OTL logfile created on: 12/22/2011 9:30:17 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\c1151872\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
894.26 Mb Total Physical Memory | 118.58 Mb Available Physical Memory | 13.26% Memory free
2.12 Gb Paging File | 1.48 Gb Available in Paging File | 69.90% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.36 Gb Free Space | 71.61% Space Free | Partition Type: NTFS
Drive L: | 499.99 Gb Total Space | 342.75 Gb Free Space | 68.55% Space Free | Partition Type: NTFS
Computer Name: D2UA83312B0 | User Name: c1151872 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/22 09:18:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\c1151872\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/17 13:04:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/17 13:04:49 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/17 13:04:37 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/03/17 13:04:35 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/03/17 13:04:27 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/03/09 20:39:02 | 001,734,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe
PRC - [2008/12/16 21:05:00 | 005,160,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2008/08/29 05:29:40 | 000,331,776 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2008/08/26 15:38:26 | 000,087,416 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2008/08/21 05:15:50 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2008/08/13 07:27:30 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2008/08/13 07:24:34 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2008/08/12 09:25:42 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2008/06/02 08:42:32 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 03:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2007/11/30 03:09:10 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2007/08/31 05:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ==========
MOD - [2011/01/26 13:07:44 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll
MOD - [2011/01/26 13:07:05 | 014,320,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll
MOD - [2011/01/26 13:04:02 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2011/01/26 13:03:52 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2011/01/26 13:03:48 | 012,213,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll
MOD - [2011/01/26 13:03:32 | 003,311,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll
MOD - [2011/01/26 13:03:24 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2011/01/26 13:03:19 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2011/01/26 13:03:17 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2011/01/26 13:03:09 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2010/03/24 19:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/30 00:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/11/21 08:11:12 | 000,033,280 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\database.dll
MOD - [2008/08/29 05:29:30 | 000,806,912 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\vulscan.dll
MOD - [2008/08/26 05:15:42 | 000,102,400 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\policy.client.business.dll
MOD - [2008/05/01 07:04:44 | 000,163,840 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\ldredirect.dll
MOD - [2008/04/14 03:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 03:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/14 05:28:10 | 000,018,432 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\processrunner.dll
MOD - [2007/11/30 03:18:00 | 000,126,976 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\uncauthentication.dll
MOD - [2007/11/30 03:14:52 | 000,344,064 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\sqlite3.dll
MOD - [2007/04/20 04:28:38 | 000,106,567 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\ThinstallManageApi.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/17 13:04:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/17 13:04:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/17 13:04:37 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/03/17 13:04:35 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/17 13:04:27 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/09/07 14:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/03/25 08:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/08/29 05:29:40 | 000,331,776 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2008/08/26 15:38:26 | 000,087,416 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2008/08/21 05:15:50 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2008/08/13 07:24:34 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2008/08/12 09:25:42 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2008/06/02 08:42:32 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2007/11/30 03:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/08/31 05:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - [2011/11/28 07:23:56 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/11/28 07:19:18 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111221.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/28 07:19:18 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111221.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/28 07:19:17 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/28 07:19:17 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/28 06:57:27 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/17 13:05:17 | 000,043,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2011/03/17 13:04:58 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/17 13:04:58 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/17 13:04:57 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/03/17 13:04:44 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/03/17 13:04:44 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2011/03/17 13:03:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/17 13:03:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2011/03/17 13:03:53 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/03/17 13:03:45 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/21 15:40:22 | 000,064,480 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_620_13649.sys -- (NEOFLTR_620_13649) Juniper Networks TDI Filter Driver (NEOFLTR_620_13649)
DRV - [2007/07/16 08:29:33 | 000,017,432 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/05/30 14:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/30 14:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/30 14:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2007/02/16 13:46:42 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/10/12 07:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/09/13 13:06:30 | 000,003,840 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/07/22 17:13:48 | 001,579,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/01 19:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.cintas.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.cintas.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.cintas.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.hewitt.com;*.uty.com;*.uty.ca;*.cintasuniforms.com;*.cintasuniforms.ca;*.wendysuniforms.com;*.sallyfourmy.com;*.cintas.com;*.cintasvip.com;*.cintasmats.com;*.mycintas.com;*.spiritmats.com;*.xpectdirect.com;10.*;172.*;192.168.*;12.2.179.*;198.177.158.*;206.112.82.174;206.112.82.172;206.112.70.79;206.112.70.81;*.65.221.0.132;*.cintascomfortflex.com;*.flexmoore.com';*.cintasdesignit.com;*.adphc.com;*.na.cintas.com;*.bargainshopperoutlet.com;*.microsoftonline.com;*.webexconnect.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = c092isa0:8080
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKLM\..Trusted Domains: cintas.com ([home] http in Trusted sites)
O15 - HKLM\..Trusted Domains: cintas.com ([na] http in Trusted sites)
O15 - HKLM\..Trusted Domains: hewitt.com ([meplb01.reporting] https in Trusted sites)
O15 - HKLM\..Trusted Domains: outtask.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: outtask.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: previsor.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: previsor.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: select2perform.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: select2perform.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([*.na] * in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([evexplorer] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([home] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([na] * in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([na] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hewitt.com ([meplb01.reporting] https in Trusted sites)
O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: outtask.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: outtask.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: previsor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: previsor.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: select2perform.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: select2perform.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.4.75 10.20.10.107
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.cintas.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00579B2-B313-4786-B582-7539C9C3D816}: DhcpNameServer = 10.1.4.75 10.20.10.107
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\c1151872\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\c1151872\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/25 06:51:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/22 09:18:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\c1151872\Desktop\OTL.exe
[2011/12/21 17:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Desktop\tdsskiller
[2011/12/21 17:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/21 17:00:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/21 17:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/21 09:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
[2011/12/21 09:29:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/12/21 09:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/12/07 14:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Malwarebytes
[2011/12/07 14:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/07 13:59:57 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\c1151872\My Documents\mbam-setup-1.51.2.1300.exe
[2011/12/07 13:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
[2011/12/07 13:59:29 | 000,000,000 | ---D | C] -- C:\rei
[2011/12/07 13:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/12/07 13:57:39 | 000,267,576 | ---- | C] (Reimage®) -- C:\Documents and Settings\c1151872\My Documents\ReimageRepair.exe
[2011/12/07 13:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Local Settings\Application Data\Adobe
[2011/12/07 13:35:05 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\c1151872\My Documents\HousecallLauncher.exe
[2011/12/07 13:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/07 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\HiJackThis
[2011/12/07 13:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Macromedia
[2011/12/07 13:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Adobe
[2011/12/07 13:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Tracing
[2011/12/07 13:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Local Settings\Application Data\Symantec
[2011/12/07 13:24:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\c1151872\Application Data\Microsoft
[2011/12/07 13:24:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\c1151872\Application Data
[2011/12/07 13:24:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Favorites
[2011/12/07 13:24:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\c1151872\Cookies
[2011/12/07 13:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Juniper Networks
[2011/12/07 13:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Identities
[2011/12/07 13:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Desktop
[2011/12/07 13:24:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\c1151872\SendTo
[2011/12/07 13:24:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\c1151872\Recent
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\Startup
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Start Menu
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\My Documents\My Videos
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\My Documents\My Pictures
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\My Documents\My Music
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\My Documents
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\Administrative Tools
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\Accessories
[2011/12/07 13:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\c1151872\Templates
[2011/12/07 13:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\c1151872\PrintHood
[2011/12/07 13:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\c1151872\NetHood
[2011/12/07 13:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\c1151872\Local Settings
[2011/12/07 13:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Local Settings\Application Data\Microsoft
[2011/12/07 13:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\Juniper Networks
[2011/11/30 15:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft MapPoint 2010
[2011/11/30 10:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/11/29 13:59:41 | 000,000,000 | ---D | C] -- C:\Scans
[2011/11/29 08:28:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2011/11/29 08:22:21 | 000,188,416 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppcew09.dll
[2011/11/29 08:22:21 | 000,026,136 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\drivers\hpfxgen.sys
[2011/11/29 08:22:21 | 000,017,432 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\drivers\hpfxbulk.sys
[2011/11/29 08:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2011/11/29 08:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/11/29 08:16:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/11/28 07:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD
[2011/11/28 07:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2011/11/28 07:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2011/11/28 07:45:45 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/11/28 07:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/11/28 07:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Communicator
[2011/11/28 07:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Online Services
[2011/11/28 07:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Online Services
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\Unicode
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Setup
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SEM
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\sapphone
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\sapgui
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\SAP
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\paw
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\patch
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\old
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\new
[2011/11/28 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\iwb
[2011/11/28 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\BW
[2011/11/28 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\BPC
[2011/11/28 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Bi
[2011/11/28 07:31:23 | 000,056,832 | ---- | C] (Graphitti) -- C:\WINDOWS\System32\grfcxl32.dll
[2011/11/28 07:31:23 | 000,034,816 | ---- | C] (Graphitti) -- C:\WINDOWS\System32\grsapx32.dll
[2011/11/28 07:31:20 | 003,149,824 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2011/11/28 07:31:20 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2011/11/28 07:31:19 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2011/11/28 07:31:19 | 000,253,952 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\vrfc32.dll
[2011/11/28 07:31:19 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[2011/11/28 07:30:56 | 000,068,640 | ---- | C] (MicroHelp, Inc.) -- C:\WINDOWS\System32\Gauge32.OCX
[2011/11/28 07:30:51 | 004,542,464 | ---- | C] (SAP AG) -- C:\WINDOWS\System32\librfc32u.dll
[2011/11/28 07:30:51 | 000,106,496 | ---- | C] (SAP AG) -- C:\WINDOWS\System32\libsapu16vc80.dll
[2011/11/28 07:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ESRI
[2011/11/28 07:28:52 | 001,146,880 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\wdba.dll
[2011/11/28 07:28:18 | 000,483,328 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\sapfcpl.cpl
[2011/11/28 07:27:43 | 000,114,688 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System32\h5dlg32.dll
[2011/11/28 07:27:40 | 001,683,456 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\SAPbtmp.dll
[2011/11/28 07:27:39 | 000,533,504 | ---- | C] (VisualTools Inc.) -- C:\WINDOWS\System32\vtssdl32.dll
[2011/11/28 07:27:37 | 003,944,448 | ---- | C] (SAP AG) -- C:\WINDOWS\System32\librfc32.dll
[2011/11/28 07:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SAP Shared
[2011/11/28 07:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\SAP
[2011/11/28 07:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ericom Software
[2011/11/28 07:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ericom Software
[2011/11/28 07:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/11/28 07:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/28 07:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/11/28 07:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/11/28 07:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/28 07:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/11/28 07:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2011/11/28 07:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/11/28 07:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/11/28 07:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/11/28 07:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/11/28 07:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/28 07:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/11/28 07:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/11/28 07:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/11/28 07:03:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/11/28 07:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/11/28 07:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/11/28 07:01:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/11/28 06:59:26 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/11/28 06:57:38 | 000,357,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\Sysfer.dll
[2011/11/28 06:57:38 | 000,099,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/11/28 06:57:19 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/11/28 06:57:19 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/11/28 06:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/11/28 06:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2011/11/28 06:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/11/28 06:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/11/28 06:40:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2008/08/26 15:35:24 | 000,069,632 | ---- | C] (Juniper Networks) -- C:\Documents and Settings\All Users\Application Data\NeoterisSetup.ocx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/22 09:35:02 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1163DD7F-8789-46ED-B82F-D726F3740735}.job
[2011/12/22 09:18:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\c1151872\Desktop\OTL.exe
[2011/12/22 09:09:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/22 09:04:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/22 08:50:46 | 000,010,436 | ---- | M] () -- C:\WINDOWS\PTW_PRT1.CFG
[2011/12/22 08:50:46 | 000,000,081 | ---- | M] () -- C:\WINDOWS\PTW_PRT2.CFG
[2011/12/21 18:12:54 | 108,104,448 | ---- | M] () -- C:\Documents and Settings\c1151872\My Documents\setup_11.0.0.1245.x01_2011_12_22_02_26.exe
[2011/12/21 17:23:01 | 001,557,791 | ---- | M] () -- C:\Documents and Settings\c1151872\Desktop\tdsskiller.zip
[2011/12/21 17:02:16 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\c1151872\Desktop\HiJackThis.lnk
[2011/12/21 17:00:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/21 16:51:06 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2011/12/21 16:50:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 16:50:29 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/21 11:12:27 | 000,002,439 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2011/12/07 13:59:58 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\c1151872\My Documents\mbam-setup-1.51.2.1300.exe
[2011/12/07 13:59:30 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/12/07 13:57:45 | 000,267,576 | ---- | M] (Reimage®) -- C:\Documents and Settings\c1151872\My Documents\ReimageRepair.exe
[2011/12/07 13:50:51 | 000,217,256 | ---- | M] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\census.cache
[2011/12/07 13:50:35 | 000,168,160 | ---- | M] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\ars.cache
[2011/12/07 13:35:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\housecall.guid.cache
[2011/12/07 13:35:23 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\c1151872\My Documents\HousecallLauncher.exe
[2011/12/07 13:28:45 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\c1151872\My Documents\HijackThis.msi
[2011/12/07 13:26:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\c1151872\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/07 13:26:05 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\c1151872\Desktop\Windows Media Player.lnk
[2011/12/07 13:25:28 | 000,006,596 | RHS- | M] () -- C:\Documents and Settings\c1151872\ntuser.pol
[2011/12/05 06:51:33 | 000,507,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/05 06:51:33 | 000,089,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/30 10:19:53 | 000,008,306 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/11/29 14:01:20 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Krystal Scans.lnk
[2011/11/28 07:27:39 | 000,010,914 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SERVICES_OLD
[2011/11/28 07:23:56 | 000,167,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/11/28 06:57:27 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/11/28 06:57:27 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/11/28 06:57:27 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/11/28 06:57:27 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/11/28 06:42:57 | 000,000,935 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/11/28 06:42:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/11/28 06:42:23 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/21 17:34:37 | 108,104,448 | ---- | C] () -- C:\Documents and Settings\c1151872\My Documents\setup_11.0.0.1245.x01_2011_12_22_02_26.exe
[2011/12/21 17:22:46 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\c1151872\Desktop\tdsskiller.zip
[2011/12/21 17:00:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/21 09:30:37 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2011/12/21 09:30:25 | 000,002,439 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2011/12/07 13:59:30 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/12/07 13:50:51 | 000,217,256 | ---- | C] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\census.cache
[2011/12/07 13:50:35 | 000,168,160 | ---- | C] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\ars.cache
[2011/12/07 13:35:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\housecall.guid.cache
[2011/12/07 13:29:05 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\c1151872\Desktop\HiJackThis.lnk
[2011/12/07 13:28:25 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\c1151872\My Documents\HijackThis.msi
[2011/12/07 13:26:05 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\c1151872\Start Menu\Programs\Windows Media Player.lnk
[2011/12/07 13:26:05 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\c1151872\Desktop\Windows Media Player.lnk
[2011/12/07 13:25:06 | 000,006,596 | RHS- | C] () -- C:\Documents and Settings\c1151872\ntuser.pol
[2011/12/07 13:24:45 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\c1151872\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/07 13:24:45 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\c1151872\Desktop\Archived_Email.url
[2011/12/07 13:24:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\c1151872\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/07 13:24:44 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\c1151872\Start Menu\Programs\Internet Explorer.lnk
[2011/11/30 07:07:05 | 000,010,436 | ---- | C] () -- C:\WINDOWS\PTW_PRT1.CFG
[2011/11/30 07:07:05 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PTW_PRT2.CFG
[2011/11/29 14:01:20 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Krystal Scans.lnk
[2011/11/29 08:21:32 | 000,000,621 | R--- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2011/11/29 08:13:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/28 07:46:42 | 001,114,674 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2011/11/28 07:46:42 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/11/28 07:46:42 | 000,058,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2011/11/28 07:46:42 | 000,029,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2011/11/28 07:46:42 | 000,006,005 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2011/11/28 07:46:42 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2011/11/28 07:46:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/11/28 07:46:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/11/28 07:46:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/11/28 07:46:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/11/28 07:46:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/11/28 07:46:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/11/28 07:45:29 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Communicator 2007 R2.lnk
[2011/11/28 07:44:54 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Archived_Email.url
[2011/11/28 07:32:32 | 000,002,240 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2011/11/28 07:31:19 | 001,167,872 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2011/11/28 07:31:19 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2011/11/28 07:27:43 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011/11/28 07:27:43 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011/11/28 07:27:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011/11/28 07:27:43 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011/11/28 07:27:43 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011/11/28 07:27:39 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2011/11/28 07:25:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/28 06:57:19 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/11/28 06:57:19 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/11/28 06:42:23 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/03/07 08:46:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/01/26 12:55:26 | 000,779,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/25 06:52:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/25 06:49:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/25 01:42:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/25 01:41:54 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,507,320 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,089,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2011/03/07 08:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/01/28 06:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2011/12/22 09:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/03/07 08:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\c1151872\Application Data\Juniper Networks
[2011/12/22 09:35:02 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1163DD7F-8789-46ED-B82F-D726F3740735}.job
========== Purity Check ==========
< End of report >