Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus/Trojan sending emails from my Laptop. [Solved]


  • This topic is locked This topic is locked

#1
tarekahf

tarekahf

    Member

  • Member
  • PipPip
  • 10 posts
Dear All,

Last week, a virus/trojan attack my machine and it is using it as a SPAM Engine.

See attached image below to see the result of Failed Outgoing Email Messages..

Here are more details:

1. The virus/trojan start sending emails as soon as I connect to Internet.

2. If I connect to Work Internet (DOMAIN Network), it will not send emails.

3. It will send about several hundred emails per day, and it will rest for some time, then it will start sending emails again.

4. I wil start geting popup boxes from Norton AntiVirus Process "ccApp.exe" reporting failed outgoing email due to spam and other reasons. When I kill the process "ccApp.exe" the popup boxes will stop, but the SPAM Program will continue to send emails.

5. My machine will become very slow when the SPAM program is sending emails.

6. I tried several Anti Spam/Anti Trojan program, but no success.

Screen Shot: http://bit.ly/cnq1Ik

============== The Requested Logs ============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-07 16:55:49
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\220785\LOCALS~1\Temp\ffdirpod.sys


---- System - GMER 1.0.15 ----

SSDT 8A94BDD0 ZwAlertResumeThread
SSDT 8AA97598 ZwAlertThread
SSDT 8A8F2DB0 ZwAllocateVirtualMemory
SSDT 8A847260 ZwConnectPort
SSDT 8A91AEB0 ZwCreateMutant
SSDT 8A95C850 ZwCreateThread
SSDT 8AAEBF88 ZwFreeVirtualMemory
SSDT 8A9688E8 ZwImpersonateAnonymousToken
SSDT 8AAAC3D0 ZwImpersonateThread
SSDT 8A92EEC8 ZwMapViewOfSection
SSDT 8A92EC28 ZwOpenEvent
SSDT 8AAF30B8 ZwOpenProcessToken
SSDT 8A910830 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBAADD880] <-- ROOTKIT !!!
SSDT 8AACCA98 ZwResumeThread
SSDT 8AAF0248 ZwSetContextThread
SSDT 8A835178 ZwSetInformationProcess
SSDT 8A83AEA8 ZwSetInformationThread
SSDT 8A90A968 ZwSuspendProcess
SSDT 8AAC5B40 ZwSuspendThread
SSDT 8AACCB70 ZwTerminateProcess
SSDT 8AAD7C68 ZwTerminateThread
SSDT 8AAF0210 ZwUnmapViewOfSection
SSDT 8A8FB4F8 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

Device Ntfs.SYS (NT File System Driver/Microsoft Corporation)
Device 8AAF5448
Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] dewae <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016415b5a46 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016415bc212 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016415bc223 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016415b5a46
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016415bc212
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016415bc223
Reg HKLM\SYSTEM\CurrentControlSet\Services\dewae@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\dewae@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\dewae@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\dewae@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0016415b5a46 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0016415bc212 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0016415bc223 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\dewae@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\dewae@Start 0
Reg HKLM\SYSTEM\ControlSet004\Services\dewae@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\dewae@Group Boot Bus Extender
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Premium\
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Premium\@Order 0x08 0x00 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----


OTL Extras logfile created on: 07/02/2010 05:23:46 pm - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\My Data\220785 Data\Anti Virus and Spam Issues
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000401 | Country: Saudi Arabia | Language: ARA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 1.40 Gb Free Space | 5.00% Space Free | Partition Type: FAT32
Drive D: | 27.95 Gb Total Space | 7.45 Gb Free Space | 26.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 0841-220785NB
Current User Name: 220785
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "d:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- d:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"4672:UDP" = 4672:UDP:*:Enabled:UDP
"4662:TCP" = 4662:TCP:*:Enabled:TCP
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE" = C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- File not found
"C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\ENGINE.EXE" = C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\ENGINE.EXE:*:Enabled:Text processing -- File not found
"C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\tmengine.exe" = C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\tmengine.exe:*:Enabled:TM Engine -- File not found
"C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\lexAPI.exe" = C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\lexAPI.exe:*:Enabled:LEXAPI server -- File not found
"C:\Program Files\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe" = C:\Program Files\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe:*:Enabled:T1 Standalone -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" = C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Disabled:Microsoft Office Word -- File not found
"C:\Program Files\eMule.de 0.46c v17\emule.exe" = C:\Program Files\eMule.de 0.46c v17\emule.exe:*:Enabled:eMule.de 0.46c -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"D:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe" = D:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- File not found
"D:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe" = D:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- File not found
"D:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe" = D:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- File not found
"D:\Program Files\Juniper\NetScreen-Remote\vpn.exe" = D:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- File not found
"D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\hp\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\hp\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Documents and Settings\220785\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\220785\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe" = C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0 -- (UltiDev LLC)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\hp\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\hp\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26119A24-8F74-4F62-A278-AB3984B12C04}" = Microsoft Web Platform Installer 2.0 RC
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3BDB182E-8371-46BD-AC39-C14A91D5EEF8}" = Microsoft SQL Server 2005 Reporting Services
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{40247AAC-AB0D-449C-882F-90401C3351E8}" = UltiDev Cassini Web Server Explorer
"{42347B75-9660-2DA4-63FD-D35E344E1036}" = Nero 7 Premium
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B7F21B-789E-42C0-8746-FD829A543F56}" = Sphairon modem driver
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{675B3ECA-1C5E-4885-BE75-742A8FED7510}" = Application Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{705D8A9E-87F3-4E18-89C6-FAAF9444CD1F}" = Windows Workflow Foundation Human Workflow Sample
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{740D370D-E2B0-4FF2-91EC-A57DF48FC3DA}" = VistaDB Express
"{7482779A-D19E-48DA-9CAC-8DB51F949864}" = Lotus Notes 8.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D5DC3FD-9971-4431-86F7-1C54B0C9DEB4}" = Prayer Times 2007
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0401-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Arabic) 12
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0401-0000-0000000FF1CE}" = Microsoft Office Access MUI (Arabic) 2007
"{90120000-0015-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
"{90120000-0016-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0017-0401-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Arabic) 2007
"{90120000-0017-0401-0000-0000000FF1CE}_OMUI.ar-sa_{14635BAD-0CD2-4FD4-AC29-66AA72E0ABF9}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
"{90120000-0018-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0401-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Arabic) 2007
"{90120000-0019-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Arabic) 2007
"{90120000-001A-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
"{90120000-001B-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.ar-sa_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.ar-sa_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.ar-sa_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0401-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Arabic) 2007
"{90120000-0044-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}_OMUI.ar-sa_{2BF4A888-AB1A-4569-A7A3-B38F9C7CF7BF}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0401-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Arabic) 2007
"{90120000-00A1-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}_OMUI.ar-sa_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0100-0401-0000-0000000FF1CE}" = Microsoft Office O MUI (Arabic) 2007
"{90120000-0100-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0101-0401-0000-0000000FF1CE}" = Microsoft Office X MUI (Arabic) 2007
"{90120000-0101-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0401-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
"{90120000-0114-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{982DB00A-9C4E-436B-8707-18E113BAA44C}" = Microsoft SQL Server 2005 Analysis Services
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0 RC2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5676-5A64-800000000003}" = Adobe Reader Extended Language Support Font Pack
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F}" = Wave Infrastructure Installer
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1DBECBB-6A81-483C-9D27-D9F121D12EBC}" = Web Deployment Tool Release Candidate 1
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1183FA8-AA29-4C82-B998-9593D7AF42FE}" = NTRU Hybrid TSS v2.0.7
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4020201-7769-4C53-8365-426CD0C0EF63}" = Coolite Toolkit Community v0.8.1
"{D890B413-DB39-4B43-BE62-D0FDCB6FB96A}" = Dell™ Client Configuration Utility
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDF6E319-BCD9-4FE3-9D69-26B2F47BEF7C}" = Microsoft SQL Server 2005 Samples
"{E05CE6CE-F3FD-46FB-9C2D-568D0A91A24A}" = Basic Design Template
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E136BB09-1BB2-49A0-9FF3-5C25564D3819}" = FastCGI x86
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F5ADAB30-86CE-4FE1-AB93-E4CFE73AABFE}" = Adobe LiveCycle Designer ES
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C8DAED-8CC7-43FD-9DA4-1F629B873A17}" = UltiDev Cassini Web Server for ASP.NET 2.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HTML Help Workshop" = HTML Help Workshop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OMUI.ar-sa" = Microsoft Office Language Pack 2007 - Arabic العربية
"ProInst" = Intel® PROSet/Wireless Software
"Shop for HP Supplies" = Shop for HP Supplies
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"VistaDB Express" = VistaDB Express
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile Resources
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter" = Xilisoft Video Converter
"XP PRO IIS Admin_is1" = XP PRO IIS Admin Build 1.8.1
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/02/2010 09:25:44 am | Computer Name = 0841-220785NB | Source = ESENT | ID = 455
Description = wuaueng.dll (220) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 07/02/2010 10:12:08 am | Computer Name = 0841-220785NB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 07/02/2010 10:12:24 am | Computer Name = 0841-220785NB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 07/02/2010 10:13:02 am | Computer Name = 0841-220785NB | Source = MSSQL$SQLEXPRESS | ID = 17190
Description = FallBack certificate initialization failed with error code: 1.

Error - 07/02/2010 10:13:15 am | Computer Name = 0841-220785NB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 07/02/2010 10:14:04 am | Computer Name = 0841-220785NB | Source = MSSQLSERVER | ID = 17207
Description = FCB::Open: Operating system error 32(error not found) occurred while
creating or opening file 'd:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\AdventureWorksDW_Data.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 07/02/2010 10:14:04 am | Computer Name = 0841-220785NB | Source = MSSQLSERVER | ID = 17204
Description = FCB::Open failed: Could not open file d:\Program Files\Microsoft SQL
Server\MSSQL.2\MSSQL\Data\AdventureWorksDW_Data.mdf for file number 1. OS error:
32(error not found).

Error - 07/02/2010 10:14:05 am | Computer Name = 0841-220785NB | Source = MSSQLSERVER | ID = 17207
Description = FCB::Open: Operating system error 32(error not found) occurred while
creating or opening file 'D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\DATA\Umbraco403.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 07/02/2010 10:14:05 am | Computer Name = 0841-220785NB | Source = MSSQLSERVER | ID = 17204
Description = FCB::Open failed: Could not open file D:\Program Files\Microsoft SQL
Server\MSSQL.2\MSSQL\DATA\Umbraco403.mdf for file number 1. OS error: 32(error
not found).

Error - 07/02/2010 10:14:42 am | Computer Name = 0841-220785NB | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

[ System Events ]
Error - 07/02/2010 09:08:00 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 07/02/2010 09:10:42 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 07/02/2010 09:13:35 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 07/02/2010 09:18:21 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 07/02/2010 09:20:23 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 07/02/2010 09:22:23 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.

Error - 07/02/2010 10:12:08 am | Computer Name = 0841-220785NB | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain IDBHQ due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 07/02/2010 10:12:33 am | Computer Name = 0841-220785NB | Source = Print | ID = 23
Description = Printer Sametime Print Capture failed to initialize because a suitable
Sametime Print Capture driver could not be found.


< End of report >


OTL logfile created on: 07/02/2010 05:23:46 pm - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\My Data\220785 Data\Anti Virus and Spam Issues
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000401 | Country: Saudi Arabia | Language: ARA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 1.40 Gb Free Space | 5.00% Space Free | Partition Type: FAT32
Drive D: | 27.95 Gb Total Space | 7.45 Gb Free Space | 26.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 0841-220785NB
Current User Name: 220785
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/07 16:53:06 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\My Data\220785 Data\Anti Virus and Spam Issues\OTL.exe
PRC - [2009/10/27 13:21:28 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/10/11 04:17:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/18 01:55:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/09/18 01:55:38 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/09/18 01:55:36 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/18 01:55:36 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/18 01:55:36 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/09/18 01:55:36 | 000,644,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
PRC - [2009/05/21 22:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/21 21:54:18 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/08 15:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/12/06 08:36:56 | 000,031,624 | ---- | M] (IBM Corp) -- D:\Program Files\IBM\Lotus\Notes\nslsvice.exe
PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- D:\Program Files\IBM\Lotus\Notes\nsd.exe
PRC - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
PRC - [2007/08/24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/06/13 13:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/03/03 23:12:54 | 014,560,624 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
PRC - [2007/03/03 23:12:02 | 000,202,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
PRC - [2007/03/03 23:09:40 | 000,017,264 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
PRC - [2007/02/08 00:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/25 17:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe
PRC - [2005/12/19 09:08:30 | 001,347,584 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2005/12/19 09:08:30 | 000,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2005/12/19 09:08:26 | 001,200,128 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2005/12/13 17:45:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/12/13 17:41:00 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/11/23 11:45:10 | 000,159,744 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2005/11/16 15:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/28 16:26:40 | 000,118,784 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\BACS\BacsTray.exe
PRC - [2005/10/14 13:51:12 | 000,239,320 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005/10/14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005/10/14 03:51:20 | 000,318,680 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/08/26 16:00:26 | 000,092,880 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/03/15 12:12:14 | 000,287,232 | ---- | M] (PJ Technologies, Inc.) -- C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
PRC - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2003/08/27 14:20:00 | 000,094,208 | R--- | M] (Cypress Semiconductor) -- C:\WINDOWS\SM1bg.exe


========== Modules (SafeList) ==========

MOD - [2010/02/07 16:53:06 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\My Data\220785 Data\Anti Virus and Spam Issues\OTL.exe
MOD - [2006/08/25 18:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
SRV - [2009/10/27 13:21:28 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/10/11 04:17:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/18 01:55:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/09/18 01:55:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/09/18 01:55:36 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/18 01:55:36 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/18 01:55:36 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:16 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/05/21 22:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/04/08 18:10:50 | 000,042,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- D:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 08:36:56 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- D:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- D:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/12/03 20:05:42 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 20:05:32 | 000,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/09/26 03:51:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/10/15 13:06:36 | 000,303,104 | ---- | M] (Motive Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2007/08/24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/03/03 23:12:54 | 014,560,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService) SQL Server Analysis Services (MSSQLSERVER)
SRV - [2007/03/03 23:12:02 | 000,202,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer)
SRV - [2007/03/03 23:09:40 | 000,017,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer) SQL Server Reporting Services (MSSQLSERVER)
SRV - [2007/02/08 00:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- d:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/25 17:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2005/12/19 09:08:30 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2005/11/30 13:33:04 | 000,180,224 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2005/11/23 11:45:10 | 000,159,744 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 13:51:12 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 13:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/10/14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/10/14 03:51:20 | 000,318,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2005/08/26 16:00:26 | 000,092,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2005/08/08 13:54:00 | 000,167,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005/03/15 12:12:14 | 000,287,232 | ---- | M] (PJ Technologies, Inc.) [Auto | Running] -- C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE -- (GOVsrv)
SRV - [2004/09/30 20:49:36 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabic.arabia.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ar-sa
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 7C 5C AF E0 9A CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = idbsmp*;idbsrv8;idbportal*;idbapps*;idbnet*;10*;f1n1*;otf;webcast;172*;idbdev.oraacpt;idbdev;*.rservices.com;iciec*;idbs
rv6*;idbhf*;portal*;www.isdb.org;sync1.isdb.org;webmail.isdb.org;*.idbhq.org;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = idb-proxy:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/24 02:02:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/07 08:30:14 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DWABrowserHlprObj Class) - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (IBM Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: D:\My Data\220785 Data\Downloads\ColorPix.exe ()
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] d:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SDFix] D:\My Data\220785 Data\Downloads\SDFix\SDFix\RunThis.bat ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1bg.exe (Cypress Semiconductor)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - d:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - d:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O15 - HKLM\..Trusted Domains: idbhq.org ([oracelsrv2] http in Trusted sites)
O15 - HKLM\..Trusted Domains: idbnet ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: isdb.org ([webmail] http in Trusted sites)
O15 - HKLM\..Trusted Domains: otf ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: rservices.com ([reuterstrader.session] http in Trusted sites)
O15 - HKLM\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range2 ([https] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range3 ([http] in Trusted sites)
O15 - HKCU\..Trusted Domains: idbhq.org ([oracelsrv2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: idbnet ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: isdb.org ([webmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: otf ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rservices.com ([reuterstrader.session] http in Trusted sites)
O15 - HKCU\..Trusted Domains: umbraco403 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range3 ([http] in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1263941747843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1263941634765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.isdb.org...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.30 10.1.1.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = idbhq.org
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINDOWS\System32\CSGina.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/22 03:45:42 | 000,000,130 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/06/18 10:58:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/07 14:36:11 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\Anti Virus and Spam Issues
[2010/02/07 14:24:30 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/02/07 00:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/06 23:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2010/02/06 15:37:34 | 000,149,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2010/02/06 15:37:15 | 000,092,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/02/06 01:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/06 01:20:07 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\ComboFix
[2010/02/06 01:10:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/06 01:06:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/06 01:06:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/06 01:06:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/06 01:06:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/06 01:06:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/06 01:03:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/05 02:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\Malwarebytes
[2010/02/05 02:50:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/05 02:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/05 02:50:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/04 01:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/02/04 01:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\Wave Systems Corp
[2010/02/04 00:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\HpUpdate
[2010/02/04 00:49:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/02/02 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Wave Systems Corp
[2010/02/02 12:15:16 | 000,625,032 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2010/02/02 12:15:16 | 000,242,056 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2010/02/02 12:06:21 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/02 12:06:21 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/02 12:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/01 19:54:40 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\Tamer School
[2010/02/01 19:53:28 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\My Scans
[2010/02/01 19:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Local Settings\Application Data\HP
[2010/01/31 12:54:33 | 000,000,000 | --SD | C] -- D:\My Data\220785 Data\My Shapes
[2010/01/31 08:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/01/31 08:47:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/01/30 15:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\domino
[2010/01/30 11:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Wave Systems Corp
[2010/01/30 08:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Desktop\Users-Grp_32-bit
[2010/01/28 14:53:58 | 000,398,632 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2009/09/11 09:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2008/12/02 18:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2007/11/07 12:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/11/07 12:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/07/02 08:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/07/02 08:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/07/02 08:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/12/11 23:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006/12/11 23:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/11/28 11:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2006/06/19 10:19:35 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2006/06/18 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Lotus
[2006/06/18 11:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/06/18 11:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/06/18 11:07:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/06/18 11:07:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/07 17:27:32 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\dewae.sys
[2010/02/07 17:25:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EA450A77-A4E1-406C-9F58-1E7E03CDDD81}.job
[2010/02/07 17:15:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 17:12:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 17:11:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/07 17:11:16 | 2674,057,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 14:58:48 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\220785\NTUSER.DAT
[2010/02/07 14:58:26 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/02/07 14:58:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\220785\ntuser.ini
[2010/02/07 14:58:04 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/07 14:54:26 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\NTREGOPT.lnk
[2010/02/07 14:54:26 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\ERUNT.lnk
[2010/02/07 02:00:26 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/07 02:00:26 | 000,000,308 | RHS- | M] () -- C:\boot.ini
[2010/02/07 02:00:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/07 01:55:16 | 000,002,910 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/02/07 01:55:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/06 15:37:00 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/06 15:37:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/06 15:37:00 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/06 15:37:00 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/06 01:32:08 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\Spybot - Search & Destroy.lnk
[2010/02/05 23:58:14 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2010/02/05 10:38:22 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2010/02/04 01:18:02 | 000,213,228 | ---- | M] () -- C:\WINDOWS\hpoins43.dat
[2010/02/04 00:06:50 | 001,663,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/02 12:15:16 | 000,625,032 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2010/02/02 12:15:16 | 000,242,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2010/02/02 11:18:40 | 000,005,882 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/02/02 08:57:56 | 000,003,976 | RHS- | M] () -- C:\Documents and Settings\220785\ntuser.pol
[2010/02/02 00:09:12 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/02/01 23:01:49 | 000,018,042 | ---- | M] () -- D:\My Data\220785 Data\rule the world.docx
[2010/02/01 22:56:06 | 000,018,042 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\rule the world.docx
[2010/01/31 12:52:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/30 15:08:42 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2010/01/30 15:04:38 | 000,000,995 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/01/30 14:58:30 | 000,036,995 | ---- | M] () -- C:\Documents and Settings\220785\install.xml
[2010/01/30 14:38:36 | 000,824,678 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/30 14:38:36 | 000,655,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/30 14:38:36 | 000,151,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/30 14:11:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 12:00:54 | 000,000,037 | ---- | M] () -- C:\WINDOWS\notes.ini
[2010/01/30 11:19:24 | 000,011,684 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/29 21:46:36 | 000,037,376 | ---- | M] () -- D:\My Data\220785 Data\Necklus - Reem Math.xls

========== Files Created - No Company Name ==========

[2010/02/07 14:54:25 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\NTREGOPT.lnk
[2010/02/07 14:54:25 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\ERUNT.lnk
[2010/02/07 08:33:25 | 2674,057,216 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 08:59:35 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/02/06 01:32:06 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\Spybot - Search & Destroy.lnk
[2010/02/06 01:10:50 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2010/02/06 01:10:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/06 01:06:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/06 01:06:35 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/06 01:06:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/06 01:06:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/06 01:06:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/05 23:58:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2010/02/05 02:50:59 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 00:19:24 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat.temp
[2010/02/02 12:06:21 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/02 12:06:21 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/02 09:18:55 | 000,005,882 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/02/01 23:01:48 | 000,018,042 | ---- | C] () -- D:\My Data\220785 Data\rule the world.docx
[2010/02/01 22:56:08 | 000,018,042 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\rule the world.docx
[2010/01/30 14:58:27 | 000,036,995 | ---- | C] () -- C:\Documents and Settings\220785\install.xml
[2010/01/30 12:38:17 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2010/01/30 12:00:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\notes.ini
[2010/01/29 21:44:38 | 000,037,376 | ---- | C] () -- D:\My Data\220785 Data\Necklus - Reem Math.xls
[2010/01/24 01:27:56 | 000,002,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/22 04:17:43 | 000,002,910 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/16 22:57:36 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\dewae.sys
[2009/10/14 13:44:11 | 000,000,770 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/10/14 13:14:40 | 000,000,057 | ---- | C] () -- C:\WINDOWS\ASC.ini
[2009/08/28 14:55:55 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/08/28 14:55:50 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/08/28 14:52:01 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/08/28 14:49:19 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/08/28 14:48:32 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/08/28 14:44:57 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/08/27 06:15:22 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/27 04:34:46 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCUSTOM.DLL
[2009/07/31 21:49:45 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MagicPlayDVD.ini
[2009/07/15 16:34:33 | 000,000,159 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/10 14:38:46 | 000,000,302 | ---- | C] () -- C:\WINDOWS\ConfigCenter.INI
[2009/07/02 02:22:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\220785\Application Data\$_hpcst$.hpc
[2009/03/28 01:22:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\220785\Local Settings\Application Data\fusioncache.dat
[2008/12/06 13:22:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\pfxlib3.dll
[2008/12/06 13:22:16 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\isamdll.dll
[2008/12/06 13:22:14 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wrap32.dll
[2008/12/02 18:15:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/10/06 13:14:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/30 16:25:22 | 000,000,184 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/08/30 15:44:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BARBIE.INI
[2008/08/30 15:36:21 | 000,000,407 | ---- | C] () -- C:\WINDOWS\HairStyl.ini
[2008/05/11 12:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/09 15:41:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\220785\Local Settings\Application Data\imageCache7.db
[2007/11/28 13:12:10 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\220785\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/23 12:44:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/24 11:47:08 | 000,000,048 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2007/03/10 19:48:05 | 000,003,379 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/08 20:15:47 | 000,000,016 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2007/02/08 20:10:49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/01/18 11:23:24 | 000,000,299 | ---- | C] () -- C:\WINDOWS\sap_old_sapdoccd.ini
[2007/01/16 18:55:03 | 000,000,303 | ---- | C] () -- C:\WINDOWS\oldsapdoccd.ini
[2007/01/06 12:50:05 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006/12/09 23:15:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\sapgrph.ini
[2006/12/04 23:17:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/04 12:35:22 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2006/11/28 18:05:40 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2006/06/20 13:46:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\GovAppLog.dll
[2006/06/18 12:46:07 | 000,001,158 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/18 12:29:34 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/06/18 12:06:48 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/18 12:06:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/18 11:54:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/18 11:54:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/03/25 17:19:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/03/24 15:19:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/03/24 15:14:34 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/03/24 15:14:28 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/03/24 15:14:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/03/24 15:14:18 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/03/24 15:14:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/03/24 15:14:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/03/24 15:14:02 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/03/24 15:13:58 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/03/24 15:13:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/03/24 15:13:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/03/20 12:35:06 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2005/11/30 13:33:06 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2005/09/20 13:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/02/28 23:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 14:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/14 14:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2006/06/18 11:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2006/06/18 12:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2006/06/19 10:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/12/14 20:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/02/11 10:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/05/17 11:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/11/11 23:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/12/04 02:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/03/28 01:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UltiDev
[2009/03/28 02:27:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{18A5344A-6C23-4426-87EF-647E010A2997}
[2009/07/16 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Setup Pro
[2009/07/18 15:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/03 16:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/19 12:04:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2007/11/28 12:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\FUJIFILM
[2008/11/11 23:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\Juniper Networks
[2009/04/20 15:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\IBM
[2009/07/16 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\X-Setup Pro
[2010/01/19 17:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\Windows Live Writer
[2010/01/30 15:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\domino
[2010/02/04 01:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\Wave Systems Corp
[2010/02/07 17:25:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EA450A77-A4E1-406C-9F58-1E7E03CDDD81}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 03:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 03:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\netlogon.dll
[2009/02/06 21:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 21:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 21:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\scecli.dll
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 03:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/09/18 01:55:40 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/09/18 01:55:40 | 000,087,368 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009/09/18 01:55:40 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/02/07 17:33:26 | 000,791,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\dewae.sys
[2009/09/18 01:55:40 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys
[2009/09/18 01:55:38 | 000,050,064 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Teefer2.sys
[2009/09/18 01:55:38 | 000,092,488 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SysPlant.sys
[2009/04/20 22:12:14 | 000,149,768 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wpshelper.sys

[color="#A23BEC"]< %systemroot%\System32\config\*.sav >

[2006/06/18 11:06:16 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2006/06/18 11:06:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/18 11:06:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
< End of report >
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
why did you run combofix

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the Avenger folder to your desktop
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Drivers to delete:
dewae

Files to delete:
C:\WINDOWS\System32\drivers\dewae.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
  • 0

#3
tarekahf

tarekahf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Rorschach112,

Many thanks for the great help !

I followed your steps, and until this point in time, no popup boxes from ccApp.exe process :)

Please note that after complete restart, Norton AntiVirus detected the backup file made by Avenger inside the ZIP file and it was deleted !

Here is a copy of the CSV Entry from Norton Threat Log:

dewae.sys,Hacktool.Rootkit,Pending Analysis,File,C:\Avenger\,0841-220785NB,220785,Infected,C:\Avenger\,Clean security risk,Delete,Auto-Protect scan, ,08/02/2010 01:12:45

See below the log file created by Avenger.

I will test the results for a few days and report back.

May I ask How this Trojan was infected in my PC ?

How I can prevent future infections ?

Many thanks for the great help !

I will report this to the people in charge at my work. But, I can say that Symantec Endpoint Protection version 11 is just a Piece of Junk.

Tarek.

==================

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "dewae" deleted successfully.
File "C:\WINDOWS\System32\drivers\dewae.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix\ComboFix.txt log in your next reply.
  • 0

#5
tarekahf

tarekahf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Pls find below the log of ComboFix.

I downloaded and ran ComboFix before I arrived here. Is this Ok ? Now, I am repeating the same process to download and run ComboFix, OK ?

Note: I also downloaded and run SDFix before I arrived here ! The problem now ever time my PC starts, the batch program of SDFix "RunThis.bat" will be executed.

How I can remove or uninstall SDFFix ? How I can stop "RunThis.bat" ?

I appreciate it if you could let me know how to prevent future infection from this Trojan/Virus ? and how it was infected in my Laptop ?

Is my Laptop clean now ?

Many thanks again.

Tarek.

=========

ComboFix 10-02-07.06 - 220785 02/08/2010 2:01.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.2550.1673 [GMT 3:00]
Running from: c:\documents and settings\220785\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\hlusyf.dat
c:\windows\TEMP\4wudskcv.dll
c:\windows\Temp\8bt4br3r.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-06 23:19 . 2009-08-06 16:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-06 21:14 . 2010-02-06 21:14 -------- d-----w- c:\windows\ERUNT
2010-02-06 20:39 . 2010-02-06 20:39 -------- d-----w- c:\program files\HTML Help Workshop
2010-02-06 12:37 . 2009-04-20 19:12 149768 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-02-06 12:37 . 2009-09-17 22:55 92488 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-02-05 22:31 . 2010-02-05 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-04 23:51 . 2010-02-04 23:51 -------- d-----w- c:\documents and settings\220785\Application Data\Malwarebytes
2010-02-04 23:50 . 2010-01-07 13:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 23:50 . 2010-02-04 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 23:50 . 2010-01-07 13:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 22:11 . 2010-02-03 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-02-03 22:00 . 2010-02-03 22:00 -------- d-----w- c:\documents and settings\220785\Application Data\Wave Systems Corp
2010-02-03 21:49 . 2010-02-03 21:49 -------- d-----w- c:\documents and settings\220785\Application Data\HpUpdate
2010-02-03 21:49 . 2010-02-03 21:49 -------- d-----w- c:\windows\Hewlett-Packard
2010-02-02 09:21 . 2010-02-02 09:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Wave Systems Corp
2010-02-02 09:15 . 2010-02-02 09:15 625032 ----a-w- c:\windows\system32\SymNeti.dll
2010-02-02 09:15 . 2010-02-02 09:15 242056 ----a-w- c:\windows\system32\SymRedir.dll
2010-02-02 09:06 . 2010-02-06 12:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-02 09:06 . 2010-02-06 12:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-02 09:05 . 2010-02-02 09:05 -------- d-----w- c:\program files\Symantec
2010-02-01 16:47 . 2010-02-01 16:47 -------- d-----w- c:\documents and settings\220785\Local Settings\Application Data\HP
2010-01-31 05:53 . 2010-01-31 05:53 -------- d-----w- c:\program files\Microsoft Works
2010-01-31 05:47 . 2010-01-31 05:47 -------- d-----w- c:\windows\SHELLNEW
2010-01-30 12:05 . 2010-01-30 12:06 -------- d-----w- c:\documents and settings\220785\Application Data\domino
2010-01-30 10:47 . 2010-01-30 10:48 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-01-30 09:19 . 2006-10-26 16:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-30 09:19 . 2006-10-26 16:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-30 09:10 . 2010-01-30 09:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Help
2010-01-30 08:56 . 2010-01-30 08:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Wave Systems Corp
2010-01-30 08:27 . 2010-01-30 08:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wave Systems Corp
2010-01-30 07:50 . 2009-10-20 14:58 263552 ------w- c:\windows\system32\dllcache\http.sys
2010-01-28 13:52 . 2010-01-28 13:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-28 11:53 . 2009-10-27 10:21 398632 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2010-01-28 11:36 . 2010-01-28 11:36 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-28 11:36 . 2010-01-28 11:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-01-24 12:22 . 2010-01-24 12:22 -------- d-----w- c:\documents and settings\nhf\Application Data\HPAppData
2010-01-23 23:36 . 2010-01-23 23:36 -------- d-----w- c:\documents and settings\220785\Application Data\HP
2010-01-23 23:29 . 2001-08-17 10:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-01-23 23:29 . 2001-08-17 10:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-01-23 23:27 . 2010-01-23 23:27 -------- d-----w- c:\documents and settings\220785\Application Data\HPAppData
2010-01-23 23:25 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-23 23:25 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-23 23:24 . 2009-04-16 11:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-01-23 23:24 . 2009-04-16 11:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-01-23 23:24 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-01-23 23:23 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-01-23 23:21 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-01-23 23:21 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-01-23 23:21 . 2009-02-10 20:03 966656 ----a-r- c:\windows\system32\hpost_p02c.dll
2010-01-23 23:21 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_p02c.dll
2010-01-23 23:21 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_p02a.dll
2010-01-23 22:57 . 2010-01-23 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-23 22:52 . 2010-01-23 22:52 -------- d-----w- c:\program files\Common Files\HP
2010-01-23 22:51 . 2010-01-23 22:51 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-23 22:50 . 2010-01-23 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-23 22:37 . 2010-01-23 22:37 -------- d-----w- c:\program files\HP
2010-01-23 22:35 . 2010-02-03 22:18 213228 ----a-w- c:\windows\hpoins43.dat
2010-01-23 22:35 . 2009-06-11 10:34 675 ------w- c:\windows\hpomdl43.dat
2010-01-22 02:16 . 2010-01-22 02:16 -------- d--h--w- c:\windows\ie8
2010-01-22 00:34 . 2010-01-22 00:34 -------- d-----w- c:\documents and settings\220785\Local Settings\Application Data\ICS
2010-01-19 20:39 . 2010-01-19 20:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-19 20:32 . 2010-01-19 20:32 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-01-19 16:09 . 2010-01-19 16:09 -------- d-----w- c:\program files\Enigma Software Group
2010-01-19 14:25 . 2010-01-19 14:25 -------- d-----w- c:\documents and settings\220785\Local Settings\Application Data\Windows Live Writer
2010-01-19 14:25 . 2010-01-19 14:25 -------- d-----w- c:\documents and settings\220785\Application Data\Windows Live Writer
2010-01-19 13:50 . 2010-01-19 13:50 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-19 09:28 . 2010-01-19 09:28 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-19 09:04 . 2010-01-19 09:04 -------- d--h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-19 09:03 . 2010-01-19 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-18 19:31 . 2005-08-12 14:50 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2010-01-18 18:23 . 2010-01-18 18:23 -------- d--h--w- c:\documents and settings\220785\InstallAnywhere
2010-01-17 23:45 . 2010-01-17 23:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 23:06 . 2006-06-18 09:20 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-06 12:37 . 2010-02-02 09:06 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-06 12:37 . 2010-02-02 09:06 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-03 14:17 . 2006-11-28 13:27 109048 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 09:15 . 2010-02-02 09:18 2584848 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\WindowsInstaller-KB893803-x86.exe
2010-02-02 09:15 . 2010-02-02 09:18 87432 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\SNDunin.dll
2010-02-02 09:15 . 2010-02-02 09:18 669000 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\smcinst.exe
2010-02-02 09:15 . 2010-02-02 09:18 625032 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\SymNeti.dll
2010-02-02 09:15 . 2010-02-02 09:18 294912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\setup.exe
2010-02-02 09:15 . 2010-02-02 09:18 242056 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\SymRedir.dll
2010-02-02 09:15 . 2010-02-02 09:18 217992 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\SNDSvc.dll
2010-02-02 09:15 . 2010-02-02 09:18 15240 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\SNDSrvc.exe
2010-02-02 09:15 . 2010-02-02 09:18 927096 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LUCHECK.EXE
2010-02-02 09:15 . 2010-02-02 09:18 3557096 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LUSETUP.EXE
2010-02-02 09:15 . 2010-02-02 09:18 324968 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\msl.dll
2010-02-02 08:04 . 2006-11-26 11:38 109048 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-29 18:31 . 2008-11-11 20:34 36948 ----a-w- c:\documents and settings\220785\Application Data\Juniper Networks\Setup\uninstall.exe
2010-01-28 11:49 . 2010-01-28 11:48 161632 ----a-w- c:\documents and settings\Administrator\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
2010-01-28 11:48 . 2010-01-28 11:46 291696 ----a-w- c:\documents and settings\Administrator\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2010-01-28 11:46 . 2009-05-21 22:40 36948 ----a-w- c:\documents and settings\Administrator\Application Data\Juniper Networks\setup\uninstall.exe
2010-01-19 13:07 . 2010-01-19 13:07 152576 ----a-w- c:\documents and settings\220785\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-19 13:06 . 2010-01-19 13:06 79488 ----a-w- c:\documents and settings\220785\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-18 22:18 . 2006-06-18 10:02 56 ----a-w- c:\windows\system32\nullstatus.dat
2009-12-25 16:18 . 2009-07-11 23:37 99824 ----a-w- c:\windows\system32\dwabho.dll
2009-12-21 19:14 . 2004-08-04 09:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-07 11:10 . 2010-01-19 09:04 2953352 ----a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-11-21 16:36 . 2004-08-04 09:00 470528 ----a-w- c:\windows\AppPatch\AcLayers.dll
2009-11-13 00:00 . 2009-08-31 01:13 8860 ----a-w- c:\windows\hh.dat
2003-08-27 11:19 . 2006-06-19 07:19 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-14 00:14 . 2009-07-13 23:56 2 --sha-r- c:\windows\winstart.bat
2004-08-04 09:00 . 2004-08-04 09:00 1392671 --sh--r- c:\windows\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-09-17 115560]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ColorPix"="d:\my data\220785 Data\Downloads\ColorPix.exe" [2009-03-07 619520]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"bacstray"="c:\program files\Broadcom\BACS\BacsTray.exe" [2005-10-28 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SDFix"="d:\mydata~1\220785~1\DOWNLO~1\SDFix\SDFix\RunThis.bat" [2008-11-05 964661]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1685263375-270008994-622671684-4194\Scripts\Logon\0\0]
"Script"=TCopy.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 09:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 08:09 49152 ------w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-18 10:38 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 01:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PDSched"=2 (0x2)
"PDEngine"=3 (0x3)
"Bonjour Service"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"tcsd_win32.exe"=2 (0x2)
"RichVideo"=2 (0x2)
"Multi-user Cleanup Service"=2 (0x2)
"McciCMService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_07\bin\jusched.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"FAHESS_McciTrayApp"=c:\program files\FAHESS\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Documents and Settings\\220785\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\hp\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 NEOFLTR_630_13619;Juniper Networks TDI Filter Driver (NEOFLTR_630_13619);c:\windows\system32\drivers\NEOFLTR_630_13619.sys [13/10/2008 11:43 am 64480]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;d:\program files\IBM\Lotus\Notes\nsd.exe [06/12/2008 08:36 am 3315080]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [03/03/2007 11:12 pm 202096]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);d:\program files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe [03/03/2007 11:09 pm 17264]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [08/02/2007 12:06 am 49152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [03/02/2010 11:28 am 102448]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 DellBIOS;DellBIOS;\??\c:\windows\DellBIOS.Sys --> c:\windows\DellBIOS.Sys [?]
S2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;\??\f:\programme\VMWARE\VMware Converter\vstor2-p2v30.sys --> f:\programme\VMWARE\VMware Converter\vstor2-p2v30.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [24/03/2009 08:09 am 23888]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [08/04/2009 06:10 pm 42888]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [14/07/2009 02:56 am 29584]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [17/05/2007 11:36 am 10880]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]
S3 sphlower;Lower modem filter driver;c:\windows\system32\drivers\devl2kXP.sys [13/08/2004 04:24 pm 5888]
S3 sphupper;Upper modem filter driver;c:\windows\system32\drivers\devu2kXP.sys [13/08/2004 04:24 pm 4480]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02/12/2006 06:17 am 2805000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-07 c:\windows\Tasks\User_Feed_Synchronization-{EA450A77-A4E1-406C-9F58-1E7E03CDDD81}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 01:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.winzip.com/order.cgi?PWMbklm
uInternet Settings,ProxyServer = idb-proxy:8080
uInternet Settings,ProxyOverride = idbsmp*;idbsrv8;idbportal*;idbapps*;idbnet*;10*;f1n1*;otf;webcast;172*;idbdev.oraacpt;idbdev;*.rservices.com;iciec*;idbs
rv6*;idbhf*;portal*;www.isdb.org;sync1.isdb.org;webmail.isdb.org;*.idbhq.org;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\biolsp.dll
Trusted Zone: idbhq.org\oracelsrv2
Trusted Zone: idbnet
Trusted Zone: isdb.org\webmail
Trusted Zone: localhost
Trusted Zone: otf
Trusted Zone: rservices.com\reuterstrader.session
Trusted Zone: umbraco403
Trusted Zone: idbhq.org\oracelsrv2
Trusted Zone: idbnet
Trusted Zone: isdb.org\webmail
Trusted Zone: otf
Trusted Zone: rservices.com\reuterstrader.session
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.isdb.org/dana-cached/sc/JuniperSetupClient.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 02:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"d:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\CSGina.dll

- - - - - - - > 'lsass.exe'(1060)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\PJ Technologies\GOVsrv\GOVsrv.EXE
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\program files\IBM\Lotus\Notes\nslsvice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
d:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
d:\program files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Symantec Shared\Support Controls\ssrc.exe
d:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
d:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\stsystra.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
.
**************************************************************************
.
Completion time: 2010-02-08 02:17:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 23:17
ComboFix2.txt 2010-02-05 22:18

Pre-Run: 1,008,631,808 bytes free
Post-Run: 1,002,176,512 bytes free

- - End Of File - - EA13B88EBB1D5C6DA589FD04DCEEB3B6
  • 0

#6
tarekahf

tarekahf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,

Today, I logged in from my Laptop while connected to Internet from Wrok (DOMAIN).

When I am connected to Work Network, I usually do not get popup from ccApp.exe. But, I can tell if the Trojan is working by looking at tcpview.exe from Sysinternals.

Until now, looks like no SPAM program is working, and all TCP connections seem to be correct.

When I am back home, I will connect to Internet from home, and check the result.

I will post back.

Tarek.
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#8
tarekahf

tarekahf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Executed TFC.EXE.

I will post the Kaspersky log in my next post.

Here is the mbam log:


Malwarebytes' Anti-Malware 1.44
Database version: 3712
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

09/02/2010 10:42:36 am
mbam-log-2010-02-09 (10-42-36).txt

Scan type: Quick Scan
Objects scanned: 166176
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ok
  • 0

#10
tarekahf

tarekahf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
This is the Kaspersky Scan Report:

The file "regtools.vbs" I downloaded it to fix a problem when I hit a virus and I was unable to run regedit.exe. This is different than the trojan which was sending emails.

Appreciate your help what to do ?

Tarek.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, February 9, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, February 09, 2010 08:36:12
Records in database: 3453766
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 177239
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 05:40:19


File name / Threat / Threats count
C:\Documents and Settings\220785\Desktop\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1

Selected area has been scanned.
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#12
tarekahf

tarekahf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,


This is the laterst OTL Log:


OTL logfile created on: 11/02/2010 10:40:46 am - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = D:\My Data\220785 Data\Anti Virus and Spam Issues
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000401 | Country: Saudi Arabia | Language: ARA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 1.48 Gb Free Space | 5.29% Space Free | Partition Type: FAT32
Drive D: | 27.95 Gb Total Space | 7.31 Gb Free Space | 26.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 0841-220785NB
Current User Name: 220785
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/07 16:53:06 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\My Data\220785 Data\Anti Virus and Spam Issues\OTL.exe
PRC - [2009/10/27 13:21:28 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/10/11 04:17:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/18 01:55:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/09/18 01:55:38 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/09/18 01:55:36 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/18 01:55:36 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/18 01:55:36 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/21 22:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/21 21:54:18 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/08 15:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/12/06 08:36:56 | 000,031,624 | ---- | M] (IBM Corp) -- D:\Program Files\IBM\Lotus\Notes\nslsvice.exe
PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- D:\Program Files\IBM\Lotus\Notes\nsd.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/08/24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/06/13 13:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2007/03/03 23:12:54 | 014,560,624 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
PRC - [2007/03/03 23:12:02 | 000,202,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
PRC - [2007/03/03 23:09:40 | 000,017,264 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
PRC - [2007/02/08 00:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/25 17:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe
PRC - [2005/12/19 09:08:30 | 001,347,584 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2005/12/19 09:08:30 | 000,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2005/12/19 09:08:26 | 001,200,128 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2005/12/13 17:45:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/12/13 17:41:00 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/11/23 11:45:10 | 000,159,744 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2005/11/16 15:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/14 03:51:20 | 000,318,680 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/08/26 16:00:26 | 000,092,880 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/03/15 12:12:14 | 000,287,232 | ---- | M] (PJ Technologies, Inc.) -- C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
PRC - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2003/08/27 14:20:00 | 000,094,208 | R--- | M] (Cypress Semiconductor) -- C:\WINDOWS\SM1bg.exe


========== Modules (SafeList) ==========

MOD - [2010/02/07 16:53:06 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\My Data\220785 Data\Anti Virus and Spam Issues\OTL.exe
MOD - [2006/08/25 18:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
SRV - [2009/10/27 13:21:28 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/10/11 04:17:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/18 01:55:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/09/18 01:55:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/09/18 01:55:36 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/18 01:55:36 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/18 01:55:36 | 000,341,320 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:16 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/05/21 22:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/04/08 18:10:50 | 000,042,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- D:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 08:36:56 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- D:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- D:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/12/03 20:05:42 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 20:05:32 | 000,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/09/26 03:51:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/10/15 13:06:36 | 000,303,104 | ---- | M] (Motive Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2007/08/24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2007/03/03 23:12:54 | 014,560,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService) SQL Server Analysis Services (MSSQLSERVER)
SRV - [2007/03/03 23:12:02 | 000,202,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer)
SRV - [2007/03/03 23:09:40 | 000,017,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer) SQL Server Reporting Services (MSSQLSERVER)
SRV - [2007/02/08 00:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- d:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/25 17:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2005/12/19 09:08:30 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2005/11/30 13:33:04 | 000,180,224 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2005/11/23 11:45:10 | 000,159,744 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 03:51:20 | 000,318,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2005/08/26 16:00:26 | 000,092,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2005/08/08 13:54:00 | 000,167,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005/03/15 12:12:14 | 000,287,232 | ---- | M] (PJ Technologies, Inc.) [Auto | Running] -- C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE -- (GOVsrv)
SRV - [2004/09/30 20:49:36 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabic.arabia.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ar-sa
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 7C 5C AF E0 9A CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = idbsmp*;idbsrv8;idbportal*;idbapps*;idbnet*;10*;f1n1*;otf;webcast;172*;idbdev.oraacpt;idbdev;*.rservices.com;iciec*;idbs
rv6*;idbhf*;portal*;www.isdb.org;sync1.isdb.org;webmail.isdb.org;*.idbhq.org;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = idb-proxy:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/24 02:02:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/08 02:09:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DWABrowserHlprObj Class) - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (IBM Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: D:\My Data\220785 Data\Downloads\ColorPix.exe ()
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] d:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1bg.exe (Cypress Semiconductor)
O4 - HKCU..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - d:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - d:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O15 - HKLM\..Trusted Domains: idbhq.org ([oracelsrv2] http in Trusted sites)
O15 - HKLM\..Trusted Domains: idbnet ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: isdb.org ([webmail] http in Trusted sites)
O15 - HKLM\..Trusted Domains: otf ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: rservices.com ([reuterstrader.session] http in Trusted sites)
O15 - HKLM\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range2 ([https] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range3 ([http] in Trusted sites)
O15 - HKCU\..Trusted Domains: idbhq.org ([oracelsrv2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: idbnet ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: isdb.org ([webmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: otf ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rservices.com ([reuterstrader.session] http in Trusted sites)
O15 - HKCU\..Trusted Domains: umbraco403 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range3 ([http] in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1263941747843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1263941634765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.web...ort/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.isdb.org...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = idbhq.org
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINDOWS\System32\CSGina.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/22 03:45:42 | 000,000,130 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/02/11 10:41:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/08 02:43:22 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/02/08 01:08:03 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/02/07 14:36:11 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\Anti Virus and Spam Issues
[2010/02/07 00:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/06 23:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2010/02/06 15:37:34 | 000,149,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2010/02/06 15:37:15 | 000,092,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/02/06 01:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/06 01:20:07 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\ComboFix
[2010/02/06 01:10:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/06 01:06:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/06 01:06:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/06 01:06:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/06 01:06:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/06 01:06:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/06 01:03:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/05 02:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\Malwarebytes
[2010/02/05 02:50:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/05 02:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/05 02:50:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/04 01:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/02/04 01:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\Wave Systems Corp
[2010/02/04 00:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\HpUpdate
[2010/02/04 00:49:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/02/02 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Wave Systems Corp
[2010/02/02 12:15:16 | 000,625,032 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2010/02/02 12:15:16 | 000,242,056 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2010/02/02 12:06:21 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/02 12:06:21 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/02 12:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/01 19:54:40 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\Tamer School
[2010/02/01 19:53:28 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\My Scans
[2010/02/01 19:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Local Settings\Application Data\HP
[2010/01/31 12:54:33 | 000,000,000 | --SD | C] -- D:\My Data\220785 Data\My Shapes
[2010/01/31 08:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/01/31 08:47:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/01/30 15:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\domino
[2010/01/30 11:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Wave Systems Corp
[2010/01/30 08:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Desktop\Users-Grp_32-bit
[2010/01/28 14:53:58 | 000,398,632 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2009/09/11 09:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2008/12/02 18:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2007/11/07 12:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/11/07 12:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/07/02 08:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/07/02 08:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/07/02 08:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/12/11 23:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006/12/11 23:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/11/28 11:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2006/06/19 10:19:35 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2006/06/18 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Lotus
[2006/06/18 11:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/06/18 11:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/06/18 11:07:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/06/18 11:07:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/11 10:40:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EA450A77-A4E1-406C-9F58-1E7E03CDDD81}.job
[2010/02/11 10:36:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/11 10:33:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 10:33:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/11 10:32:58 | 2674,057,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/10 01:34:52 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\220785\NTUSER.DAT
[2010/02/10 01:34:22 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/02/10 01:34:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\220785\ntuser.ini
[2010/02/09 08:55:06 | 000,759,052 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/09 08:55:06 | 000,655,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/09 08:55:06 | 000,151,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/08 03:14:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 02:10:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/08 01:53:38 | 003,850,968 | R--- | M] () -- C:\Documents and Settings\220785\Desktop\ComboFix.exe
[2010/02/07 14:58:04 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/07 14:54:26 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\NTREGOPT.lnk
[2010/02/07 14:54:26 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\ERUNT.lnk
[2010/02/07 02:00:26 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/07 02:00:26 | 000,000,308 | RHS- | M] () -- C:\boot.ini
[2010/02/07 01:55:16 | 000,002,910 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/02/07 01:55:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/06 15:37:20 | 000,149,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2010/02/06 15:37:00 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/06 15:37:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/06 15:37:00 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/06 15:37:00 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/05 10:38:22 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2010/02/04 01:18:02 | 000,213,228 | ---- | M] () -- C:\WINDOWS\hpoins43.dat
[2010/02/04 00:06:50 | 001,663,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/02 12:15:16 | 000,625,032 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2010/02/02 12:15:16 | 000,242,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2010/02/02 11:18:40 | 000,005,882 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/02/02 08:57:56 | 000,003,976 | RHS- | M] () -- C:\Documents and Settings\220785\ntuser.pol
[2010/02/02 00:09:12 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/02/01 23:01:49 | 000,018,042 | ---- | M] () -- D:\My Data\220785 Data\rule the world.docx
[2010/02/01 22:56:06 | 000,018,042 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\rule the world.docx
[2010/01/31 12:52:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/30 15:08:42 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2010/01/30 15:04:38 | 000,000,995 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/01/30 14:58:30 | 000,036,995 | ---- | M] () -- C:\Documents and Settings\220785\install.xml
[2010/01/30 12:00:54 | 000,000,037 | ---- | M] () -- C:\WINDOWS\notes.ini
[2010/01/30 11:19:24 | 000,011,684 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/29 21:46:36 | 000,037,376 | ---- | M] () -- D:\My Data\220785 Data\Necklus - Reem Math.xls

========== Files Created - No Company Name ==========

[2010/02/08 01:53:36 | 003,850,968 | R--- | C] () -- C:\Documents and Settings\220785\Desktop\ComboFix.exe
[2010/02/07 14:54:25 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\NTREGOPT.lnk
[2010/02/07 14:54:25 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\ERUNT.lnk
[2010/02/07 08:33:25 | 2674,057,216 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 08:59:35 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/02/06 01:10:50 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2010/02/06 01:10:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/06 01:06:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/06 01:06:35 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/06 01:06:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/06 01:06:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/06 01:06:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/05 02:50:59 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 00:19:24 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat.temp
[2010/02/02 12:06:21 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/02 12:06:21 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/02 09:18:55 | 000,005,882 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/02/01 23:01:48 | 000,018,042 | ---- | C] () -- D:\My Data\220785 Data\rule the world.docx
[2010/02/01 22:56:08 | 000,018,042 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\rule the world.docx
[2010/01/30 14:58:27 | 000,036,995 | ---- | C] () -- C:\Documents and Settings\220785\install.xml
[2010/01/30 12:38:17 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2010/01/30 12:00:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\notes.ini
[2010/01/29 21:44:38 | 000,037,376 | ---- | C] () -- D:\My Data\220785 Data\Necklus - Reem Math.xls
[2010/01/24 01:27:56 | 000,003,775 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/22 04:17:43 | 000,002,910 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/10/14 13:44:11 | 000,000,770 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/10/14 13:14:40 | 000,000,057 | ---- | C] () -- C:\WINDOWS\ASC.ini
[2009/08/28 14:55:55 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/08/28 14:55:50 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/08/28 14:52:01 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/08/28 14:49:19 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/08/28 14:48:32 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/08/28 14:44:57 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/08/27 06:15:22 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/27 04:34:46 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCUSTOM.DLL
[2009/07/31 21:49:45 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MagicPlayDVD.ini
[2009/07/15 16:34:33 | 000,000,159 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/10 14:38:46 | 000,000,302 | ---- | C] () -- C:\WINDOWS\ConfigCenter.INI
[2009/07/02 02:22:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\220785\Application Data\$_hpcst$.hpc
[2009/03/28 01:22:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\220785\Local Settings\Application Data\fusioncache.dat
[2008/12/06 13:22:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\pfxlib3.dll
[2008/12/06 13:22:16 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\isamdll.dll
[2008/12/06 13:22:14 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wrap32.dll
[2008/12/02 18:15:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/10/06 13:14:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/30 16:25:22 | 000,000,184 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/08/30 15:44:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BARBIE.INI
[2008/08/30 15:36:21 | 000,000,407 | ---- | C] () -- C:\WINDOWS\HairStyl.ini
[2008/05/11 12:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/09 15:41:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\220785\Local Settings\Application Data\imageCache7.db
[2007/11/28 13:12:10 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\220785\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/23 12:44:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/24 11:47:08 | 000,000,048 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2007/03/10 19:48:05 | 000,003,379 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/08 20:15:47 | 000,000,016 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2007/02/08 20:10:49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/01/18 11:23:24 | 000,000,299 | ---- | C] () -- C:\WINDOWS\sap_old_sapdoccd.ini
[2007/01/16 18:55:03 | 000,000,303 | ---- | C] () -- C:\WINDOWS\oldsapdoccd.ini
[2007/01/06 12:50:05 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006/12/09 23:15:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\sapgrph.ini
[2006/12/04 23:17:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/04 12:35:22 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2006/11/28 18:05:40 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2006/06/20 13:46:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\GovAppLog.dll
[2006/06/18 12:46:07 | 000,001,158 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/18 12:29:34 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/06/18 12:06:48 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/18 12:06:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/18 11:54:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/18 11:54:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/03/25 17:19:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/03/24 15:19:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/03/24 15:14:34 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/03/24 15:14:28 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/03/24 15:14:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/03/24 15:14:18 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/03/24 15:14:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/03/24 15:14:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/03/24 15:14:02 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/03/24 15:13:58 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/03/24 15:13:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/03/24 15:13:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/03/20 12:35:06 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2005/11/30 13:33:06 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2005/09/20 13:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/02/28 23:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 14:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/14 14:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2006/06/18 11:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2006/06/18 12:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2006/06/19 10:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/12/14 20:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/02/11 10:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/05/17 11:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/11/11 23:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/12/04 02:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/03/28 01:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UltiDev
[2009/03/28 02:27:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{18A5344A-6C23-4426-87EF-647E010A2997}
[2009/07/16 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Setup Pro
[2009/07/18 15:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/03 16:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/19 12:04:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2007/11/28 12:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\FUJIFILM
[2008/11/11 23:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\Juniper Networks
[2009/04/20 15:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\IBM
[2009/07/16 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\X-Setup Pro
[2010/01/19 17:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\Windows Live Writer
[2010/01/30 15:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\domino
[2010/02/04 01:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\Wave Systems Corp
[2010/02/11 10:40:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EA450A77-A4E1-406C-9F58-1E7E03CDDD81}.job

[color="#E56717"]========== Purity Check ==========



< End of report >
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#14
tarekahf

tarekahf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I really don't know how to thank you :) !

I will follow the steps you mentioned soon.

I want to ask you this:

- What happend to my Laptop and aprox. how it happened ?

- My laptop is a work computer. It belongs to a domain. We have Symantec Endpoint Protection as our standard corporate Antivirus/Anti-spayware ...etc, will this conflict with you recommendations ?

- Do you thin that Symantec Endpoint Protection is worth keeping ?

Tarek.
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
was just some rootkit, a nasty thing to remove. Impossible to say how it happened


Those programs shouldn't interfere with symantec


Symantec is not very good, but I doubt your company would let you remove it. If they do, get Avira
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP