Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer slow, won't restart, pum.hijack problem

Started by Dan Nguyen , Dec 22 2011 10:42 AM

  • Please log in to reply

#1
Dan Nguyen
Posted 22 December 2011 - 10:42 AM

Dan Nguyen

    Member

  • Member
  • PipPip
  • 61 posts
My computer all of a suddent after a clean installation of XP starts to become a problem. It won't restart and sometimes I cannot get online. I tried to scan using Housecall and Malwarebytes. Malwarebytes always return the pum.hijack.displayproperty. I use Malwarebytes to clean it and it still comes back after restart.


OTL logfile created on: 12/22/2011 9:30:17 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\c1151872\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.26 Mb Total Physical Memory | 118.58 Mb Available Physical Memory | 13.26% Memory free
2.12 Gb Paging File | 1.48 Gb Available in Paging File | 69.90% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 53.36 Gb Free Space | 71.61% Space Free | Partition Type: NTFS
Drive L: | 499.99 Gb Total Space | 342.75 Gb Free Space | 68.55% Space Free | Partition Type: NTFS

Computer Name: D2UA83312B0 | User Name: c1151872 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 09:18:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\c1151872\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/17 13:04:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/17 13:04:49 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/17 13:04:37 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/03/17 13:04:35 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/03/17 13:04:27 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/03/09 20:39:02 | 001,734,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe
PRC - [2008/12/16 21:05:00 | 005,160,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2008/08/29 05:29:40 | 000,331,776 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2008/08/26 15:38:26 | 000,087,416 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2008/08/21 05:15:50 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2008/08/13 07:27:30 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2008/08/13 07:24:34 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2008/08/12 09:25:42 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2008/06/02 08:42:32 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 03:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2007/11/30 03:09:10 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2007/08/31 05:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/26 13:07:44 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll
MOD - [2011/01/26 13:07:05 | 014,320,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll
MOD - [2011/01/26 13:04:02 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2011/01/26 13:03:52 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2011/01/26 13:03:48 | 012,213,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll
MOD - [2011/01/26 13:03:32 | 003,311,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll
MOD - [2011/01/26 13:03:24 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2011/01/26 13:03:19 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2011/01/26 13:03:17 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2011/01/26 13:03:09 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2010/03/24 19:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/30 00:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/11/21 08:11:12 | 000,033,280 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\database.dll
MOD - [2008/08/29 05:29:30 | 000,806,912 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\vulscan.dll
MOD - [2008/08/26 05:15:42 | 000,102,400 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\policy.client.business.dll
MOD - [2008/05/01 07:04:44 | 000,163,840 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\ldredirect.dll
MOD - [2008/04/14 03:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 03:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/14 05:28:10 | 000,018,432 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\processrunner.dll
MOD - [2007/11/30 03:18:00 | 000,126,976 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\uncauthentication.dll
MOD - [2007/11/30 03:14:52 | 000,344,064 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\sqlite3.dll
MOD - [2007/04/20 04:28:38 | 000,106,567 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\ThinstallManageApi.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/17 13:04:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/17 13:04:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/17 13:04:37 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/03/17 13:04:35 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/17 13:04:27 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/09/07 14:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/03/25 08:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/08/29 05:29:40 | 000,331,776 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2008/08/26 15:38:26 | 000,087,416 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2008/08/21 05:15:50 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2008/08/13 07:24:34 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2008/08/12 09:25:42 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2008/06/02 08:42:32 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2007/11/30 03:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/08/31 05:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 07:23:56 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/11/28 07:19:18 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111221.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/28 07:19:18 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111221.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/28 07:19:17 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/28 07:19:17 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/28 06:57:27 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/17 13:05:17 | 000,043,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2011/03/17 13:04:58 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/17 13:04:58 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/17 13:04:57 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/03/17 13:04:44 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/03/17 13:04:44 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2011/03/17 13:03:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/17 13:03:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2011/03/17 13:03:53 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/03/17 13:03:45 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/21 15:40:22 | 000,064,480 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_620_13649.sys -- (NEOFLTR_620_13649) Juniper Networks TDI Filter Driver (NEOFLTR_620_13649)
DRV - [2007/07/16 08:29:33 | 000,017,432 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/05/30 14:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/30 14:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/30 14:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2007/02/16 13:46:42 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/10/12 07:52:04 | 004,387,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/09/13 13:06:30 | 000,003,840 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/07/22 17:13:48 | 001,579,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/01 19:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.cintas.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.cintas.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.cintas.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.hewitt.com;*.uty.com;*.uty.ca;*.cintasuniforms.com;*.cintasuniforms.ca;*.wendysuniforms.com;*.sallyfourmy.com;*.cintas.com;*.cintasvip.com;*.cintasmats.com;*.mycintas.com;*.spiritmats.com;*.xpectdirect.com;10.*;172.*;192.168.*;12.2.179.*;198.177.158.*;206.112.82.174;206.112.82.172;206.112.70.79;206.112.70.81;*.65.221.0.132;*.cintascomfortflex.com;*.flexmoore.com';*.cintasdesignit.com;*.adphc.com;*.na.cintas.com;*.bargainshopperoutlet.com;*.microsoftonline.com;*.webexconnect.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = c092isa0:8080

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKLM\..Trusted Domains: cintas.com ([home] http in Trusted sites)
O15 - HKLM\..Trusted Domains: cintas.com ([na] http in Trusted sites)
O15 - HKLM\..Trusted Domains: hewitt.com ([meplb01.reporting] https in Trusted sites)
O15 - HKLM\..Trusted Domains: outtask.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: outtask.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: previsor.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: previsor.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: select2perform.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: select2perform.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([*.na] * in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([evexplorer] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([home] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([na] * in Trusted sites)
O15 - HKCU\..Trusted Domains: cintas.com ([na] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hewitt.com ([meplb01.reporting] https in Trusted sites)
O15 - HKCU\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: outtask.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: outtask.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: previsor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: previsor.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: select2perform.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: select2perform.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.4.75 10.20.10.107
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.cintas.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00579B2-B313-4786-B582-7539C9C3D816}: DhcpNameServer = 10.1.4.75 10.20.10.107
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\c1151872\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\c1151872\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/25 06:51:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 09:18:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\c1151872\Desktop\OTL.exe
[2011/12/21 17:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Desktop\tdsskiller
[2011/12/21 17:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/21 17:00:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/21 17:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/21 09:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
[2011/12/21 09:29:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/12/21 09:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/12/07 14:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Malwarebytes
[2011/12/07 14:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/07 13:59:57 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\c1151872\My Documents\mbam-setup-1.51.2.1300.exe
[2011/12/07 13:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
[2011/12/07 13:59:29 | 000,000,000 | ---D | C] -- C:\rei
[2011/12/07 13:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/12/07 13:57:39 | 000,267,576 | ---- | C] (Reimage®) -- C:\Documents and Settings\c1151872\My Documents\ReimageRepair.exe
[2011/12/07 13:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Local Settings\Application Data\Adobe
[2011/12/07 13:35:05 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\c1151872\My Documents\HousecallLauncher.exe
[2011/12/07 13:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/07 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\HiJackThis
[2011/12/07 13:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Macromedia
[2011/12/07 13:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Adobe
[2011/12/07 13:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Tracing
[2011/12/07 13:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Local Settings\Application Data\Symantec
[2011/12/07 13:24:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\c1151872\Application Data\Microsoft
[2011/12/07 13:24:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\c1151872\Application Data
[2011/12/07 13:24:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Favorites
[2011/12/07 13:24:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\c1151872\Cookies
[2011/12/07 13:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Juniper Networks
[2011/12/07 13:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Application Data\Identities
[2011/12/07 13:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Desktop
[2011/12/07 13:24:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\c1151872\SendTo
[2011/12/07 13:24:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\c1151872\Recent
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\Startup
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Start Menu
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\My Documents\My Videos
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\My Documents\My Pictures
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\My Documents\My Music
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\My Documents
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\Administrative Tools
[2011/12/07 13:24:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\Accessories
[2011/12/07 13:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\c1151872\Templates
[2011/12/07 13:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\c1151872\PrintHood
[2011/12/07 13:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\c1151872\NetHood
[2011/12/07 13:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\c1151872\Local Settings
[2011/12/07 13:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Local Settings\Application Data\Microsoft
[2011/12/07 13:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\c1151872\Start Menu\Programs\Juniper Networks
[2011/11/30 15:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft MapPoint 2010
[2011/11/30 10:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/11/29 13:59:41 | 000,000,000 | ---D | C] -- C:\Scans
[2011/11/29 08:28:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2011/11/29 08:22:21 | 000,188,416 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hppcew09.dll
[2011/11/29 08:22:21 | 000,026,136 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\drivers\hpfxgen.sys
[2011/11/29 08:22:21 | 000,017,432 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\drivers\hpfxbulk.sys
[2011/11/29 08:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2011/11/29 08:17:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/11/29 08:16:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/11/28 07:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD
[2011/11/28 07:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2011/11/28 07:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2011/11/28 07:45:45 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/11/28 07:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/11/28 07:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Communicator
[2011/11/28 07:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Online Services
[2011/11/28 07:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Online Services
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\Unicode
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Setup
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SEM
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\sapphone
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\sapgui
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\SAP
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\paw
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\patch
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\old
[2011/11/28 07:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\new
[2011/11/28 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\iwb
[2011/11/28 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\BW
[2011/11/28 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\BPC
[2011/11/28 07:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Bi
[2011/11/28 07:31:23 | 000,056,832 | ---- | C] (Graphitti) -- C:\WINDOWS\System32\grfcxl32.dll
[2011/11/28 07:31:23 | 000,034,816 | ---- | C] (Graphitti) -- C:\WINDOWS\System32\grsapx32.dll
[2011/11/28 07:31:20 | 003,149,824 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2011/11/28 07:31:20 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2011/11/28 07:31:19 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2011/11/28 07:31:19 | 000,253,952 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\vrfc32.dll
[2011/11/28 07:31:19 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[2011/11/28 07:30:56 | 000,068,640 | ---- | C] (MicroHelp, Inc.) -- C:\WINDOWS\System32\Gauge32.OCX
[2011/11/28 07:30:51 | 004,542,464 | ---- | C] (SAP AG) -- C:\WINDOWS\System32\librfc32u.dll
[2011/11/28 07:30:51 | 000,106,496 | ---- | C] (SAP AG) -- C:\WINDOWS\System32\libsapu16vc80.dll
[2011/11/28 07:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ESRI
[2011/11/28 07:28:52 | 001,146,880 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\wdba.dll
[2011/11/28 07:28:18 | 000,483,328 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\sapfcpl.cpl
[2011/11/28 07:27:43 | 000,114,688 | ---- | C] (heilerSoftware) -- C:\WINDOWS\System32\h5dlg32.dll
[2011/11/28 07:27:40 | 001,683,456 | ---- | C] (SAP AG, Walldorf) -- C:\WINDOWS\System32\SAPbtmp.dll
[2011/11/28 07:27:39 | 000,533,504 | ---- | C] (VisualTools Inc.) -- C:\WINDOWS\System32\vtssdl32.dll
[2011/11/28 07:27:37 | 003,944,448 | ---- | C] (SAP AG) -- C:\WINDOWS\System32\librfc32.dll
[2011/11/28 07:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SAP Shared
[2011/11/28 07:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\SAP
[2011/11/28 07:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ericom Software
[2011/11/28 07:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ericom Software
[2011/11/28 07:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/11/28 07:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/28 07:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/11/28 07:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/11/28 07:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/28 07:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/11/28 07:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2011/11/28 07:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/11/28 07:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/11/28 07:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/11/28 07:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/11/28 07:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/28 07:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/11/28 07:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/11/28 07:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/11/28 07:03:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/11/28 07:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/11/28 07:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/11/28 07:01:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/11/28 06:59:26 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/11/28 06:57:38 | 000,357,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\Sysfer.dll
[2011/11/28 06:57:38 | 000,099,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/11/28 06:57:19 | 000,125,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/11/28 06:57:19 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/11/28 06:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/11/28 06:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2011/11/28 06:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/11/28 06:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/11/28 06:40:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2008/08/26 15:35:24 | 000,069,632 | ---- | C] (Juniper Networks) -- C:\Documents and Settings\All Users\Application Data\NeoterisSetup.ocx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/22 09:35:02 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1163DD7F-8789-46ED-B82F-D726F3740735}.job
[2011/12/22 09:18:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\c1151872\Desktop\OTL.exe
[2011/12/22 09:09:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/22 09:04:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/22 08:50:46 | 000,010,436 | ---- | M] () -- C:\WINDOWS\PTW_PRT1.CFG
[2011/12/22 08:50:46 | 000,000,081 | ---- | M] () -- C:\WINDOWS\PTW_PRT2.CFG
[2011/12/21 18:12:54 | 108,104,448 | ---- | M] () -- C:\Documents and Settings\c1151872\My Documents\setup_11.0.0.1245.x01_2011_12_22_02_26.exe
[2011/12/21 17:23:01 | 001,557,791 | ---- | M] () -- C:\Documents and Settings\c1151872\Desktop\tdsskiller.zip
[2011/12/21 17:02:16 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\c1151872\Desktop\HiJackThis.lnk
[2011/12/21 17:00:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/21 16:51:06 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2011/12/21 16:50:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 16:50:29 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/21 11:12:27 | 000,002,439 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2011/12/07 13:59:58 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\c1151872\My Documents\mbam-setup-1.51.2.1300.exe
[2011/12/07 13:59:30 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/12/07 13:57:45 | 000,267,576 | ---- | M] (Reimage®) -- C:\Documents and Settings\c1151872\My Documents\ReimageRepair.exe
[2011/12/07 13:50:51 | 000,217,256 | ---- | M] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\census.cache
[2011/12/07 13:50:35 | 000,168,160 | ---- | M] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\ars.cache
[2011/12/07 13:35:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\housecall.guid.cache
[2011/12/07 13:35:23 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\c1151872\My Documents\HousecallLauncher.exe
[2011/12/07 13:28:45 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\c1151872\My Documents\HijackThis.msi
[2011/12/07 13:26:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\c1151872\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/07 13:26:05 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\c1151872\Desktop\Windows Media Player.lnk
[2011/12/07 13:25:28 | 000,006,596 | RHS- | M] () -- C:\Documents and Settings\c1151872\ntuser.pol
[2011/12/05 06:51:33 | 000,507,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/05 06:51:33 | 000,089,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/30 10:19:53 | 000,008,306 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/11/29 14:01:20 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Krystal Scans.lnk
[2011/11/28 07:27:39 | 000,010,914 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SERVICES_OLD
[2011/11/28 07:23:56 | 000,167,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/11/28 06:57:27 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/11/28 06:57:27 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/11/28 06:57:27 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/11/28 06:57:27 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/11/28 06:42:57 | 000,000,935 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/11/28 06:42:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/11/28 06:42:23 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/21 17:34:37 | 108,104,448 | ---- | C] () -- C:\Documents and Settings\c1151872\My Documents\setup_11.0.0.1245.x01_2011_12_22_02_26.exe
[2011/12/21 17:22:46 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\c1151872\Desktop\tdsskiller.zip
[2011/12/21 17:00:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/21 09:30:37 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2011/12/21 09:30:25 | 000,002,439 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Mouse.lnk
[2011/12/07 13:59:30 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2011/12/07 13:50:51 | 000,217,256 | ---- | C] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\census.cache
[2011/12/07 13:50:35 | 000,168,160 | ---- | C] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\ars.cache
[2011/12/07 13:35:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\c1151872\Local Settings\Application Data\housecall.guid.cache
[2011/12/07 13:29:05 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\c1151872\Desktop\HiJackThis.lnk
[2011/12/07 13:28:25 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\c1151872\My Documents\HijackThis.msi
[2011/12/07 13:26:05 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\c1151872\Start Menu\Programs\Windows Media Player.lnk
[2011/12/07 13:26:05 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\c1151872\Desktop\Windows Media Player.lnk
[2011/12/07 13:25:06 | 000,006,596 | RHS- | C] () -- C:\Documents and Settings\c1151872\ntuser.pol
[2011/12/07 13:24:45 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\c1151872\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/07 13:24:45 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\c1151872\Desktop\Archived_Email.url
[2011/12/07 13:24:45 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\c1151872\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/07 13:24:44 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\c1151872\Start Menu\Programs\Internet Explorer.lnk
[2011/11/30 07:07:05 | 000,010,436 | ---- | C] () -- C:\WINDOWS\PTW_PRT1.CFG
[2011/11/30 07:07:05 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PTW_PRT2.CFG
[2011/11/29 14:01:20 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Krystal Scans.lnk
[2011/11/29 08:21:32 | 000,000,621 | R--- | C] () -- C:\WINDOWS\System32\hppapr09.dat
[2011/11/29 08:13:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/28 07:46:42 | 001,114,674 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2011/11/28 07:46:42 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/11/28 07:46:42 | 000,058,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2011/11/28 07:46:42 | 000,029,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2011/11/28 07:46:42 | 000,006,005 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2011/11/28 07:46:42 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2011/11/28 07:46:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/11/28 07:46:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/11/28 07:46:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/11/28 07:46:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/11/28 07:46:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/11/28 07:46:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/11/28 07:45:29 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Communicator 2007 R2.lnk
[2011/11/28 07:44:54 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Archived_Email.url
[2011/11/28 07:32:32 | 000,002,240 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2011/11/28 07:31:19 | 001,167,872 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2011/11/28 07:31:19 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2011/11/28 07:27:43 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2011/11/28 07:27:43 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2011/11/28 07:27:43 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2011/11/28 07:27:43 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2011/11/28 07:27:43 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2011/11/28 07:27:39 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2011/11/28 07:25:34 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/28 06:57:19 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/11/28 06:57:19 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/11/28 06:42:23 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/03/07 08:46:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/01/26 12:55:26 | 000,779,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/25 06:52:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/25 06:49:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/25 01:42:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/25 01:41:54 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,507,320 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,089,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/03/07 08:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/01/28 06:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2011/12/22 09:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/03/07 08:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\c1151872\Application Data\Juniper Networks
[2011/12/22 09:35:02 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1163DD7F-8789-46ED-B82F-D726F3740735}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP