Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Icons, Files Missing from the Desktop Windows XP [Solved]

Started by sethg60 , Nov 02 2012 05:37 AM

  • This topic is locked This topic is locked

#1
sethg60
Posted 02 November 2012 - 05:37 AM

sethg60

    Member

  • Member
  • PipPip
  • 10 posts
Hi,
Until last night everything was fine. But when I logged into my system today all the files on the desktop went missing. No Clues all of a sudden every thing went for missing. Tried couple of recovery softwares after trying out windows restore but no luck. In one of the forums I found the OTL tool and ran the same. I am posting the logs post running the OTL tool.


OTL.txt

OTL logfile created on: 11/02/12 3:48:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\j1009415\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.45 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 46.89% Memory free
8.47 Gb Paging File | 6.52 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): D:\pagefile.sys 5302 15906 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.30 Gb Total Space | 12.43 Gb Free Space | 23.77% Space Free | Partition Type: NTFS
Drive D: | 96.75 Gb Total Space | 15.65 Gb Free Space | 16.17% Space Free | Partition Type: NTFS
Drive U: | 2044.00 Gb Total Space | 1286.40 Gb Free Space | 62.94% Space Free | Partition Type: NTFS
Drive V: | 14.99 Gb Total Space | 6.51 Gb Free Space | 43.41% Space Free | Partition Type: NTFS

Computer Name: J1009415XPLT | User Name: j1009415 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\j1009415\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Newfold\testdisk-6.14-WIP\testdisk-6.14-WIP\photorec_win.exe (CGSecurity)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\WebEx\Connect\wbxcOIEx.exe (WebEx)
PRC - C:\Program Files\WebEx\Connect\connect.exe (Cisco WebEx)
PRC - C:\Program Files\WebEx\Connect\apUpdate.exe (WebEx Communications Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Quest Software\Toad for Data Analysts 2.6.2\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - d:\oracle\product\11.1.0\db_1\BIN\oracle.exe (Oracle Corporation)
PRC - D:\oracle\product\11.1.0\db_1\BIN\TNSLSNR.EXE ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Program Files\WebEx\Connect\libetpan.dll ()
MOD - C:\Program Files\WebEx\Connect\libexpatw.dll ()
MOD - C:\Program Files\WebEx\Connect\sqlite3.dll ()
MOD - C:\Program Files\WebEx\Connect\personalmgr.dll ()
MOD - C:\Program Files\WebEx\Connect\conComUI.dll ()
MOD - C:\Program Files\WebEx\Connect\conCommClient.dll ()
MOD - C:\Program Files\WebEx\Connect\skinengine.dll ()
MOD - C:\Program Files\WebEx\Connect\conhelp.dll ()
MOD - C:\Program Files\WebEx\Connect\ipc.dll ()
MOD - C:\Program Files\WebEx\Connect\threadipc.dll ()
MOD - C:\Program Files\WebEx\Connect\at_dll.dll ()
MOD - C:\Program Files\WebEx\Connect\WapiClient.dll ()
MOD - C:\Program Files\WebEx\Connect\XmppMgr.dll ()
MOD - C:\Program Files\WebEx\Connect\apComRes.dll ()
MOD - C:\Program Files\WebEx\Connect\WidgetProxy.dll ()
MOD - C:\Program Files\WebEx\Connect\apCsSe.dll ()
MOD - C:\Program Files\WebEx\Connect\apXMLMeeting.dll ()
MOD - C:\Program Files\WebEx\Connect\apSSLGse.dll ()
MOD - C:\Program Files\WebEx\Connect\apReportDll.dll ()
MOD - C:\Program Files\WebEx\Connect\ConvWindow.dll ()
MOD - C:\Program Files\WebEx\Connect\TriAVView.dll ()
MOD - C:\Program Files\WebEx\Connect\MeetingTab.dll ()
MOD - C:\Program Files\WebEx\Connect\ContactPage.dll ()
MOD - C:\Program Files\WebEx\Connect\P2PAudioVideo.dll ()
MOD - C:\Program Files\WebEx\Connect\MeetingMgr.dll ()
MOD - C:\Program Files\WebEx\Connect\PandoraWidget.dll ()
MOD - C:\Program Files\WebEx\Connect\ConOI.dll ()
MOD - C:\Program Files\WebEx\Connect\AudioConfMgr.dll ()
MOD - C:\Program Files\WebEx\Connect\ConnectConfigInfo.dll ()
MOD - C:\Program Files\WebEx\Connect\CEB.dll ()
MOD - C:\Program Files\WebEx\Connect\InstantMeeting.dll ()
MOD - C:\Program Files\WebEx\Connect\SearchOverlay.dll ()
MOD - C:\Program Files\WebEx\Connect\TriCapture.dll ()
MOD - C:\Program Files\WebEx\Connect\NotiMgr.dll ()
MOD - C:\Program Files\WebEx\Connect\Buff.dll ()
MOD - C:\Program Files\WebEx\Connect\CacheManager.dll ()
MOD - C:\Program Files\WebEx\Connect\SharedMenu.dll ()
MOD - C:\Program Files\WebEx\Connect\Expat.dll ()
MOD - C:\Program Files\WebEx\Connect\NetworkMonitor.dll ()
MOD - C:\Program Files\WebEx\Connect\AudioConfBridge.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\TeraCopy\TeraCopyExt.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\WINDOWS\system32\apdfprintmon.dll ()
MOD - C:\WINDOWS\system32\atonres.dll ()
MOD - C:\WINDOWS\system32\WbxRMenu.dll ()
MOD - D:\oracle\product\11.1.0\db_1\BIN\TNSLSNR.EXE ()
MOD - D:\oracle\product\11.1.0\db_1\BIN\onsclient.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\system32\CSGina.dll ()


========== Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CCI.Server.WindowsService) -- C:\jda\CCI78\Server\CCI.Server.WindowsService.exe (JDA Software Group, Inc.)
SRV - (Cisco WebEx Connect Upgrade Service) -- C:\Program Files\WebEx\Connect\apUpdate.exe (WebEx Communications Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (DWMRCS) -- C:\WINDOWS\system32\DWRCS.EXE (DameWare Development LLC)
SRV - (DB2MGMTSVC_TACOM26) -- C:\Program Files\Quest Software\Toad for Data Analysts 2.6.2\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (OracleServiceO11gR1P7) -- d:\oracle\product\11.1.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleJobSchedulerO11gR1P7) -- d:\oracle\product\11.1.0\db_1\Bin\extjob.exe ()
SRV - (OracleOraDb11g_home1TNSListener) -- D:\oracle\product\11.1.0\db_1\BIN\TNSLSNR.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (vmci) -- system32\DRIVERS\vmci.sys File not found
DRV - (mfeavfk01) -- File not found
DRV - (dsNcAdpt) -- system32\DRIVERS\dsNcAdpt.sys File not found
DRV - (91b83f72) -- File not found
DRV - (.imapi) -- File not found
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (PSSDK42) -- C:\WINDOWS\system32\drivers\pssdk42.sys (microOLAP Technologies LTD)
DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETwNx32) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\WINDOWS\system32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_bus) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\PBADRV.sys (Dell Inc)
DRV - (OA001Ufd) -- C:\WINDOWS\system32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (OA001Vid) -- C:\WINDOWS\system32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (OA001Afx) -- C:\WINDOWS\system32\drivers\OA001Afx.sys (Creative Technology Ltd.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (dwvkbd) -- C:\WINDOWS\system32\drivers\dwvkbd.sys (DameWare)
DRV - (DwMirror) -- C:\WINDOWS\system32\drivers\DamewareMini.sys (DameWare Development, LLC)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jnet.jda.corp...es/Default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\..\SearchScopes,DefaultScope = {629B2C20-F6A1-4059-9707-26A642443F1E}
IE - HKCU\..\SearchScopes\{629B2C20-F6A1-4059-9707-26A642443F1E}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://jnet.jda.corp...s/Default.aspx"
FF - prefs.js..extensions.enabledAddons: [email protected]:0.9.8.3
FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledAddons: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.80.2
FF - prefs.js..extensions.enabledAddons: [email protected]:4.123
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.736
FF - prefs.js..keyword.URL: "http://www.google.co...ogle Search&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "10.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 6588
FF - prefs.js..network.proxy.gopher: "10.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 6588
FF - prefs.js..network.proxy.http: "10.0.0.1"
FF - prefs.js..network.proxy.http_port: 6588
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.0.0.1"
FF - prefs.js..network.proxy.socks_port: 6588
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "10.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 6588
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\j1009415\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\j1009415\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\j1009415\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 23:49:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012/07/21 00:37:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/02 10:42:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/02 10:42:27 | 000,000,000 | ---D | M]

[2011/03/18 10:36:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Extensions
[2012/11/01 12:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions
[2011/03/18 11:45:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/18 11:45:05 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/03/18 11:45:05 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2012/10/14 14:28:03 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\[email protected]
[2012/10/22 23:18:17 | 000,050,349 | ---- | M] () (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\[email protected]
[2011/11/13 14:40:42 | 000,148,816 | ---- | M] () (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\[email protected]
[2012/11/01 12:44:27 | 002,042,908 | ---- | M] () (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\[email protected]
[2012/11/02 10:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/02 10:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/11/02 14:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/11/02 14:12:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/02 14:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/10/17 00:04:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/28 05:32:38 | 000,302,904 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/10/28 05:32:48 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/02/16 16:40:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://jnet.jda.corp...es/Default.aspx
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://jnet.jda.corp...es/Default.aspx
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\j1009415\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\j1009415\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2011/09/05 11:18:53 | 000,000,853 | --S- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111117103702.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Cisco WebEx Connect] C:\Program Files\WebEx\Connect\connect.exe (Cisco WebEx)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E059DAB-6894-435C-B758-2977F014D734} https://jda.tenroxho...TClientProc.CAB (TClientProc.ClientSettings)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340729929453 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340729908046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} https://na5.salesfor...AXMailMerge.cab (CMMHost Object)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} https://wrigley-ikst...Web/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.104.0.41 10.104.11.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jda.corp.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17C6A5DC-3D3C-456B-8F7B-0534ED0E4D63}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A5CCB1B-987B-4B98-9482-B8E77A1AF5C0}: DhcpNameServer = 10.104.0.41 10.104.11.11
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10.6\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (IWPDGINA.DLL) - C:\WINDOWS\System32\IWPDGINA.dll (Intel® Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/09 19:50:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aca86280-1a39-11e1-9207-00216a653530}\Shell - "" = AutoRun
O33 - MountPoints2\{aca86280-1a39-11e1-9207-00216a653530}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aca86280-1a39-11e1-9207-00216a653530}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aca86283-1a39-11e1-9207-00216a653530}\Shell - "" = AutoRun
O33 - MountPoints2\{aca86283-1a39-11e1-9207-00216a653530}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aca86283-1a39-11e1-9207-00216a653530}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 7 Days ==========

[2012/11/02 15:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.124
[2012/11/02 15:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.123
[2012/11/02 15:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.122
[2012/11/02 15:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.121
[2012/11/02 15:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.120
[2012/11/02 15:46:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\j1009415\Desktop\OTL.exe
[2012/11/02 15:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.119
[2012/11/02 15:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.118
[2012/11/02 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.117
[2012/11/02 15:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.116
[2012/11/02 15:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.115
[2012/11/02 15:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.114
[2012/11/02 15:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.113
[2012/11/02 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.112
[2012/11/02 15:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.111
[2012/11/02 15:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.110
[2012/11/02 15:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.109
[2012/11/02 15:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.108
[2012/11/02 15:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.107
[2012/11/02 15:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.106
[2012/11/02 15:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.105
[2012/11/02 15:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.104
[2012/11/02 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.103
[2012/11/02 15:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.102
[2012/11/02 15:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.101
[2012/11/02 15:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.100
[2012/11/02 15:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.99
[2012/11/02 15:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.98
[2012/11/02 15:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.97
[2012/11/02 15:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.96
[2012/11/02 15:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.95
[2012/11/02 15:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.94
[2012/11/02 15:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.93
[2012/11/02 15:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.92
[2012/11/02 15:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.91
[2012/11/02 15:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.90
[2012/11/02 15:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.89
[2012/11/02 15:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.88
[2012/11/02 15:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.87
[2012/11/02 15:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.86
[2012/11/02 15:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.85
[2012/11/02 15:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.84
[2012/11/02 15:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.83
[2012/11/02 15:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.82
[2012/11/02 15:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.81
[2012/11/02 15:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.80
[2012/11/02 15:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.79
[2012/11/02 15:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.78
[2012/11/02 15:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.77
[2012/11/02 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.76
[2012/11/02 15:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.75
[2012/11/02 15:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.74
[2012/11/02 15:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.73
[2012/11/02 15:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.72
[2012/11/02 15:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.71
[2012/11/02 15:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.70
[2012/11/02 14:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.69
[2012/11/02 14:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.68
[2012/11/02 14:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.67
[2012/11/02 14:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.66
[2012/11/02 14:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.65
[2012/11/02 14:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.64
[2012/11/02 14:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.63
[2012/11/02 14:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.62
[2012/11/02 14:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.61
[2012/11/02 14:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.60
[2012/11/02 14:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.59
[2012/11/02 14:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.58
[2012/11/02 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.57
[2012/11/02 14:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.56
[2012/11/02 14:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.55
[2012/11/02 14:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.54
[2012/11/02 14:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.53
[2012/11/02 14:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.52
[2012/11/02 14:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.51
[2012/11/02 14:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.50
[2012/11/02 14:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.49
[2012/11/02 14:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.48
[2012/11/02 14:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.47
[2012/11/02 14:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.46
[2012/11/02 14:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.45
[2012/11/02 14:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.44
[2012/11/02 14:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.43
[2012/11/02 14:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.42
[2012/11/02 14:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.41
[2012/11/02 14:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.40
[2012/11/02 14:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.39
[2012/11/02 14:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.38
[2012/11/02 14:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.37
[2012/11/02 14:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.36
[2012/11/02 14:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.35
[2012/11/02 14:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.34
[2012/11/02 14:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.33
[2012/11/02 14:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.32
[2012/11/02 14:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.31
[2012/11/02 14:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.30
[2012/11/02 14:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.29
[2012/11/02 14:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.28
[2012/11/02 14:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.27
[2012/11/02 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.26
[2012/11/02 13:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.25
[2012/11/02 13:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.24
[2012/11/02 13:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.23
[2012/11/02 13:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.22
[2012/11/02 13:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.21
[2012/11/02 13:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.20
[2012/11/02 13:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.19
[2012/11/02 13:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.18
[2012/11/02 13:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.17
[2012/11/02 13:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.16
[2012/11/02 13:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.15
[2012/11/02 13:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.14
[2012/11/02 13:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.13
[2012/11/02 13:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.12
[2012/11/02 13:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.11
[2012/11/02 13:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.10
[2012/11/02 13:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.9
[2012/11/02 13:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.8
[2012/11/02 13:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.7
[2012/11/02 13:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.6
[2012/11/02 13:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.5
[2012/11/02 13:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.4
[2012/11/02 13:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.3
[2012/11/02 13:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.2
[2012/11/02 13:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.1
[2012/11/02 12:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2012/11/02 12:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/11/02 10:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/11/02 10:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia
[2012/11/02 10:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/01 23:19:28 | 000,000,000 | --SD | C] -- D:\My Documents\Google Drive
[2012/10/29 23:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution(2)
[2012/10/26 20:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Application Data\vlc
[2012/04/03 16:10:44 | 008,466,720 | ---- | C] (Dell Inc.) -- C:\Documents and Settings\j1009415\Application Data\DRVR_WIN_R302424.EXE
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012/11/02 16:00:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\Cookies.job
[2012/11/02 15:46:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\j1009415\Desktop\OTL.exe
[2012/11/02 15:30:03 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\To-Do.job
[2012/11/02 15:28:32 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\j1009415\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/02 15:23:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/02 12:33:21 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2390A371-EF21-4B40-A180-714EFDBD3E5F}.job
[2012/11/02 11:25:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/02 10:58:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/02 10:57:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/02 10:57:12 | 000,056,286 | RHS- | M] () -- C:\Documents and Settings\j1009415\ntuser.pol
[2012/11/02 10:54:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/02 10:44:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/02 10:44:24 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 20:53:50 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Low Battery Alarm Program.job
[2012/10/31 17:45:51 | 000,001,774 | -H-- | M] () -- D:\My Documents\Default.rdp
[2012/10/26 20:22:08 | 022,657,136 | ---- | M] () -- D:\My Documents\vlc-2.0.2-win32.exe
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/02 10:44:24 | 3707,658,240 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/26 20:17:36 | 022,657,136 | ---- | C] () -- D:\My Documents\vlc-2.0.2-win32.exe
[2012/10/21 23:23:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KeyTools.INI
[2012/09/20 15:45:52 | 000,834,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-8915387-776344908-1874078741-91699-0.dat
[2012/09/20 15:45:41 | 000,278,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/18 00:11:39 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\uwin_setup.dll
[2012/07/26 15:23:55 | 000,003,671 | ---- | C] () -- C:\WINDOWS\Planning.ini
[2012/07/26 15:23:09 | 000,073,216 | -H-- | C] () -- C:\WINDOWS\System32\_tmpEPLicenseKeyProbeDLL.DLL
[2012/06/06 16:25:01 | 001,380,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/19 14:25:32 | 000,038,507 | ---- | C] () -- C:\Documents and Settings\j1009415\Application Data\Comma Separated Values (Windows).ADR
[2012/04/03 16:13:48 | 016,145,896 | ---- | C] () -- C:\Documents and Settings\j1009415\Application Data\VIDEO_DRVR_WIN_R212481.EXE
[2012/02/20 10:10:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/01 15:29:49 | 000,000,136 | ---- | C] () -- C:\WINDOWS\UNlock.dat
[2012/01/01 15:01:19 | 000,000,432 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2012/01/01 14:34:35 | 000,000,113 | ---- | C] () -- C:\WINDOWS\winEncrypt.INI
[2012/01/01 14:34:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\encryptpdf.dat
[2011/12/23 12:36:30 | 000,000,083 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2011/11/18 14:11:37 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\j1009415\Local Settings\Application Data\keyfile3.drm
[2011/10/22 15:16:02 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2011/10/02 22:44:05 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/10/02 22:44:05 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/10/02 22:43:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\j1009415\Application Data\$_hpcst$.hpc
[2011/09/29 11:48:51 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2011/09/27 16:17:09 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/08/29 15:51:38 | 000,000,296 | ---- | C] () -- C:\WINDOWS\pwc65.INI
[2011/08/24 12:02:59 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/08/23 21:03:12 | 000,488,448 | ---- | C] () -- C:\WINDOWS\System32\apdfprintmon.dll
[2011/06/02 16:31:20 | 000,002,848 | ---- | C] () -- C:\WINDOWS\System32\DWRCS.INI
[2011/05/29 00:12:05 | 000,000,122 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2011/05/26 21:57:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/25 13:53:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/11 23:24:30 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/04/11 23:24:29 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/04/11 23:24:14 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/04/11 23:24:14 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/04/11 23:24:14 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2011/04/11 23:24:13 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/03/24 16:27:18 | 000,118,560 | ---- | C] () -- C:\WINDOWS\System32\TCSSigner_InterfaceV2.dll
[2011/03/21 18:11:54 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/03/21 18:11:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/03/18 12:11:05 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\j1009415\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 10:35:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/17 17:35:27 | 000,056,286 | RHS- | C] () -- C:\Documents and Settings\j1009415\ntuser.pol
[2009/06/15 08:24:44 | 000,011,504 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2009/06/09 21:36:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/06/21 23:48:34 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 17:40:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/23 21:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2009/06/09 21:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/05/22 07:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/13 10:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2011/06/01 20:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2012/07/21 00:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/08/16 14:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/06/24 00:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/07/20 22:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2012/05/24 14:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/01/18 00:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/06/18 23:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paessler
[2011/04/13 12:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/03/06 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/05/24 22:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2011/05/24 22:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2012/05/25 13:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\salesforce.com
[2011/10/02 22:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/03/06 20:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/09/23 15:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/09 22:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/11/02 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebEx Connect
[2011/06/01 20:07:37 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{08439167-4CA5-48E9-A810-A3A7C0B80B06}
[2011/09/06 20:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/03/23 14:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\.salesforce.com
[2012/08/10 18:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Audacity
[2012/10/20 12:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/29 22:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\DoneEx
[2012/03/06 19:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\DriverCure
[2012/05/04 20:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Dropbox
[2012/06/26 22:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\ElevatedDiagnostics
[2012/10/18 17:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\EurekaLog
[2012/04/24 12:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\GetRightToGo
[2012/03/29 12:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Greenshot
[2012/07/20 23:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\JAM Software
[2012/07/04 18:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Juniper Networks
[2012/07/04 17:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\multilizer
[2012/01/18 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Nokia
[2012/01/18 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Nokia Suite
[2012/07/26 15:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Notepad++
[2011/04/14 16:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\PC Suite
[2012/03/06 10:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\PCDr
[2012/07/26 15:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Planning
[2012/10/15 23:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Quest Software
[2012/02/21 23:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Rivet
[2012/05/25 13:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\salesforce.com
[2011/10/02 22:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Samsung
[2012/02/09 10:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1
[2011/05/24 22:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Software
[2011/09/04 23:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Software Informer
[2012/03/06 19:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\SpeedyPC Software
[2011/11/09 23:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\TeamViewer
[2012/08/02 16:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\TeraCopy
[2012/10/17 23:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Two Pilots
[2012/10/31 10:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Webex
[2012/11/02 10:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\WebEx Connect
[2011/03/18 12:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Windows Desktop Search
[2011/03/18 12:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Windows Search

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB20789$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4806DE8

< End of report >


Extras.Txt

OTL Extras logfile created on: 11/02/12 3:48:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\j1009415\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.45 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 46.89% Memory free
8.47 Gb Paging File | 6.52 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): D:\pagefile.sys 5302 15906 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.30 Gb Total Space | 12.43 Gb Free Space | 23.77% Space Free | Partition Type: NTFS
Drive D: | 96.75 Gb Total Space | 15.65 Gb Free Space | 16.17% Space Free | Partition Type: NTFS
Drive U: | 2044.00 Gb Total Space | 1286.40 Gb Free Space | 62.94% Space Free | Partition Type: NTFS
Drive V: | 14.99 Gb Total Space | 6.51 Gb Free Space | 43.41% Space Free | Partition Type: NTFS

Computer Name: J1009415XPLT | User Name: j1009415 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\WebEx\Connect\wbxcOIEx.exe" = C:\Program Files\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx -- (WebEx)
"C:\Program Files\WebEx\Connect\widget.exe" = C:\Program Files\WebEx\Connect\widget.exe:*:Enabled:widget -- ()
"C:\Program Files\WebEx\Connect\connect.exe" = C:\Program Files\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect -- (Cisco WebEx)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
"C:\Documents and Settings\j1009415\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\j1009415\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\WebEx\Connect\wbxcOIEx.exe" = C:\Program Files\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx -- (WebEx)
"C:\Program Files\WebEx\Connect\widget.exe" = C:\Program Files\WebEx\Connect\widget.exe:*:Enabled:widget -- ()
"C:\Program Files\WebEx\Connect\connect.exe" = C:\Program Files\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect -- (Cisco WebEx)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Documents and Settings\j1009415\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\j1009415\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" jSwift" = jSwift
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}" = ActivePerl 5.14.2 Build 1402
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07E15A70-04CB-46D5-8C7D-8BEA6DADBBF0}" = Toad for Oracle 10.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A41B42F-4AF1-4FE9-9083-6A405B905F4A}" = JDA Sales and Operations Management 6.3.5 (Ribbon)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A2677B3-FA6D-49DC-A803-F95DD8E3A576}" = JDA Channel Clustering Server
"{2B53190C-E53E-4736-9E13-395741415991}" = Network Recording Player
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45666376-FBDF-4D40-945C-316F1C051AF4}_is1" = Excel Tool VBA Password Recovery 10.6.1
"{4757D8ED-C630-4B95-BAE5-2D17560B6BB5}" = Quest Software Toad Data Modeler
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D78A9B-E886-4462-8016-B43EA36451AB}" = WebEx Productivity Tools
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5DBE95F6-823A-4547-9921-CEDFADA1D2D8}" = McAfee Agent
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{685D41DA-9D66-489A-8950-3A9B7C179AD6}" = Enterprise Planning
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A74E9AD-EE77-43AC-AAA0-81D7F0D7DE24}" = JDA Sales and Operations Management 6.3.5 (Client)
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FCB9803-D5BE-4AD3-A864-EB90A30C0001}" = CHM2PDF Pilot 2.16.108 Trial
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{765B5216-5FCC-48C2-AD8C-FB414B590176}" = AuthenTec Fingerprint Sensor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{82F7E64C-C2E4-4132-8FA5-4852FF0191B0}" = SCPO Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{8832D68C-2D91-44D4-B594-02CDA69CC084}" = Toad for Data Analysts 2.6 basic
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{F5DF2F56-0A62-47BE-BBD5-9C34A5F040E3}" =
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4B37D6-D7F8-4067-B900-3F314C709916}" = Intel® PROSet/Wireless WiFi Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B4AC31-2A58-4B9D-BA60-699772E1C39D}" = JDA Sales and Operations Planning 7.8 (Ribbon)
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9E83FA5-347D-4093-9CA4-30E0283A428A}" = JDA Sales and Operations Planning 7.8 (Client)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D532B55D-A91D-4DB1-8D98-ED248A5FA6BF}" = Quest Software Toad for Data Analysts 2.6
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{DB2517EA-257D-44F6-AEEF-B8399EB05BF0}" = Cisco WebEx Connect
"{DD14C745-AC15-4B5C-9820-8F874FA0B328}" = Quest SQL Optimizer for Oracle Common
"{E09A6ECD-0A10-4E72-AB8C-60FD4CCB5E54}" = Quest SQL Optimizer for Oracle
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E850BFC6-F07F-492E-A16F-23369B89A02B}" = JDA Channel Clustering Client 7.5.0
"{ED3EB637-B669-486C-8461-B18D0D9480C7}" = JDA Channel Clustering
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F626D29E-2B9B-479F-AF45-D1E5E72D4532}" = JDA Channel Clustering Server
"{F8DE3013-6411-44A2-8540-3F56AF5537D9}" = Codesite client tools
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced PDF Repair v2.0" = Advanced PDF Repair v2.0
"Advanced Video FX Engine" = Advanced Video FX Engine
"Audacity_is1" = Audacity 2.0
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Creative OA001" = Integrated Webcam Driver (1.02.02.0603)
"DamewareMirror" = DameWare Development Mirror Driver Uninstall
"Dell Support Center" = Dell Support Center
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Central" = Dell Webcam Central
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"Greenshot_is1" = Greenshot
"HTML Help Workshop" = HTML Help Workshop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A2677B3-FA6D-49DC-A803-F95DD8E3A576}" = JDA Channel Clustering Server 7.8.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{E850BFC6-F07F-492E-A16F-23369B89A02B}" = JDA Channel Clustering Client 7.5.0
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F626D29E-2B9B-479F-AF45-D1E5E72D4532}" = JDA Channel Clustering Server 7.5.0
"JDA Foundation 7.6.0" = JDA Foundation 7.6.0
"JDA SCPO 7.6.0" = JDA SCPO 7.6.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Oracle JRockit Mission Control 3.1.0 for Java SE 6 (32-bit)" = Oracle JRockit Mission Control 3.1.0 for Java SE 6
"Oracle WebLogic" = Oracle WebLogic
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® Network Connections Drivers
"Quest Installer" = Quest Installer
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TeraCopy_is1" = TeraCopy 2.27
"TreeSize Free_is1" = TreeSize Free V2.7
"Tweak UI 2.10" = Tweak UI
"Unrestrict PDF - Trial Version 7.0_is1" = Unrestrict PDF
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.2
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc8fa6ae8a94caa3" = JDADesktop-IN2NPDVSSTS01
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/14/12 9:31:59 AM | Computer Name = J1009415XPLT | Source = UserInit | ID = 1000
Description = Could not execute the following script ASPACWorkstationStartup.vbs.
The system cannot find the file specified. .

Error - 10/14/12 9:31:59 AM | Computer Name = J1009415XPLT | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/14/12 9:33:10 AM | Computer Name = J1009415XPLT | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for JDA\j1009415 failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 10/14/12 9:33:39 AM | Computer Name = J1009415XPLT | Source = Application Hang | ID = 1002
Description = Hanging application ISUSPM.exe, version 6.0.100.54472, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/14/12 9:42:55 AM | Computer Name = J1009415XPLT | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 10/14/12 9:59:17 AM | Computer Name = J1009415XPLT | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/14/12 9:59:17 AM | Computer Name = J1009415XPLT | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 10/14/12 9:59:19 AM | Computer Name = J1009415XPLT | Source = UserInit | ID = 1000
Description = Could not execute the following script ASPACWorkstationStartup.vbs.
The system cannot find the file specified. .

Error - 10/14/12 9:59:19 AM | Computer Name = J1009415XPLT | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/14/12 10:00:30 AM | Computer Name = J1009415XPLT | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for JDA\j1009415 failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ Dragon View Events ]
Error - 02/21/12 2:05:29 PM | Computer Name = J1009415XPLT | Source = Dragon View | ID = 0
Description = Invalid file path/name

[ OSession Events ]
Error - 06/04/12 1:25:33 AM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 255299
seconds with 7560 seconds of active time. This session ended with a crash.

Error - 06/13/12 12:58:22 PM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2293
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/21/12 2:13:58 AM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 92007
seconds with 3900 seconds of active time. This session ended with a crash.

Error - 07/27/12 11:18:04 AM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 121
seconds with 60 seconds of active time. This session ended with a crash.

Error - 08/08/12 3:03:24 AM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 8426
seconds with 2460 seconds of active time. This session ended with a crash.

Error - 09/06/12 12:32:15 PM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 127351 seconds with 9660 seconds of active time. This session ended with
a crash.

Error - 09/09/12 2:27:17 PM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 134425
seconds with 480 seconds of active time. This session ended with a crash.

Error - 10/08/12 8:14:51 AM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10692
seconds with 120 seconds of active time. This session ended with a crash.

Error - 10/11/12 7:53:51 AM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27678
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 10/18/12 1:32:38 PM | Computer Name = J1009415XPLT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16699
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 02/14/12 10:17:33 AM | Computer Name = J1009415XPLT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 02/14/12 10:18:58 AM | Computer Name = J1009415XPLT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 02/14/12 10:34:00 AM | Computer Name = J1009415XPLT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 02/14/12 11:04:01 AM | Computer Name = J1009415XPLT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 02/14/12 12:09:28 PM | Computer Name = J1009415XPLT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 02/14/12 12:23:08 PM | Computer Name = J1009415XPLT | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain JDA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 02/14/12 12:24:28 PM | Computer Name = J1009415XPLT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 02/14/12 12:54:30 PM | Computer Name = J1009415XPLT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 02/15/12 12:35:14 AM | Computer Name = J1009415XPLT | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 02/15/12 12:35:26 AM | Computer Name = J1009415XPLT | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%2148074295


< End of report>

Any pointers help is greatly appreciated.
Attached File  OTL.Txt   142.84KB   54 downloadsAttached File  Extras.Txt   71.35KB   68 downloads
  • 0

Advertisements

#2
Essexboy
Posted 02 November 2012 - 07:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you have multiple infections, RogueKiller should return the desktop and icons/menus

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - (91b83f72) -- File not found
DRV - (.imapi) -- File not found
DRV - (mfeavfk01) -- File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

:Commands
[resethosts]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
sethg60
Posted 03 November 2012 - 03:16 AM

sethg60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,
Thanks for your reply.But hard luck none of the solutions mentioned by you worked. I did not ran the combofix step as I am not in a position to disable my antivirus. The organisation policy and restriction does not allow me to do so. I am attaching the logs as requested by you.

Thanks
Gag

OTL logfile created on: 11/02/12 3:48:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\j1009415\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.45 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 46.89% Memory free
8.47 Gb Paging File | 6.52 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): D:\pagefile.sys 5302 15906 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.30 Gb Total Space | 12.43 Gb Free Space | 23.77% Space Free | Partition Type: NTFS
Drive D: | 96.75 Gb Total Space | 15.65 Gb Free Space | 16.17% Space Free | Partition Type: NTFS
Drive U: | 2044.00 Gb Total Space | 1286.40 Gb Free Space | 62.94% Space Free | Partition Type: NTFS
Drive V: | 14.99 Gb Total Space | 6.51 Gb Free Space | 43.41% Space Free | Partition Type: NTFS

Computer Name: J1009415XPLT | User Name: j1009415 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\j1009415\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Newfold\testdisk-6.14-WIP\testdisk-6.14-WIP\photorec_win.exe (CGSecurity)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\WebEx\Connect\wbxcOIEx.exe (WebEx)
PRC - C:\Program Files\WebEx\Connect\connect.exe (Cisco WebEx)
PRC - C:\Program Files\WebEx\Connect\apUpdate.exe (WebEx Communications Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Quest Software\Toad for Data Analysts 2.6.2\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - d:\oracle\product\11.1.0\db_1\BIN\oracle.exe (Oracle Corporation)
PRC - D:\oracle\product\11.1.0\db_1\BIN\TNSLSNR.EXE ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Program Files\WebEx\Connect\libetpan.dll ()
MOD - C:\Program Files\WebEx\Connect\libexpatw.dll ()
MOD - C:\Program Files\WebEx\Connect\sqlite3.dll ()
MOD - C:\Program Files\WebEx\Connect\personalmgr.dll ()
MOD - C:\Program Files\WebEx\Connect\conComUI.dll ()
MOD - C:\Program Files\WebEx\Connect\conCommClient.dll ()
MOD - C:\Program Files\WebEx\Connect\skinengine.dll ()
MOD - C:\Program Files\WebEx\Connect\conhelp.dll ()
MOD - C:\Program Files\WebEx\Connect\ipc.dll ()
MOD - C:\Program Files\WebEx\Connect\threadipc.dll ()
MOD - C:\Program Files\WebEx\Connect\at_dll.dll ()
MOD - C:\Program Files\WebEx\Connect\WapiClient.dll ()
MOD - C:\Program Files\WebEx\Connect\XmppMgr.dll ()
MOD - C:\Program Files\WebEx\Connect\apComRes.dll ()
MOD - C:\Program Files\WebEx\Connect\WidgetProxy.dll ()
MOD - C:\Program Files\WebEx\Connect\apCsSe.dll ()
MOD - C:\Program Files\WebEx\Connect\apXMLMeeting.dll ()
MOD - C:\Program Files\WebEx\Connect\apSSLGse.dll ()
MOD - C:\Program Files\WebEx\Connect\apReportDll.dll ()
MOD - C:\Program Files\WebEx\Connect\ConvWindow.dll ()
MOD - C:\Program Files\WebEx\Connect\TriAVView.dll ()
MOD - C:\Program Files\WebEx\Connect\MeetingTab.dll ()
MOD - C:\Program Files\WebEx\Connect\ContactPage.dll ()
MOD - C:\Program Files\WebEx\Connect\P2PAudioVideo.dll ()
MOD - C:\Program Files\WebEx\Connect\MeetingMgr.dll ()
MOD - C:\Program Files\WebEx\Connect\PandoraWidget.dll ()
MOD - C:\Program Files\WebEx\Connect\ConOI.dll ()
MOD - C:\Program Files\WebEx\Connect\AudioConfMgr.dll ()
MOD - C:\Program Files\WebEx\Connect\ConnectConfigInfo.dll ()
MOD - C:\Program Files\WebEx\Connect\CEB.dll ()
MOD - C:\Program Files\WebEx\Connect\InstantMeeting.dll ()
MOD - C:\Program Files\WebEx\Connect\SearchOverlay.dll ()
MOD - C:\Program Files\WebEx\Connect\TriCapture.dll ()
MOD - C:\Program Files\WebEx\Connect\NotiMgr.dll ()
MOD - C:\Program Files\WebEx\Connect\Buff.dll ()
MOD - C:\Program Files\WebEx\Connect\CacheManager.dll ()
MOD - C:\Program Files\WebEx\Connect\SharedMenu.dll ()
MOD - C:\Program Files\WebEx\Connect\Expat.dll ()
MOD - C:\Program Files\WebEx\Connect\NetworkMonitor.dll ()
MOD - C:\Program Files\WebEx\Connect\AudioConfBridge.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\TeraCopy\TeraCopyExt.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\WINDOWS\system32\apdfprintmon.dll ()
MOD - C:\WINDOWS\system32\atonres.dll ()
MOD - C:\WINDOWS\system32\WbxRMenu.dll ()
MOD - D:\oracle\product\11.1.0\db_1\BIN\TNSLSNR.EXE ()
MOD - D:\oracle\product\11.1.0\db_1\BIN\onsclient.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\system32\CSGina.dll ()


========== Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CCI.Server.WindowsService) -- C:\jda\CCI78\Server\CCI.Server.WindowsService.exe (JDA Software Group, Inc.)
SRV - (Cisco WebEx Connect Upgrade Service) -- C:\Program Files\WebEx\Connect\apUpdate.exe (WebEx Communications Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (DWMRCS) -- C:\WINDOWS\system32\DWRCS.EXE (DameWare Development LLC)
SRV - (DB2MGMTSVC_TACOM26) -- C:\Program Files\Quest Software\Toad for Data Analysts 2.6.2\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (OracleServiceO11gR1P7) -- d:\oracle\product\11.1.0\db_1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleJobSchedulerO11gR1P7) -- d:\oracle\product\11.1.0\db_1\Bin\extjob.exe ()
SRV - (OracleOraDb11g_home1TNSListener) -- D:\oracle\product\11.1.0\db_1\BIN\TNSLSNR.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (vmci) -- system32\DRIVERS\vmci.sys File not found
DRV - (mfeavfk01) -- File not found
DRV - (dsNcAdpt) -- system32\DRIVERS\dsNcAdpt.sys File not found
DRV - (91b83f72) -- File not found
DRV - (.imapi) -- File not found
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (PSSDK42) -- C:\WINDOWS\system32\drivers\pssdk42.sys (microOLAP Technologies LTD)
DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NETwNx32) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\WINDOWS\system32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_bus) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\PBADRV.sys (Dell Inc)
DRV - (OA001Ufd) -- C:\WINDOWS\system32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (OA001Vid) -- C:\WINDOWS\system32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (OA001Afx) -- C:\WINDOWS\system32\drivers\OA001Afx.sys (Creative Technology Ltd.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (dwvkbd) -- C:\WINDOWS\system32\drivers\dwvkbd.sys (DameWare)
DRV - (DwMirror) -- C:\WINDOWS\system32\drivers\DamewareMini.sys (DameWare Development, LLC)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jnet.jda.corp...es/Default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\..\SearchScopes,DefaultScope = {629B2C20-F6A1-4059-9707-26A642443F1E}
IE - HKCU\..\SearchScopes\{629B2C20-F6A1-4059-9707-26A642443F1E}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://jnet.jda.corp...s/Default.aspx"
FF - prefs.js..extensions.enabledAddons: [email protected]:0.9.8.3
FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledAddons: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.80.2
FF - prefs.js..extensions.enabledAddons: [email protected]:4.123
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.736
FF - prefs.js..keyword.URL: "http://www.google.co...ogle Search&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "10.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 6588
FF - prefs.js..network.proxy.gopher: "10.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 6588
FF - prefs.js..network.proxy.http: "10.0.0.1"
FF - prefs.js..network.proxy.http_port: 6588
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.0.0.1"
FF - prefs.js..network.proxy.socks_port: 6588
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "10.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 6588
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\j1009415\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\j1009415\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\j1009415\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 23:49:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012/07/21 00:37:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/02 10:42:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/02 10:42:27 | 000,000,000 | ---D | M]

[2011/03/18 10:36:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Extensions
[2012/11/01 12:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions
[2011/03/18 11:45:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/18 11:45:05 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/03/18 11:45:05 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2012/10/14 14:28:03 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\[email protected]
[2012/10/22 23:18:17 | 000,050,349 | ---- | M] () (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\[email protected]
[2011/11/13 14:40:42 | 000,148,816 | ---- | M] () (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\[email protected]
[2012/11/01 12:44:27 | 002,042,908 | ---- | M] () (No name found) -- C:\Documents and Settings\j1009415\Application Data\Mozilla\Firefox\Profiles\itjipdrd.default\extensions\[email protected]
[2012/11/02 10:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/02 10:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/11/02 14:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/11/02 14:12:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/02 14:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/10/17 00:04:45 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/28 05:32:38 | 000,302,904 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/10/28 05:32:48 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/02/16 16:40:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://jnet.jda.corp...es/Default.aspx
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://jnet.jda.corp...es/Default.aspx
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\j1009415\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\j1009415\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\j1009415\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\j1009415\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

O1 HOSTS File: ([2011/09/05 11:18:53 | 000,000,853 | --S- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111117103702.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Cisco WebEx Connect] C:\Program Files\WebEx\Connect\connect.exe (Cisco WebEx)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E059DAB-6894-435C-B758-2977F014D734} https://jda.tenroxho...TClientProc.CAB (TClientProc.ClientSettings)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340729929453 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340729908046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} https://na5.salesfor...AXMailMerge.cab (CMMHost Object)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} https://wrigley-ikst...Web/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.104.0.41 10.104.11.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jda.corp.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17C6A5DC-3D3C-456B-8F7B-0534ED0E4D63}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A5CCB1B-987B-4B98-9482-B8E77A1AF5C0}: DhcpNameServer = 10.104.0.41 10.104.11.11
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10.6\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (IWPDGINA.DLL) - C:\WINDOWS\System32\IWPDGINA.dll (Intel® Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/09 19:50:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aca86280-1a39-11e1-9207-00216a653530}\Shell - "" = AutoRun
O33 - MountPoints2\{aca86280-1a39-11e1-9207-00216a653530}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aca86280-1a39-11e1-9207-00216a653530}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aca86283-1a39-11e1-9207-00216a653530}\Shell - "" = AutoRun
O33 - MountPoints2\{aca86283-1a39-11e1-9207-00216a653530}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aca86283-1a39-11e1-9207-00216a653530}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 7 Days ==========

[2012/11/02 15:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.124
[2012/11/02 15:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.123
[2012/11/02 15:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.122
[2012/11/02 15:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.121
[2012/11/02 15:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.120
[2012/11/02 15:46:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\j1009415\Desktop\OTL.exe
[2012/11/02 15:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.119
[2012/11/02 15:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.118
[2012/11/02 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.117
[2012/11/02 15:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.116
[2012/11/02 15:41:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.115
[2012/11/02 15:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.114
[2012/11/02 15:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.113
[2012/11/02 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.112
[2012/11/02 15:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.111
[2012/11/02 15:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.110
[2012/11/02 15:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.109
[2012/11/02 15:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.108
[2012/11/02 15:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.107
[2012/11/02 15:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.106
[2012/11/02 15:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.105
[2012/11/02 15:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.104
[2012/11/02 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.103
[2012/11/02 15:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.102
[2012/11/02 15:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.101
[2012/11/02 15:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.100
[2012/11/02 15:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.99
[2012/11/02 15:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.98
[2012/11/02 15:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.97
[2012/11/02 15:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.96
[2012/11/02 15:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.95
[2012/11/02 15:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.94
[2012/11/02 15:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.93
[2012/11/02 15:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.92
[2012/11/02 15:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.91
[2012/11/02 15:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.90
[2012/11/02 15:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.89
[2012/11/02 15:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.88
[2012/11/02 15:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.87
[2012/11/02 15:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.86
[2012/11/02 15:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.85
[2012/11/02 15:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.84
[2012/11/02 15:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.83
[2012/11/02 15:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.82
[2012/11/02 15:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.81
[2012/11/02 15:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.80
[2012/11/02 15:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.79
[2012/11/02 15:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.78
[2012/11/02 15:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.77
[2012/11/02 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.76
[2012/11/02 15:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.75
[2012/11/02 15:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.74
[2012/11/02 15:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.73
[2012/11/02 15:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.72
[2012/11/02 15:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.71
[2012/11/02 15:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.70
[2012/11/02 14:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.69
[2012/11/02 14:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.68
[2012/11/02 14:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.67
[2012/11/02 14:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.66
[2012/11/02 14:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.65
[2012/11/02 14:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.64
[2012/11/02 14:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.63
[2012/11/02 14:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.62
[2012/11/02 14:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.61
[2012/11/02 14:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.60
[2012/11/02 14:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.59
[2012/11/02 14:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.58
[2012/11/02 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.57
[2012/11/02 14:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.56
[2012/11/02 14:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.55
[2012/11/02 14:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.54
[2012/11/02 14:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.53
[2012/11/02 14:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.52
[2012/11/02 14:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.51
[2012/11/02 14:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.50
[2012/11/02 14:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.49
[2012/11/02 14:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.48
[2012/11/02 14:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.47
[2012/11/02 14:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.46
[2012/11/02 14:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.45
[2012/11/02 14:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.44
[2012/11/02 14:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.43
[2012/11/02 14:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.42
[2012/11/02 14:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.41
[2012/11/02 14:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.40
[2012/11/02 14:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.39
[2012/11/02 14:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.38
[2012/11/02 14:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.37
[2012/11/02 14:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.36
[2012/11/02 14:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.35
[2012/11/02 14:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.34
[2012/11/02 14:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.33
[2012/11/02 14:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.32
[2012/11/02 14:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.31
[2012/11/02 14:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.30
[2012/11/02 14:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.29
[2012/11/02 14:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.28
[2012/11/02 14:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.27
[2012/11/02 14:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.26
[2012/11/02 13:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.25
[2012/11/02 13:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.24
[2012/11/02 13:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.23
[2012/11/02 13:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.22
[2012/11/02 13:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.21
[2012/11/02 13:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.20
[2012/11/02 13:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.19
[2012/11/02 13:51:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.18
[2012/11/02 13:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.17
[2012/11/02 13:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.16
[2012/11/02 13:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.15
[2012/11/02 13:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.14
[2012/11/02 13:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.13
[2012/11/02 13:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.12
[2012/11/02 13:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.11
[2012/11/02 13:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.10
[2012/11/02 13:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.9
[2012/11/02 13:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.8
[2012/11/02 13:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.7
[2012/11/02 13:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.6
[2012/11/02 13:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.5
[2012/11/02 13:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.4
[2012/11/02 13:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.3
[2012/11/02 13:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.2
[2012/11/02 13:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Desktop\recup_dir.1
[2012/11/02 12:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2012/11/02 12:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/11/02 10:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012/11/02 10:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia
[2012/11/02 10:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/01 23:19:28 | 000,000,000 | --SD | C] -- D:\My Documents\Google Drive
[2012/10/29 23:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution(2)
[2012/10/26 20:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j1009415\Application Data\vlc
[2012/04/03 16:10:44 | 008,466,720 | ---- | C] (Dell Inc.) -- C:\Documents and Settings\j1009415\Application Data\DRVR_WIN_R302424.EXE
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012/11/02 16:00:01 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\Cookies.job
[2012/11/02 15:46:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\j1009415\Desktop\OTL.exe
[2012/11/02 15:30:03 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\To-Do.job
[2012/11/02 15:28:32 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\j1009415\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/02 15:23:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/02 12:33:21 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2390A371-EF21-4B40-A180-714EFDBD3E5F}.job
[2012/11/02 11:25:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/02 10:58:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/02 10:57:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/02 10:57:12 | 000,056,286 | RHS- | M] () -- C:\Documents and Settings\j1009415\ntuser.pol
[2012/11/02 10:54:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/02 10:44:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/02 10:44:24 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 20:53:50 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Low Battery Alarm Program.job
[2012/10/31 17:45:51 | 000,001,774 | -H-- | M] () -- D:\My Documents\Default.rdp
[2012/10/26 20:22:08 | 022,657,136 | ---- | M] () -- D:\My Documents\vlc-2.0.2-win32.exe
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/02 10:44:24 | 3707,658,240 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/26 20:17:36 | 022,657,136 | ---- | C] () -- D:\My Documents\vlc-2.0.2-win32.exe
[2012/10/21 23:23:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KeyTools.INI
[2012/09/20 15:45:52 | 000,834,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-8915387-776344908-1874078741-91699-0.dat
[2012/09/20 15:45:41 | 000,278,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/18 00:11:39 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\uwin_setup.dll
[2012/07/26 15:23:55 | 000,003,671 | ---- | C] () -- C:\WINDOWS\Planning.ini
[2012/07/26 15:23:09 | 000,073,216 | -H-- | C] () -- C:\WINDOWS\System32\_tmpEPLicenseKeyProbeDLL.DLL
[2012/06/06 16:25:01 | 001,380,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/19 14:25:32 | 000,038,507 | ---- | C] () -- C:\Documents and Settings\j1009415\Application Data\Comma Separated Values (Windows).ADR
[2012/04/03 16:13:48 | 016,145,896 | ---- | C] () -- C:\Documents and Settings\j1009415\Application Data\VIDEO_DRVR_WIN_R212481.EXE
[2012/02/20 10:10:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/01 15:29:49 | 000,000,136 | ---- | C] () -- C:\WINDOWS\UNlock.dat
[2012/01/01 15:01:19 | 000,000,432 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2012/01/01 14:34:35 | 000,000,113 | ---- | C] () -- C:\WINDOWS\winEncrypt.INI
[2012/01/01 14:34:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\encryptpdf.dat
[2011/12/23 12:36:30 | 000,000,083 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2011/11/18 14:11:37 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\j1009415\Local Settings\Application Data\keyfile3.drm
[2011/10/22 15:16:02 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2011/10/02 22:44:05 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/10/02 22:44:05 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/10/02 22:43:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\j1009415\Application Data\$_hpcst$.hpc
[2011/09/29 11:48:51 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2011/09/27 16:17:09 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/09/16 11:54:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/08/29 15:51:38 | 000,000,296 | ---- | C] () -- C:\WINDOWS\pwc65.INI
[2011/08/24 12:02:59 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/08/23 21:03:12 | 000,488,448 | ---- | C] () -- C:\WINDOWS\System32\apdfprintmon.dll
[2011/06/02 16:31:20 | 000,002,848 | ---- | C] () -- C:\WINDOWS\System32\DWRCS.INI
[2011/05/29 00:12:05 | 000,000,122 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2011/05/26 21:57:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/25 13:53:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/11 23:24:30 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/04/11 23:24:29 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/04/11 23:24:14 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/04/11 23:24:14 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/04/11 23:24:14 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2011/04/11 23:24:13 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/03/24 16:27:18 | 000,118,560 | ---- | C] () -- C:\WINDOWS\System32\TCSSigner_InterfaceV2.dll
[2011/03/21 18:11:54 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/03/21 18:11:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/03/18 12:11:05 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\j1009415\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 10:35:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/17 17:35:27 | 000,056,286 | RHS- | C] () -- C:\Documents and Settings\j1009415\ntuser.pol
[2009/06/15 08:24:44 | 000,011,504 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2009/06/09 21:36:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/06/21 23:48:34 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 17:40:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/23 21:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2009/06/09 21:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/05/22 07:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/13 10:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2011/06/01 20:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2012/07/21 00:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/08/16 14:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/06/24 00:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/07/20 22:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2012/05/24 14:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/01/18 00:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/06/18 23:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paessler
[2011/04/13 12:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/03/06 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/05/24 22:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2011/05/24 22:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2012/05/25 13:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\salesforce.com
[2011/10/02 22:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/03/06 20:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/09/23 15:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/09 22:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/11/02 11:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebEx Connect
[2011/06/01 20:07:37 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{08439167-4CA5-48E9-A810-A3A7C0B80B06}
[2011/09/06 20:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/03/23 14:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\.salesforce.com
[2012/08/10 18:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Audacity
[2012/10/20 12:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/29 22:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\DoneEx
[2012/03/06 19:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\DriverCure
[2012/05/04 20:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Dropbox
[2012/06/26 22:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\ElevatedDiagnostics
[2012/10/18 17:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\EurekaLog
[2012/04/24 12:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\GetRightToGo
[2012/03/29 12:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Greenshot
[2012/07/20 23:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\JAM Software
[2012/07/04 18:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Juniper Networks
[2012/07/04 17:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\multilizer
[2012/01/18 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Nokia
[2012/01/18 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Nokia Suite
[2012/07/26 15:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Notepad++
[2011/04/14 16:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\PC Suite
[2012/03/06 10:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\PCDr
[2012/07/26 15:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Planning
[2012/10/15 23:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Quest Software
[2012/02/21 23:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Rivet
[2012/05/25 13:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\salesforce.com
[2011/10/02 22:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Samsung
[2012/02/09 10:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1
[2011/05/24 22:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Software
[2011/09/04 23:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Software Informer
[2012/03/06 19:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\SpeedyPC Software
[2011/11/09 23:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\TeamViewer
[2012/08/02 16:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\TeraCopy
[2012/10/17 23:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Two Pilots
[2012/10/31 10:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Webex
[2012/11/02 10:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\WebEx Connect
[2011/03/18 12:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Windows Desktop Search
[2011/03/18 12:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j1009415\Application Data\Windows Search

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB20789$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4806DE8

< End of report >

Attached Files


  • 0

#4
Essexboy
Posted 03 November 2012 - 07:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK run Combofix without disabling the AV, but do not allow your AV to quarantine or delete anything
Accept any combofix warnings.
  • 0

#5
sethg60
Posted 03 November 2012 - 08:34 AM

sethg60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,

I ran the combo fix and followed the instructions. However, when the combofix was still running, I got an BSOD. I did a hard shutdown. When the system restarted, there are now two options at the start 1). Microsoft Recovery Console 2)Microsoft XP. I chose the Microsoft XP and checked for the combofix.txt under C drive but found none.

I did not re-run the combofix since the reply mentioned by you did not ask to do so.

Now my concern is can I delete the Microsoft Recovery Console from the start options? If yes then how.

Also the icons that are missing from my desktop are mainly files and not the shortcut. I don't know whether this helps.

Is there still a possibility that the lost files can be recovered?

Regards
Gag
  • 0

#6
Essexboy
Posted 03 November 2012 - 08:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download and then run Unhide.exe from here let me know if that restores the files/icons

You have a rootkit and it is fighting back
This time could you run combofix from safe mode

We will hide the recovery console on completion as it is a handy thiing to have
  • 0

#7
sethg60
Posted 03 November 2012 - 08:58 AM

sethg60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,
I had run the unhide.exe earlier, but it did not offer any help i.e. the files were not recovered. Do you recommend to rerun the same again or should I go for running combifix.exe from safe mode.

Also would appreciate if you can guide on how to remove Microsoft Recovery Console.

Regards
Gag
  • 0

#8
Essexboy
Posted 03 November 2012 - 09:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We will remove the recovery console on completion of the combofix run, as that is required to run it. So run combofix now

Are they all files that are missing ?

Recovery console removal
  • 0

#9
sethg60
Posted 03 November 2012 - 09:18 AM

sethg60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
yes the missing items are all the files only that were on the desktop...Added to it my ignorance, I reran the system restore and couple of other recovery software in a desparate attempt. So kinda unsure that whether the lost files can be still recovered?
  • 0

#10
Essexboy
Posted 03 November 2012 - 09:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you checked in the recycle bin ? Also if they were word documents there may be backups
  • 0

Advertisements

#11
sethg60
Posted 03 November 2012 - 09:32 AM

sethg60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
yes the first place where i looked for was recycle bin. But nothing there either. The missing files were mainly .txt,.xls, .xlsx,.nbrx,.jpg,.xlsm

The files were located on the desktop...

I think I will call it a day here i.e. i give up any hopes of recovery now.

Just please let me know do i still need to run the combofix in safe mode just in case to avoid any such future occureneces. Suprisingly the files missing are from only on the desktop and now where else.


Again thanks for your time to help me out...i think i am out of luck and my ignorance on the issue was adding fuel to fire ;)
  • 0

#12
Essexboy
Posted 03 November 2012 - 10:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes Combofix needs to be run to kill the rootkit
  • 0

#13
sethg60
Posted 03 November 2012 - 12:03 PM

sethg60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I ran the combofix in safe mode. It ran for sometime and then system rebooted in normal mode automatically as required by combofix. The system started in normal mode with combofix console starting automatically to resolve the issue. I left the system un attendted and came back after two hours so to find that system restarted again and waiting my credentials to be inputted. I checked for the log for combofix but could not find one on C: drive. Please advise.
Also how do i know that system did not ran into a BSOD and combo fix ran successfully.
  • 0

#14
Essexboy
Posted 03 November 2012 - 12:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The easiest way is for me to check using a fresh OTL scan to see if the bad one has been removed

So could you run a fresh OTL scan please and ensure all users is checked
  • 0

#15
sethg60
Posted 03 November 2012 - 12:39 PM

sethg60

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Attached are the logs for fresh OTL run for all users with default settings

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP