Jump to content

Trojan.FakeAlert and Rogue.FakeHDD removed but still issues


Recommended Posts

Here is the log.

Thanks for the help!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15

Run by Doug Feustel at 21:59:36 on 2011-12-06

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1607 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\System32\svchost.exe -k netsvcs

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Doug Feustel\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll

BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "c:\users\doug feustel\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0ACAAD95-1052-4DEB-9886-2E64C357F072} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C7F2FEAB-95D4-45A1-8858-68E27E0E0867} : DhcpNameServer = 192.168.1.1

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\doug feustel\appdata\roaming\mozilla\firefox\profiles\rbd95hby.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\users\doug feustel\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\doug feustel\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\doug feustel\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-23 366152]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-3 24652]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-23 22216]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-06 07:54:52 752164 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-12-06 07:46:24 445064 ---ha-w- c:\programdata\VBCoxREXdqh.exe

2011-12-06 04:37:31 -------- d--h--w- C:\sh4ldr

2011-12-06 04:37:31 -------- d--h--w- c:\program files\Enigma Software Group

2011-12-06 04:35:32 -------- d--h--w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP

2011-12-06 04:35:23 -------- d--h--w- c:\program files\common files\Wise Installation Wizard

2011-12-06 04:15:15 56200 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{f209bcbe-fe09-4368-a2b5-92a7527ba232}\offreg.dll

2011-12-03 00:22:40 6823496 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{f209bcbe-fe09-4368-a2b5-92a7527ba232}\mpengine.dll

2011-12-02 03:08:17 -------- d--h--w- c:\users\doug feustel\appdata\local\Ilivid Player

2011-12-02 03:07:18 -------- d--h--w- c:\program files\iLivid

2011-12-02 03:06:34 -------- d--h--w- c:\users\doug feustel\appdata\local\PackageAware

.

==================== Find3M ====================

.

2011-10-18 11:19:02 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 22:00:22.53 ===============

Attach.txt

Link to post
Share on other sites

Hello doug619! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check. Check the Scan All Users too.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Link to post
Share on other sites

Here you go!

OTL.Txt

OTL logfile created on: 12/7/2011 9:35:32 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Doug Feustel\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 56.23% Memory free

5.73 Gb Paging File | 4.35 Gb Available in Paging File | 75.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.19 Gb Total Space | 46.36 Gb Free Space | 33.30% Space Free | Partition Type: NTFS

Drive D: | 9.85 Gb Total Space | 1.73 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Computer Name: DOUGFEUSTEL-PC | User Name: Doug Feustel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Doug Feustel\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Users\Doug Feustel\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\SMINST\BLService.exe ()

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()

MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()

MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()

MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()

MOD - C:\Program Files\IZArc\IZArcCM.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-407709057-3345318891-2943131880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-407709057-3345318891-2943131880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-407709057-3345318891-2943131880-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-407709057-3345318891-2943131880-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-407709057-3345318891-2943131880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-407709057-3345318891-2943131880-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Doug Feustel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Doug Feustel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug Feustel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug Feustel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 13:35:27 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 22:26:45 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 22:43:12 | 000,000,000 | -H-D | M]

[2008/12/03 10:42:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Doug Feustel\AppData\Roaming\Mozilla\Extensions

[2011/05/05 17:14:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Doug Feustel\AppData\Roaming\Mozilla\Firefox\Profiles\rbd95hby.default\extensions

[2010/07/24 11:00:47 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Doug Feustel\AppData\Roaming\Mozilla\Firefox\Profiles\rbd95hby.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/11/30 22:26:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/30 22:26:44 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008/09/03 19:11:24 | 000,054,600 | -H-- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

[2011/05/05 22:31:37 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/30 22:26:44 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)

O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-407709057-3345318891-2943131880-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [wcmdmgr] C:\Windows\wt\updater\wcmdmgrl.exe (WildTangent, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-407709057-3345318891-2943131880-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0ACAAD95-1052-4DEB-9886-2E64C357F072}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F2FEAB-95D4-45A1-8858-68E27E0E0867}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Doug Feustel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Doug Feustel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/04 13:03:40 | 000,000,074 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-407709057-3345318891-2943131880-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 21:33:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Doug Feustel\Desktop\OTL.exe

[2011/12/05 23:37:31 | 000,000,000 | -H-D | C] -- C:\sh4ldr

[2011/12/05 23:37:31 | 000,000,000 | -H-D | C] -- C:\Program Files\Enigma Software Group

[2011/12/05 23:35:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2011/12/05 23:22:18 | 000,000,000 | -H-D | C] -- C:\Users\Doug Feustel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

[2011/12/01 22:08:17 | 000,000,000 | -H-D | C] -- C:\Users\Doug Feustel\AppData\Local\Ilivid Player

[2011/12/01 22:07:18 | 000,000,000 | -H-D | C] -- C:\Program Files\iLivid

[2011/12/01 22:06:34 | 000,000,000 | -H-D | C] -- C:\Users\Doug Feustel\AppData\Local\PackageAware

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/07 21:30:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Doug Feustel\Desktop\OTL.exe

[2011/12/07 21:24:15 | 000,000,246 | -H-- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2011/12/07 21:20:00 | 000,000,936 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-407709057-3345318891-2943131880-1000UA.job

[2011/12/07 21:19:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/07 21:19:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/07 21:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/07 21:18:39 | 2951,012,352 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/06 22:18:32 | 000,349,368 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/12/06 21:02:33 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~72b8V3IfpCxYR2

[2011/12/06 21:02:33 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~72b8V3IfpCxYR2r

[2011/12/06 21:02:07 | 000,000,328 | -H-- | M] () -- C:\ProgramData\72b8V3IfpCxYR2

[2011/12/06 21:00:40 | 301,697,105 | -H-- | M] () -- C:\Windows\MEMORY.DMP

[2011/12/06 02:46:23 | 000,445,064 | -H-- | M] () -- C:\ProgramData\VBCoxREXdqh.exe

[2011/12/06 00:25:58 | 000,625,986 | -H-- | M] () -- C:\Windows\System32\perfh009.dat

[2011/12/06 00:25:58 | 000,112,660 | -H-- | M] () -- C:\Windows\System32\perfc009.dat

[2011/12/06 00:21:43 | 000,000,440 | -H-- | M] () -- C:\ProgramData\gqOWQwvl6H7oVM

[2011/12/06 00:20:39 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~gqOWQwvl6H7oVM

[2011/12/06 00:20:39 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~gqOWQwvl6H7oVMr

[2011/12/06 00:20:34 | 000,000,625 | -H-- | M] () -- C:\Users\Doug Feustel\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/12/06 00:19:46 | 000,064,284 | -H-- | M] () -- C:\ProgramData\nvModes.001

[2011/12/06 00:19:37 | 000,064,284 | -H-- | M] () -- C:\ProgramData\nvModes.dat

[2011/12/05 23:24:57 | 000,000,440 | -H-- | M] () -- C:\ProgramData\8iuSLq2IAjBGnU

[2011/12/05 23:22:19 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~8iuSLq2IAjBGnU

[2011/12/05 23:22:19 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~8iuSLq2IAjBGnUr

[2011/12/05 23:22:18 | 000,000,601 | -H-- | M] () -- C:\Users\Doug Feustel\Desktop\System Fix.lnk

[2011/12/04 22:48:43 | 000,007,808 | -H-- | M] () -- C:\Users\Doug Feustel\AppData\Local\d3d9caps.dat

[2011/12/02 19:19:59 | 000,000,884 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-407709057-3345318891-2943131880-1000Core.job

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/06 21:02:33 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~72b8V3IfpCxYR2

[2011/12/06 21:02:33 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~72b8V3IfpCxYR2r

[2011/12/06 21:02:07 | 000,000,328 | -H-- | C] () -- C:\ProgramData\72b8V3IfpCxYR2

[2011/12/06 02:46:24 | 000,445,064 | -H-- | C] () -- C:\ProgramData\VBCoxREXdqh.exe

[2011/12/06 00:20:37 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~gqOWQwvl6H7oVM

[2011/12/06 00:20:37 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~gqOWQwvl6H7oVMr

[2011/12/06 00:20:34 | 000,000,625 | -H-- | C] () -- C:\Users\Doug Feustel\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/12/06 00:20:19 | 000,000,440 | -H-- | C] () -- C:\ProgramData\gqOWQwvl6H7oVM

[2011/12/05 23:22:19 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~8iuSLq2IAjBGnU

[2011/12/05 23:22:19 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~8iuSLq2IAjBGnUr

[2011/12/05 23:22:18 | 000,000,601 | -H-- | C] () -- C:\Users\Doug Feustel\Desktop\System Fix.lnk

[2011/12/05 23:22:13 | 000,000,440 | -H-- | C] () -- C:\ProgramData\8iuSLq2IAjBGnU

[2010/03/11 00:57:53 | 000,001,472 | -HS- | C] () -- C:\Users\Doug Feustel\AppData\Local\x8hxH

[2010/02/27 23:52:47 | 000,001,606 | -HS- | C] () -- C:\Users\Doug Feustel\AppData\Local\624nXjKIo7U64

[2010/02/25 22:46:18 | 000,000,036 | -H-- | C] () -- C:\Users\Doug Feustel\AppData\Local\housecall.guid.cache

[2010/02/22 23:54:47 | 000,008,318 | -HS- | C] () -- C:\Users\Doug Feustel\AppData\Local\27cUE4

[2009/12/15 23:16:16 | 000,178,176 | -H-- | C] () -- C:\Windows\System32\unrar.dll

[2009/11/02 19:28:26 | 000,151,552 | -H-- | C] () -- C:\Windows\System32\libexpat.dll

[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/01/28 22:16:12 | 000,037,376 | -H-- | C] () -- C:\Users\Doug Feustel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/25 22:06:12 | 000,007,808 | -H-- | C] () -- C:\Users\Doug Feustel\AppData\Local\d3d9caps.dat

[2008/12/04 17:03:20 | 000,016,596 | -H-- | C] () -- C:\Windows\MSTMON_Y.INI

[2008/12/04 17:03:20 | 000,012,244 | -H-- | C] () -- C:\Windows\MSUMLT_Y.INI

[2008/12/04 16:48:32 | 000,064,284 | -H-- | C] () -- C:\ProgramData\nvModes.001

[2008/12/04 16:48:31 | 000,064,284 | -H-- | C] () -- C:\ProgramData\nvModes.dat

[2008/12/03 11:08:58 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2008/12/03 11:08:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/12/03 10:32:44 | 000,000,000 | -H-- | C] () -- C:\Users\Doug Feustel\AppData\Roaming\wklnhst.dat

[2008/10/12 10:46:54 | 000,003,948 | -H-- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2008/08/04 13:19:17 | 000,101,605 | -H-- | C] () -- C:\Windows\hpqins13.dat

[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:47:37 | 000,349,368 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:33:01 | 000,625,986 | -H-- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,112,660 | -H-- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

[2006/03/09 04:58:00 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/10/26 22:36:58 | 000,000,000 | -H-D | M] -- C:\Users\Doug Feustel\AppData\Roaming\BitTorrent

[2008/12/04 13:06:28 | 000,000,000 | -H-D | M] -- C:\Users\Doug Feustel\AppData\Roaming\BSD

[2009/03/04 01:27:47 | 000,000,000 | -H-D | M] -- C:\Users\Doug Feustel\AppData\Roaming\DNA

[2009/10/27 21:50:01 | 000,000,000 | -H-D | M] -- C:\Users\Doug Feustel\AppData\Roaming\ImTOO Software Studio

[2009/08/07 19:14:53 | 000,000,000 | -H-D | M] -- C:\Users\Doug Feustel\AppData\Roaming\iWin

[2011/07/09 16:37:47 | 000,000,000 | -H-D | M] -- C:\Users\Doug Feustel\AppData\Roaming\Template

[2009/02/02 23:14:21 | 000,000,000 | -H-D | M] -- C:\Users\Doug Feustel\AppData\Roaming\Ubisoft

[2008/12/04 17:42:48 | 000,000,000 | -H-D | M] -- C:\Users\Doug Feustel\AppData\Roaming\WildTangent

[2011/12/06 23:28:03 | 000,032,564 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Extras. Txt

OTL Extras logfile created on: 12/7/2011 9:35:32 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Doug Feustel\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 56.23% Memory free

5.73 Gb Paging File | 4.35 Gb Available in Paging File | 75.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.19 Gb Total Space | 46.36 Gb Free Space | 33.30% Space Free | Partition Type: NTFS

Drive D: | 9.85 Gb Total Space | 1.73 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Computer Name: DOUGFEUSTEL-PC | User Name: Doug Feustel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- "%1" %*

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cmd [@ = cmdfile] -- "%1" %*

.com [@ = comfile] -- "%1" %*

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.exe [@ = exefile] -- "%1" %*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- "%1" %*

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*

.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.scr [@ = scrfile] -- "%1" /S

.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-407709057-3345318891-2943131880-1000\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-407709057-3345318891-2943131880-1000]

"EnableNotifications" = 1

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03D17312-C63E-4FDB-9CC3-1356C32F1F1B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2E4CE9A5-2B8D-43DD-B2B7-CDBD19B6CC1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{480C4A8E-1991-442E-8D73-A18E82A5616D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7B3AD6C5-E0DE-48F3-8439-C84E5356D0EE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A885EE0B-D208-4A32-9BF3-4D219B889B59}" = rport=10243 | protocol=6 | dir=out | app=system |

"{BA92D2A6-1F8E-4EDB-A0C9-95E2CC244379}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C0060396-34A3-4AEA-B6EA-14109377042F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F7702B10-3BFF-43EC-89C3-B8C9B649238D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{FF2FCC4E-58F6-4EDE-ABD6-26C9C0C5C3D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{049C732A-708A-4046-9393-CC47BB9AA9B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{053E5549-ECD5-4FE4-8DB9-641DFB10CF77}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{05F05020-8587-4A81-B54E-94836D15A5C1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{0601EACC-13B4-4E1C-BDCB-A89099AB06CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0E8447A3-ABEE-41F1-9E05-56B1F2BA0AF6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{0FE902C7-D9F2-44DB-8DBB-3579C00028A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{360E3640-FB26-4DEF-8288-8B53B8EBB28A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{37A0227D-D5D4-4C31-BA07-7671FA32EE16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3874B63C-F970-4288-9841-71755EB0068E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{387A8493-E5DB-4EA2-B962-0B4D3F97F4EA}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{3BA968C6-5E99-4E0F-BAC8-63D6E7052F5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4C23BDE0-DA56-4287-A1B0-22DFF98EC49C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{523E7DCC-A39F-4034-9D25-E0F975A1F60B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5A16F329-B169-4119-9DE8-AF2699E4395D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5AAC9EEF-AF05-4147-832B-DA3AF8EDCBFD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{5D274256-03FB-4F36-8637-92D657C5DB7C}" = protocol=6 | dir=out | app=system |

"{6AD26536-0F55-4875-83F2-D665438EA6EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{71CCED3E-659E-4891-87EF-41A51FBBAFEB}" = protocol=6 | dir=in | app=c:\users\doug feustel\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{81207BA9-53A2-4303-8F6B-83DC90FD3B70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8A3C5E15-1E81-432B-9CE7-8DDB8FC4F51D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{957BEB18-AD2D-402C-AD86-F67D76C4CFF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{96D7E649-F579-45EA-8E61-8EDFC72321BA}" = protocol=17 | dir=in | app=c:\users\doug feustel\appdata\local\google\google talk plugin\googletalkplugin.dll |

"{984600BC-9642-471E-A40D-683597F8FE42}" = protocol=17 | dir=in | app=c:\users\doug feustel\appdata\local\google\google talk plugin\googletalkplugin.dll |

"{9A8E4CA2-4ADE-468F-B0BA-29AF62782531}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B9316164-035F-4548-8566-1B13586E6236}" = protocol=6 | dir=in | app=c:\users\doug feustel\appdata\local\google\google talk plugin\googletalkplugin.dll |

"{BAE67909-0A5C-4CE0-AA5F-5461E3F1D9C5}" = protocol=17 | dir=in | app=c:\users\doug feustel\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{C1BAABB6-21B7-49B7-91E1-E455B4B6BC44}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{C55EE582-4D18-4465-B67C-01CCBFDC83AC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{CE417CC2-006D-44BC-B33A-291B02416FCB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{D9DB910F-C30F-44A1-A16F-92CD3015E63A}" = protocol=6 | dir=in | app=c:\users\doug feustel\appdata\local\google\google talk plugin\googletalkplugin.dll |

"{DFC0CE2B-42CE-473D-8B43-4CF1BF16AF05}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{E986B187-C5C7-4D7C-9BF5-FE8C3B750291}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{EE3C8E53-C466-4D92-ADE5-E48FEBE78D2B}" = protocol=17 | dir=in | app=c:\users\doug feustel\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{F3592589-01D8-47FA-989E-9BCB799481C0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{FA8F3103-F4B0-4B3D-AD62-8A8629A4778E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FE969750-56FD-4635-B6ED-94F89AC08135}" = protocol=6 | dir=in | app=c:\users\doug feustel\appdata\local\google\google talk plugin\googletalkplugin.exe |

"TCP Query User{16B672BC-FDC4-43F0-AACC-A3555A8CC4D7}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |

"TCP Query User{26249E22-381A-4270-959A-9EAD412A8DA1}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"TCP Query User{461AAD17-5564-47FD-BF6C-214C83F8468F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{6D7B39BF-F435-4EE7-B413-E11227D0644B}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{6F5DA88C-155E-43B5-9BEA-0AC66668AB51}C:\users\doug feustel\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\doug feustel\program files\left 4 dead\left4dead.exe |

"TCP Query User{83AFC27B-182A-49B0-B604-A594C95AF504}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"TCP Query User{ACC544D8-6AE3-4E2A-A18E-AF9653DA3560}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{B0F90490-E8EC-4EF5-B73C-054ACC581E04}C:\users\doug feustel\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\doug feustel\program files\dna\btdna.exe |

"UDP Query User{010AF45F-0254-48A1-A706-4F3597363C57}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"UDP Query User{125FBA99-9644-436F-A7FD-1AA0D9109261}C:\users\doug feustel\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\doug feustel\program files\left 4 dead\left4dead.exe |

"UDP Query User{227A8DF0-7AF1-484F-9B87-7F802F69261D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{66B3AF36-2A75-4407-B5A2-94E79FA8F63D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{8A53C1C4-427F-4B61-AC62-D4034CE775E1}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"UDP Query User{8F6ABDCF-5CAA-4C61-A960-4B90A9F1110F}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |

"UDP Query User{C189B154-4CF9-4207-8A66-82AFD56B53F7}C:\users\doug feustel\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\doug feustel\program files\dna\btdna.exe |

"UDP Query User{C76D564E-8F44-40B4-B237-87DB68CC5D0C}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3

"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1

"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2

"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes

"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"BitTorrentBar Toolbar" = BitTorrentBar Toolbar

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"conduitEngine" = Conduit Engine

"ENTERPRISER" = Microsoft Office Enterprise 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Standard)

"KONICA MINOLTA PagePro 1400W" = KONICA MINOLTA PagePro 1400W

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)

"NVIDIA Drivers" = NVIDIA Drivers

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Test My Hardware_is1" = Test My Hardware 2.4

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-407709057-3345318891-2943131880-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

Im not authorized to help, but if it does help, most all the FAKEHDD rouges move all start menu/quick launch items to a folder called "smtemp" or "smtmp" in the user profile and change a couple registry entries to block things like right clicking the taskbar and hitting task manager.

If you would like my help, Im positive I can help reverse the changes.

:)

-epiX

Sure, you described the issues I'm facing with the start menu/quick launch items being hidden.

Thanks!

Link to post
Share on other sites

Step 1

Please download and run the following tool:

http://download.bleepingcomputer.com/grinler/unhide.exe

This will help you to unhide your files.

Step 2

Please uninstall the following applications:

BitTorrentBar

BitTorrentBar Toolbar

Conduit Engine

DNA

Viewpoint Media Player

Step 3

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
[2011/12/05 23:22:18 | 000,000,000 | -H-D | C] -- C:\Users\Doug Feustel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/12/06 21:02:33 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~72b8V3IfpCxYR2
[2011/12/06 21:02:33 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~72b8V3IfpCxYR2r
[2011/12/06 21:02:07 | 000,000,328 | -H-- | M] () -- C:\ProgramData\72b8V3IfpCxYR2
[2011/12/06 02:46:23 | 000,445,064 | -H-- | M] () -- C:\ProgramData\VBCoxREXdqh.exe
[2011/12/06 00:21:43 | 000,000,440 | -H-- | M] () -- C:\ProgramData\gqOWQwvl6H7oVM
[2011/12/06 00:20:39 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~gqOWQwvl6H7oVM
[2011/12/06 00:20:39 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~gqOWQwvl6H7oVMr
[2011/12/06 00:20:34 | 000,000,625 | -H-- | M] () -- C:\Users\Doug Feustel\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/12/05 23:24:57 | 000,000,440 | -H-- | M] () -- C:\ProgramData\8iuSLq2IAjBGnU
[2011/12/05 23:22:19 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~8iuSLq2IAjBGnU
[2011/12/05 23:22:19 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~8iuSLq2IAjBGnUr
[2011/12/05 23:22:18 | 000,000,601 | -H-- | M] () -- C:\Users\Doug Feustel\Desktop\System Fix.lnk
[2010/03/11 00:57:53 | 000,001,472 | -HS- | C] () -- C:\Users\Doug Feustel\AppData\Local\x8hxH
[2010/02/27 23:52:47 | 000,001,606 | -HS- | C] () -- C:\Users\Doug Feustel\AppData\Local\624nXjKIo7U64
[2010/02/22 23:54:47 | 000,008,318 | -HS- | C] () -- C:\Users\Doug Feustel\AppData\Local\27cUE4

:Commands
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Hello I have similar issue! This is the results from OTL.txt and Extras.txt:

OTL.txt

OTL logfile created on: 06.1.2012 г. 15:23:54 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\bg1001u5\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

3,17 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 82,27% Memory free

5,01 Gb Paging File | 4,59 Gb Available in Paging File | 91,76% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 50,01 Gb Total Space | 32,38 Gb Free Space | 64,75% Space Free | Partition Type: NTFS

Drive D: | 415,75 Gb Total Space | 394,21 Gb Free Space | 94,82% Space Free | Partition Type: NTFS

Computer Name: SOFK001C | User Name: bg1001u5 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\bg1001u5\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\OfficeScan NT\PccNTMon.exe (Trend Micro Inc.)

PRC - C:\Program Files\OfficeScan NT\TmListen.exe (Trend Micro Inc.)

PRC - C:\Program Files\OfficeScan NT\NTRtScan.exe (Trend Micro Inc.)

PRC - C:\Program Files\BM\TMBMSRV.exe (Trend Micro Inc.)

PRC - C:\Program Files\Java\jre1.6.0_26\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\OfficeScan NT\TmProxy.exe (Trend Micro Inc.)

PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)

PRC - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

PRC - C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)

PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)

PRC - C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens AG)

PRC - C:\WINNT\system32\drivers\o2flash.exe (O2Micro International)

PRC - C:\WINNT\vsnp2uvc.exe (Sonix)

PRC - C:\Program Files\OfficeScan NT\CNTAoSMgr.exe (Trend Micro Inc.)

PRC - C:\Program Files\Siemens\SisWatchDogNic\SisWatchDogNic.exe (Siemens IT Solutions and Services)

PRC - C:\WINNT\explorer.exe (Microsoft Corporation)

PRC - C:\WINNT\system32\suss.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - c:\winnt\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dd35cfe6\mscorlib.dll ()

MOD - c:\winnt\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_10bb0ab2\system.drawing.dll ()

MOD - c:\winnt\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_cd9c9b97\system.windows.forms.dll ()

MOD - c:\winnt\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_062d3515\system.dll ()

MOD - c:\winnt\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()

MOD - c:\winnt\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()

MOD - c:\winnt\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()

MOD - c:\winnt\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()

MOD - c:\winnt\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()

MOD - C:\WINNT\system32\siecaces.dll ()

MOD - C:\WINNT\system32\gmp4_2_1.dll ()

MOD - C:\WINNT\system32\pdfcmnnt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (tmlisten) -- C:\Program Files\OfficeScan NT\tmlisten.exe (Trend Micro Inc.)

SRV - (ntrtscan) -- C:\Program Files\OfficeScan NT\ntrtscan.exe (Trend Micro Inc.)

SRV - (TMBMServer) -- C:\Program Files\BM\TMBMSRV.exe (Trend Micro Inc.)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre1.6.0_26\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (UCMS) -- C:\Program Files\Siemens\UCMS\core\ucms.exe (Siemens AG)

SRV - (TmProxy) -- C:\Program Files\OfficeScan NT\TmProxy.exe (Trend Micro Inc.)

SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

SRV - (UNS) Intel® -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel® -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)

SRV - (O2FLASH) -- C:\WINNT\system32\drivers\o2flash.exe (O2Micro International)

SRV - (r_server) -- C:\Program Files\Radmin\r_server.exe ()

SRV - (SU) -- C:\WINNT\system32\suss.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (tmactmon) -- C:\WINNT\system32\drivers\tmactmon.sys (Trend Micro Inc.)

DRV - (tmevtmgr) -- C:\WINNT\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV - (tmcomm) -- C:\WINNT\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (dsNcAdpt) -- C:\WINNT\system32\drivers\dsNcAdpt.sys (Juniper Networks)

DRV - (NETwNx32) ___ Intel® -- C:\WINNT\system32\drivers\NETwNx32.sys (Intel Corporation)

DRV - (e1cexpress) Intel® -- C:\WINNT\system32\drivers\e1c5132.sys (Intel Corporation)

DRV - (nusb3xhc) -- C:\WINNT\system32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV - (nusb3hub) -- C:\WINNT\system32\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINNT\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (tmtdi) -- C:\WINNT\system32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (TmFilter) -- C:\Program Files\OfficeScan NT\TmXPFlt.sys (Trend Micro Inc.)

DRV - (TmPreFilter) -- C:\Program Files\OfficeScan NT\tmpreflt.sys (Trend Micro Inc.)

DRV - (VSApiNt) -- C:\Program Files\OfficeScan NT\vsapiNT.sys (Trend Micro Inc.)

DRV - (MEI) Intel® -- C:\WINNT\system32\drivers\HECI.sys (Intel Corporation)

DRV - (IntcDAud) Intel® -- C:\WINNT\system32\drivers\IntcDAud.sys (Intel® Corporation)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINNT\system32\drivers\snp2uvc.sys ()

DRV - (BTKRNL) -- C:\WINNT\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINNT\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (FJGSDisk) -- C:\WINNT\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED)

DRV - (O2SDJRDR) -- C:\WINNT\system32\drivers\o2sdjxp.sys (O2Micro )

DRV - (ctxusbm) -- C:\WINNT\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV - (ATSwpWDF) -- C:\WINNT\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)

DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)

DRV - (BTDriver) -- C:\WINNT\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (btaudio) -- C:\WINNT\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTWDNDIS) -- C:\WINNT\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (btwhid) -- C:\WINNT\system32\drivers\btwhid.sys (Broadcom Corporation.)

DRV - (Monfilt) -- C:\WINNT\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (Ambfilt) -- C:\WINNT\system32\drivers\Ambfilt.sys (Creative)

DRV - (USBCCID) -- C:\WINNT\system32\drivers\usbccid.sys (Microsoft Corporation)

DRV - (IFXTPM) -- C:\WINNT\system32\drivers\ifxtpm.sys (Infineon Technologies AG)

DRV - (FUJ02E3) -- C:\WINNT\system32\drivers\fuj02e3.sys (FUJITSU LIMITED)

DRV - (FUJ02B1) -- C:\WINNT\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf.my-it-solutions.net

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf.my-it-solutions.net/

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - prefs.js..network.proxy.backup.ftp: ""

FF - prefs.js..network.proxy.backup.ftp_port: 0

FF - prefs.js..network.proxy.backup.socks: ""

FF - prefs.js..network.proxy.backup.socks_port: 0

FF - prefs.js..network.proxy.backup.ssl: ""

FF - prefs.js..network.proxy.backup.ssl_port: 0

FF - prefs.js..network.proxy.ftp: "10.1.1.1"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.http: "10.1.1.1"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "10.1.1.1"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "10.1.1.1"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_26\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre1.6.0_26\lib\deploy\jqs\ff [2011.07.04 08:22:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.03 09:12:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.13 11:25:17 | 000,000,000 | ---D | M]

[2011.10.28 08:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bg1001u5\Application Data\Mozilla\Extensions

[2011.06.06 10:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.07.04 08:22:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE1.6.0_26\LIB\DEPLOY\JQS\FF

[2012.01.03 09:12:53 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.10.12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

[2010.10.12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2010.10.12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2010.10.12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2010.10.12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2010.10.12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

[2011.10.04 08:44:10 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml

[2011.10.04 08:44:10 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml

[2011.10.04 08:44:10 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml

[2011.10.04 08:44:10 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml

[2011.10.04 08:44:10 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: ([2011.10.14 13:48:58 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\OfficeScan NT\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [sIECAST] C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens AG)

O4 - HKLM..\Run: [sisWatchDogNic] C:\Program Files\Siemens\SisWatchDogNic\SisWatchDogNic.exe (Siemens IT Solutions and Services)

O4 - HKLM..\Run: [snp2uvc] C:\WINNT\vsnp2uvc.exe (Sonix)

O4 - HKLM..\Run: [sSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u File not found

O4 - HKLM..\Run: [uSM] C:\Program Files\Siemens\USM\USM.exe (Siemens AG)

O4 - HKU\.DEFAULT..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)

O4 - HKU\S-1-5-18..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)

O4 - Startup: C:\Documents and Settings\atw01192\Start Menu\Programs\Startup\Yammer.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\IEDevTools present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Safety present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 0

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0

O7 - HKU\S-1-5-21-1014176260-98930707-4043447730-54226\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: siemens.net ([]* in Local intranet)

O15 - HKLM\..Trusted Domains: sitest.net ([]* in Local intranet)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} Reg Error: Key error. (Macromedia Authorware Web Player Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ura-emea.siemens.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ww930.my-it-solutions.net

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACEA30FB-3B3B-43C0-A122-7356876B8D21}: DhcpNameServer = 10.1.1.1

O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - C:\WINNT\Downloaded Program Files\mimectl.dll ()

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINNT\System32\Userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\bg1001u5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\bg1001u5\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.05.31 07:33:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.06 15:03:51 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.01.06 15:01:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bg1001u5\Desktop\OTL.exe

[2012.01.06 12:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bg1001u5\Application Data\Malwarebytes

[2012.01.06 12:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bg1001u5\Start Menu\Programs\System Check

[2012.01.06 12:01:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bg1001u5\Recent

[2012.01.03 12:09:45 | 000,064,512 | ---- | C] (Microsoft) -- C:\Documents and Settings\bg1001u5\Desktop\LockoutStatus.exe

[2011.12.29 10:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bg1001u5\Local Settings\Application Data\Sun

[2011.12.27 15:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bg1001u5\fontconfig

[2011.12.27 15:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bg1001u5\.smplayer

[2011.12.27 10:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bg1001u5\Local Settings\Application Data\IsolatedStorage

[2011.12.27 10:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bg1001u5\Local Settings\Application Data\assembly

[2011.12.22 15:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bg1001u5\Application Data\WinRAR

[2011.12.08 11:00:00 | 000,749,568 | ---- | C] (UltraVNC) -- C:\Documents and Settings\bg1001u5\Desktop\vncviewer.exe

[2011.05.31 12:38:08 | 000,245,760 | ---- | C] ( ) -- C:\WINNT\System32\rsnp2uvc.dll

[2011.05.31 12:17:51 | 000,004,096 | ---- | C] ( ) -- C:\WINNT\System32\IGFXDEVLib.dll

[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.06 15:18:37 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat

[2012.01.06 15:02:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bg1001u5\Desktop\OTL.exe

[2012.01.06 14:04:50 | 000,023,080 | RHS- | M] () -- C:\Documents and Settings\bg1001u5\ntuser.pol

[2012.01.06 12:07:18 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.06 12:05:16 | 000,139,924 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2012.01.06 12:01:54 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pswvJG5C5ydcDy

[2012.01.06 10:40:25 | 000,009,175 | ---- | M] () -- C:\WINNT\cfgall.ini

[2012.01.06 10:37:39 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl

[2012.01.04 11:02:30 | 000,001,994 | ---- | M] () -- C:\Documents and Settings\bg1001u5\My Documents\Default.rdp

[2011.12.29 11:04:12 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\bg1001u5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.12.28 13:43:06 | 000,515,352 | ---- | M] () -- C:\WINNT\System32\perfh009.dat

[2011.12.28 13:43:06 | 000,091,772 | ---- | M] () -- C:\WINNT\System32\perfc009.dat

[2011.12.28 11:00:14 | 000,010,016 | ---- | M] () -- C:\Documents and Settings\bg1001u5\Desktop\Leaving Employee.htm

[2011.12.15 17:20:25 | 000,000,177 | ---- | M] () -- C:\WINNT\hpbafd.ini

[2011.12.13 11:23:53 | 000,000,370 | ---- | M] () -- C:\WINNT\ODBC.INI

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2011.12.07 15:54:28 | 000,105,367 | ---- | M] () -- C:\Documents and Settings\bg1001u5\Desktop\1789_001.pdf

[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.06 12:07:18 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.06 12:01:54 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pswvJG5C5ydcDy

[2011.12.28 11:00:14 | 000,010,016 | ---- | C] () -- C:\Documents and Settings\bg1001u5\Desktop\Leaving Employee.htm

[2011.12.27 15:26:41 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\bg1001u5\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.12.12 10:08:34 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\bg1001u5\Desktop\Remote Desktop Connection.lnk

[2011.12.12 10:05:09 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\bg1001u5\My Documents\Default.rdp

[2011.12.07 15:54:28 | 000,105,367 | ---- | C] () -- C:\Documents and Settings\bg1001u5\Desktop\1789_001.pdf

[2011.11.16 14:39:14 | 000,000,177 | ---- | C] () -- C:\WINNT\hpbafd.ini

[2011.10.28 08:39:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bg1001u5\Application Data\OutlookNewProfile.prf

[2011.09.21 12:43:12 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat

[2011.09.13 08:24:39 | 000,045,032 | ---- | C] () -- C:\WINNT\System32\mlfcache.dat

[2011.06.20 16:25:17 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini

[2011.06.08 11:21:14 | 000,000,419 | ---- | C] () -- C:\WINNT\BRWMARK.INI

[2011.06.08 11:21:14 | 000,000,027 | ---- | C] () -- C:\WINNT\BRPP2KA.INI

[2011.06.01 09:59:01 | 000,000,056 | ---- | C] () -- C:\WINNT\System32\ezsidmv.dat

[2011.05.31 17:12:45 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat

[2011.05.31 17:12:38 | 000,515,352 | ---- | C] () -- C:\WINNT\System32\perfh009.dat

[2011.05.31 17:12:38 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat

[2011.05.31 17:12:38 | 000,091,772 | ---- | C] () -- C:\WINNT\System32\perfc009.dat

[2011.05.31 17:12:38 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat

[2011.05.31 17:12:36 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat

[2011.05.31 17:12:35 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin

[2011.05.31 17:12:32 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

[2011.05.31 17:12:22 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat

[2011.05.31 17:12:22 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin

[2011.05.31 17:12:04 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat

[2011.05.31 17:11:53 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\Dcache.bin

[2011.05.31 15:20:42 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat

[2011.05.31 14:47:02 | 000,832,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011.05.31 14:18:07 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\sqljdbc_auth.dll

[2011.05.31 13:47:05 | 000,165,376 | ---- | C] () -- C:\WINNT\System32\unrar.dll

[2011.05.31 13:47:05 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini

[2011.05.31 13:47:03 | 000,810,496 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll

[2011.05.31 13:47:03 | 000,183,808 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll

[2011.05.31 13:47:03 | 000,080,896 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll

[2011.05.31 12:38:12 | 001,760,768 | ---- | C] () -- C:\WINNT\System32\drivers\snp2uvc.sys

[2011.05.31 12:38:12 | 000,028,544 | ---- | C] () -- C:\WINNT\System32\drivers\sncduvc.sys

[2011.05.31 12:38:12 | 000,024,576 | ---- | C] () -- C:\WINNT\snuvcdsm.exe

[2011.05.31 12:38:12 | 000,015,497 | ---- | C] () -- C:\WINNT\snp2uvc.ini

[2011.05.31 12:34:56 | 000,008,192 | ---- | C] () -- C:\WINNT\System32\drivers\IntelMEFWVer.dll

[2011.05.31 12:17:51 | 000,201,496 | ---- | C] () -- C:\WINNT\System32\igfcg600m.bin

[2011.05.31 12:17:49 | 000,783,644 | ---- | C] () -- C:\WINNT\System32\igkrng600.bin

[2011.05.31 12:17:49 | 000,145,804 | ---- | C] () -- C:\WINNT\System32\igcompkrng600.bin

[2011.05.31 12:17:49 | 000,000,151 | ---- | C] () -- C:\WINNT\System32\GfxUI.exe.config

[2011.05.31 12:17:04 | 000,000,008 | ---- | C] () -- C:\WINNT\System32\drivers\rtkhdaud.dat

[2011.05.31 10:26:58 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI

[2011.05.31 10:26:20 | 000,227,208 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT

[2011.05.31 10:14:28 | 000,009,175 | ---- | C] () -- C:\WINNT\cfgall.ini

[2011.05.31 10:13:13 | 000,007,678 | ---- | C] () -- C:\WINNT\uedit32.INI

[2011.05.31 09:51:58 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI

[2011.05.31 09:02:11 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat

[2011.05.31 07:35:20 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat

[2011.05.31 07:31:50 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat

[2010.10.11 18:02:28 | 002,860,384 | ---- | C] () -- C:\WINNT\System32\btwicons.dll

[2010.05.14 15:38:12 | 000,024,632 | ---- | C] () -- C:\WINNT\System32\providers.bin

[2009.04.16 16:32:46 | 000,040,517 | ---- | C] () -- C:\WINNT\System32\jRegistryKey.dll

[2008.06.24 13:44:14 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\nsldap32v50.dll

[2008.06.24 13:44:14 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\nsldapssl32v50.dll

[2008.06.24 13:44:14 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\nsldappr32v50.dll

[2008.04.18 16:56:18 | 000,311,296 | ---- | C] () -- C:\WINNT\System32\siecaces.dll

[2007.04.16 14:01:06 | 000,184,320 | ---- | C] () -- C:\WINNT\System32\gmp4_2_1.dll

[2007.04.12 09:48:40 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\siecacsp.dll

[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI

[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINNT\System32\lcppn21.dll

[2001.10.28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINNT\System32\pdfcmnnt.dll

========== LOP Check ==========

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\@@B7WMDQpSjNrPvDEkGte7Nuna6wwM\Application Data\CatPC

[2011.08.02 11:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\@@B7WMDQpSjNrPvDEkGte7Nuna6wwM\Application Data\ICAClient

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\@@Bazk9hNBWWUvp4-#TjNSslDrqXJC\Application Data\CatPC

[2011.05.31 14:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AR SYSTEM

[2011.07.25 14:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2011.05.31 12:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fujitsu

[2011.10.27 15:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy

[2011.08.15 19:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2011.11.17 12:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011.09.13 08:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atw01152\Application Data\CatPC

[2011.12.02 16:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atw01192\Application Data\AIMP

[2011.08.31 09:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atw01192\Application Data\AR System

[2011.05.31 14:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atw01192\Application Data\CatPC

[2011.07.25 14:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atw01192\Application Data\ICAClient

[2011.08.15 19:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atw01192\Application Data\Juniper Networks

[2011.11.24 10:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atw01192\Application Data\uTorrent

[2011.07.22 09:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atw01192\Application Data\Yammer

[2012.01.06 12:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1001u5\Application Data\AIMP

[2011.10.28 08:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1001u5\Application Data\AR System

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1001u5\Application Data\CatPC

[2011.10.28 08:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1001u5\Application Data\ICAClient

[2011.12.27 13:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1001u5\Application Data\uTorrent

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg100286\Application Data\CatPC

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1002f1\Application Data\CatPC

[2011.09.01 11:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1002f1\Application Data\ICAClient

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1002m3\Application Data\CatPC

[2011.12.13 11:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1002m3\Application Data\ICAClient

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1002m4\Application Data\CatPC

[2011.12.13 12:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bg1002m4\Application Data\ICAClient

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\CatPC

[2011.05.31 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SismigBd\Application Data\CatPC

[2011.10.27 15:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SismigBd\Application Data\ICAClient

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8D65F32

< End of report >

and Extras.txt

OTL Extras logfile created on: 06.1.2012 г. 15:23:59 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\bg1001u5\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

3,17 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 82,27% Memory free

5,01 Gb Paging File | 4,59 Gb Available in Paging File | 91,76% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 50,01 Gb Total Space | 32,38 Gb Free Space | 64,75% Space Free | Partition Type: NTFS

Drive D: | 415,75 Gb Total Space | 394,21 Gb Free Space | 94,82% Space Free | Partition Type: NTFS

Computer Name: SOFK001C | User Name: bg1001u5 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.js [@ = JSFile] -- Reg Error: Key error. File not found

.jse [@ = JSEFile] -- Reg Error: Key error. File not found

.vbe [@ = VBEFile] -- Reg Error: Key error. File not found

.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

jsfile [edit] -- Reg Error: Key error.

jsfile [open] -- Reg Error: Key error.

jsfile [print] -- Reg Error: Key error.

jsefile [edit] -- Reg Error: Key error.

jsefile [open] -- Reg Error: Key error.

jsefile [print] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [edit] -- Reg Error: Key error.

vbefile [open] -- Reg Error: Key error.

vbefile [print] -- Reg Error: Key error.

vbsfile [edit] -- Reg Error: Key error.

vbsfile [open] -- Reg Error: Key error.

vbsfile [print] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntivirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]

"{07AC01FE-C56D-4DF8-A050-6ABC17947887}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=16386|App=%ProgramFiles(x86)%\Iron Mountain\Connected BackupPC\Agent.exe|Name=Connected PC Agent|Desc=Inbound Connection Rule for Connected|

"{A75F3D2C-BECF-47D6-BE36-B68D122BAB5F}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=16386|App=%ProgramFiles%\Iron Mountain\Connected BackupPC\Agent.exe|Name=Connected PC Agent (x86)|Desc=Inbound Connection Rule for Connected|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"DoNotAllowExceptions" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]

"AllowUserPrefMerge" = 0

"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]

"%programfiles%\officescan nt\tmlisten.exe:*:enabled:TrendMicro Officescan" = %programfiles%\officescan nt\tmlisten.exe:*:enabled:TrendMicro Officescan -- (Trend Micro Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]

"AllowUserPrefMerge" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]

"AllowOutboundDestinationUnreachable" = 1

"AllowOutboundSourceQuench" = 1

"AllowRedirect" = 0

"AllowInboundEchoRequest" = 1

"AllowInboundRouterRequest" = 0

"AllowOutboundTimeExceeded" = 1

"AllowOutboundParameterProblem" = 1

"AllowInboundTimestampRequest" = 1

"AllowInboundMaskRequest" = 0

"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]

"LogDroppedPackets" = 1

"LogSuccessfulConnections" = 1

"LogFilePath" = %systemroot%\Logs\wf.log -- ()

"LogFileSize" = 4096

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]

"Enabled" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DoNotAllowExceptions" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"24880:TCP" = 24880:TCP:*:Enabled:Trend Micro OfficeScan Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DoNotAllowExceptions" = 0

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"24887:TCP" = 24887:TCP:*:Enabled:Trend Micro OfficeScan Listener

"24880:TCP" = 24880:TCP:*:Enabled:Trend Micro OfficeScan Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\WINNT\system32\dpvsetup.exe" = C:\WINNT\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Disabled:Microsoft Office Live Meeting -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{039E0487-E1D2-4760-91B9-0F8D8C376E05}" = Anytime USB Charge Utility

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2

"{154A9EEB-05FC-45E6-B7BD-75D27ED02276}" = Crystal11_Redistributables

"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)

"{19E00662-723E-4049-5CC5-000000000004}" = PKI Basic Client 4.0.1

"{1C1A21AF-75C5-42A1-89B9-419121336BF5}" = Microsoft Conferencing Add-in for Microsoft Office Outlook

"{318E9033-DEC6-4101-95A7-41FF1A64B343}" = Remote Administrator 2.1 - Server only

"{3345D22C-4306-45D0-A290-2054FE1BD976}" = Siemens Corporate Forms V5

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera

"{3BCA64D3-69D3-4DF6-BEF0-A8BD333FD980}" = Java 2 Runtime Environment International 1.6.0_26

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3CBF4170-BE13-43D1-B74D-DC9E04C86836}" = Media Player 11 - Siemens Settings

"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)

"{40327CA4-761F-483F-B62E-8EDB986A95BE}" = SCCS Java Toolkit

"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009

"{4FF42D9A-B79A-4E9E-9536-C9DB6E506671}" = VNC client 3.3.3r9

"{4FF8EF09-065B-4E49-A700-001872599FBB}" = SIEMENS fonts

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5E076CF2-EFED-43A2-A623-13E0D62EC7E0}" = Windows Server 2003 Administration Tools Pack

"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software

"{5FBE42FA-5CAC-464C-97B8-035402E37117}" = Typeface Siemens

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)

"{695B7633-E613-4C30-AC74-FD8C1F7B8F40}" = Application Consistency Checker

"{6C332A97-5F3C-419F-AD60-A01B227E4745}" = PDFCreator

"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME

"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7847334D-D2A4-4B05-A051-680345E226A4}" = Adobe SVG Viewer 3.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{83E45ABF-E9BD-4AE1-95FC-D0516ABA658E}" = Siemens LogCollector

"{86305FA4-0D98-4702-A9D7-467E0ACD987F}" = EFS CIU

"{89247EDA-8288-49CE-A0CA-5EBC17D70FF0}" = Nero 7 Premium

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9808DA62-AC76-440E-8EDB-DAD33F8D43DF}" = Steelray Project Viewer

"{986E5DC1-7B13-44A6-ABFE-128A6CED2208}" = Operational Service Desk 7.1 Multilanguage

"{9B4DE488-B6C4-4F2E-B773-523FB090FD13}" = Shockwave Player 11.6

"{9EB6DC40-E5D3-42B9-8F17-891C8A3B677B}" = CatUGen 1.3.12

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A946B6FA-A8EC-459C-B40A-3A5F762C241D}" = Authorware Web Player 6.5.0.67 English

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional English

"{B3A6F8E3-068D-4522-9D4E-E750BEA5C889}" = WinZip 9.0 SR-1 English

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEECF731-3F08-4210-8073-7E87F58C01D3}" = Microsoft Office Communicator 2007 R2, MUI

"{D2B6ACFE-FEB5-4950-83B0-6D9B239266EB}" = Flash Player 10.3

"{D4F7D72C-14AD-4AF0-8E7E-222FDCCFE2E2}" = Siemens Corporate Mail Signature

"{D5A55E84-1C14-46F1-8718-1D91F2351FC5}" = Remove Hidden Data Tool

"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer

"{D8D186BD-06A8-4FAF-9510-5E64E5EB07A3}" = Ultra Edit

"{DC15D6DB-F6F3-428D-9918-92704A23E89B}" = SA Dictionary 2005 T1

"{DEAECFA9-FC4E-4AE5-9B1B-14A3A7EC1DE8}" = Microsoft Capicom

"{E0CE343A-DCE3-49EC-8D21-D13185B1C24A}" = Mindjet MindManager Viewer 7 English

"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility

"{EC2B3F46-29CA-4FE4-806A-C956DA087FFD}" = O2Micro Flash Memory Card Windows Driver

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F33CFF0E-6684-43A8-AF99-2F1191B67152}" = Shock Sensor Utility

"{F48BE301-EC78-4686-B580-EE4934558798}" = WIDCOMM Bluetooth Software

"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Active@ UNDELETE 7 Enterprise" = Active@ UNDELETE 7 Enterprise

"Adobe Acrobat 8 Professional English" = Adobe Acrobat 8.3.0 Professional

"Adobe Acrobat 8 Professional English_831" = Adobe Acrobat 8.3.1 - CPSID_83708

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIMP2" = AIMP2

"ARSystem 1" = BMC Remedy Action Request System 7.5.00 Install 1

"Autodesk Design Review 2009" = Autodesk Design Review 2009

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"ie8" = Windows Internet Explorer 8

"IE8-MUI" = Windows Internet Explorer 8 Multilingual User Interface (MUI)

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility

"InstallShield_{EC2B3F46-29CA-4FE4-806A-C956DA087FFD}" = O2Micro Flash Memory Card Windows Driver

"InstallShield_{F33CFF0E-6684-43A8-AF99-2F1191B67152}" = Shock Sensor Utility

"InstallSourceFix" = InstallSourceFix

"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 9.0.1 (x86 bg)" = Mozilla Firefox 9.0.1 (x86 bg)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"OfficeScanNT" = Trend Micro OfficeScan Client

"PROSet" = Intel® Network Connections Drivers

"RDC" = RDC

"SMPlayer" = SMPlayer 0.6.9

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"UltraISO_is1" = UltraISO Premium V9.36

"uTorrent" = µTorrent

"Visual CertExam Suite_is1" = Visual CertExam Suite 1.9

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = WinRAR 4.00 beta 5 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 28.10.2011 г. 02:33:37 | Computer Name = SOFK001C | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 28.10.2011 г. 02:33:39 | Computer Name = SOFK001C | Source = UserInit | ID = 1000

Description = Could not execute the following script MailConf.exe. The system cannot

find the file specified. .

Error - 28.10.2011 г. 02:34:48 | Computer Name = SOFK001C | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for WW300\atw01192 failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 28.10.2011 г. 02:35:55 | Computer Name = SOFK001C | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 28.10.2011 г. 02:35:55 | Computer Name = SOFK001C | Source = UserInit | ID = 1000

Description = Could not execute the following script MailConf.exe. The system cannot

find the file specified. .

Error - 31.10.2011 г. 03:04:47 | Computer Name = SOFK001C | Source = Userenv | ID = 1091

Description = The Group Policy client-side extension Security failed to log RSOP

(Resultant Set of Policy) data. Please look for any errors reported earlier by

that extension.

Error - 31.10.2011 г. 03:04:50 | Computer Name = SOFK001C | Source = Userenv | ID = 1091

Description = The Group Policy client-side extension Group Policy Registry failed

to log RSOP (Resultant Set of Policy) data. Please look for any errors reported

earlier by that extension.

Error - 31.10.2011 г. 03:09:06 | Computer Name = SOFK001C | Source = MsiInstaller | ID = 11719

Description =

Error - 02.11.2011 г. 03:23:47 | Computer Name = SOFK001C | Source = Userenv | ID = 1058

Description = Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=ww930,DC=my-it-solutions,DC=net.

The file must be present at the location <\\ww930.my-it-solutions.net\sysvol\ww930.my-it-solutions.net\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.

(Configuration information could not be read from the domain controller, either

because the machine is unavailable, or access has been denied. ). Group Policy

processing aborted.

Error - 02.11.2011 г. 03:23:47 | Computer Name = SOFK001C | Source = Userenv | ID = 1030

Description = Windows cannot query for the list of Group Policy objects. A message

that describes the reason for this was previously logged by the policy engine.

[ System Events ]

Error - 06.1.2012 г. 09:03:52 | Computer Name = SOFK001C | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 06.1.2012 г. 09:03:52 | Computer Name = SOFK001C | Source = Service Control Manager | ID = 7031

Description = The Juniper Network Connect Service service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in

30000 milliseconds: Restart the service.

Error - 06.1.2012 г. 09:03:52 | Computer Name = SOFK001C | Source = Service Control Manager | ID = 7034

Description = The Java Quick Starter service terminated unexpectedly. It has done

this 1 time(s).

Error - 06.1.2012 г. 09:16:20 | Computer Name = SOFK001C | Source = Service Control Manager | ID = 7031

Description = The Intel® Management and Security Application Local Management

Service service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 10000 milliseconds: Restart the service.

Error - 06.1.2012 г. 09:18:49 | Computer Name = SOFK001C | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain WW930 due to the following:

%%1311. Make sure that the computer is connected to the network and try again. If

the problem persists, please contact your domain administrator.

Error - 06.1.2012 г. 09:18:52 | Computer Name = SOFK001C | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

Error - 06.1.2012 г. 09:18:52 | Computer Name = SOFK001C | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

Error - 06.1.2012 г. 09:19:40 | Computer Name = SOFK001C | Source = Service Control Manager | ID = 7000

Description = The Zune Bus Enumerator Driver service failed to start due to the

following error: %%1058

Error - 06.1.2012 г. 09:19:40 | Computer Name = SOFK001C | Source = Service Control Manager | ID = 7023

Description = The IPSEC Services service terminated with the following error: %%2

Error - 06.1.2012 г. 09:21:48 | Computer Name = SOFK001C | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

< End of report >

Can you provide some assistance. Thanks in advance

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.