64 | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%5

Error - 10/25/2011 10:45:26 PM | Computer Name = APPLIED-MIKEX64 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 10/25/2011 10:45:26 PM | Computer Name = APPLIED-MIKEX64 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 10/25/2011 10:45:26 PM | Computer Name = APPLIED-MIKEX64 | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%5

Error - 10/25/2011 10:45:26 PM | Computer Name = APPLIED-MIKEX64 | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%5

Error - 10/25/2011 10:45:39 PM | Computer Name = APPLIED-MIKEX64 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 10/25/2011 10:45:39 PM | Computer Name = APPLIED-MIKEX64 | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%5


< End of report >







aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-25 20:29:34
-----------------------------
20:29:34.381 OS Version: Windows 5.1.2600 Service Pack 3
20:29:34.381 Number of processors: 2 586 0x2B01
20:29:34.381 ComputerName: APPLIED-MIKEX64 UserName: mmirro
20:29:35.787 Initialize success
20:29:39.537 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006c
20:29:39.537 Disk 0 Vendor: WDC_WD5000AAKS-00A7B2 01.03B01 Size: 476940MB BusType: 3
20:29:39.537 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006d
20:29:39.537 Disk 1 Vendor: Maxtor_6B200S0 BANC1E00 Size: 194481MB BusType: 3
20:29:39.552 Disk 1 MBR read successfully
20:29:39.552 Disk 1 MBR scan
20:29:39.568 Disk 1 Windows XP default MBR code
20:29:39.568 Disk 1 scanning sectors +398267415
20:29:39.646 Disk 1 scanning C:\WINXP\system32\drivers
20:29:46.349 Service scanning
20:29:47.396 Modules scanning
20:29:51.365 Disk 1 trace - called modules:
20:29:51.381 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
20:29:51.896 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8bd29ab8]
20:29:51.896 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8bd2aad8]
20:29:51.896 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\0000006d[0x8bd36030]
20:29:51.896 Scan finished successfully
20:30:28.756 Disk 1 MBR has been saved successfully to "X:\AE Computer Maintenance\Useful Software\Oldtimerstools\MBR.dat"
20:30:28.771 The log file has been saved successfully to "X:\AE Computer Maintenance\Useful Software\Oldtimerstools\aswMBR.txt"
  • 0

#4
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi cavearch, you are infected with ZeroAccess rootkit.

One or more of the identified infections is a backdoor Trojan or a key logger. These programs can steal passwords and other sensitive information from your computer.

If you use this computer for internet banking or bill paying I recommend that you immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From an uninfected computer, change ALL your online passwords for email, banks, financial accounts, PayPal, eBay, online companies, and any online forum or group that you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.



It will not be possible to be 100% certain that this machine will be clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only sure answer.

Please read the following articles for more information:
If you wish to reformat, please let me know in your next response. I'll continue with instructions for cleaning if that's the route you wish to take.



Step One: Download and run ComboFix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions



Step Two: Download and run TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


What I need in your next post:
1. The ComboFix log, C:\ComboFix.txt.
2. The TDSSKiller log, C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.
  • 0

#5
cavearch

cavearch

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Based on the potential that the computer may never truly be free of malicious software, I think that the safest course of action would be to do a format - re-install. Considering the nature of the ZeroAccess rootkit; what is the potential for other drives on the computer to be infected. I have a data drive and operating system/software drive. Will both drives be infected, or does this rootkit only infect the operating system drive? I would appreciate your thoughts on the next course of action.

Thanks
  • 0

#6
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi cavearch, reformatting is a wise choice in this instance. The rootkit will only infect the operating system drive, but to be safe it would be wise to scan both drives with a good virus scanner to be sure that they are clean. Do you need instructions about reformatting and reinstalling Windows?
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP