Jump to content

Recommended Posts

Afternoon, I have a user who has come across this same issue and have been trying to get the desktop to show icons again as well.

below is the log file from that computer.

please help.

OTL.TXT

-------

OTL logfile created on: 5/9/2011 2:12:31 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = N:\CHQ-Comcast Information Services\EA

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 3006 3006 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.49 Gb Total Space | 52.90 Gb Free Space | 71.02% Space Free | Partition Type: NTFS

Drive K: | 1295.77 Gb Total Space | 138.14 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Drive N: | 2340.00 Gb Total Space | 251.47 Gb Free Space | 10.75% Space Free | Partition Type: NTFS

Drive Q: | 1275.00 Gb Total Space | 138.62 Gb Free Space | 10.87% Space Free | Partition Type: NTFS

Drive S: | 2211.84 Gb Total Space | 764.24 Gb Free Space | 34.55% Space Free | Partition Type: NTFS

Computer Name: DIVWD-HNHZ4G1 | User Name: MAmaro000 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\LMI4.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)

PRC - C:\WINDOWS\LMI4.tmp\lmi_rescue.exe (LogMeIn, Inc.)

PRC - C:\Documents and Settings\MAmaro000\Local Settings\Temp\tmp3.exe (LogMeIn, Inc.)

PRC - N:\CHQ-Comcast Information Services\EA\OTL.exe (OldTimer Tools)

PRC - c:\Eracent\EPA\EracentEPAService.exe (Eracent Corporation)

PRC - c:\Eracent\EPM\epm.exe (Eracent Corporation)

PRC - c:\Eracent\EUA\EracentEUAService.exe (Eracent Corporation)

PRC - c:\Eracent\EPM\EracentEPMService.exe (Eracent Corporation)

PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)

PRC - C:\Program Files\Robust IT\Taskix\Taskix32.exe (Robust IT)

PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)

PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\WINDOWS\LMI4.tmp\rahook.dll (LogMeIn, Inc.)

MOD - C:\WINDOWS\LMI4.tmp\LMIRhook.000.dll (LogMeIn, Inc.)

MOD - N:\CHQ-Comcast Information Services\EA\OTL.exe (OldTimer Tools)

MOD - c:\Eracent\EPM\EracentEPMHookLib.dll (Eracent Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Robust IT\Taskix\Taskix32.dll (Robust IT)

MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\inetmib1.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\snmpapi.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\rassapi.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LMIRescue_d6ff419d-87d3-4ee5-8652-c962191e4070) LogMeIn Rescue (d6ff419d-87d3-4ee5-8652-c962191e4070) -- C:\WINDOWS\LMI4.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)

SRV - (EracentEPAService) -- c:\Eracent\EPA\EracentEPAService.exe (Eracent Corporation)

SRV - (EracentEUAService) -- c:\Eracent\EUA\EracentEUAService.exe (Eracent Corporation)

SRV - (EracentEPMService) -- c:\Eracent\EPM\EracentEPMService.exe (Eracent Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)

SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)

SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)

SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (EPMTcpAn) -- c:\Eracent\EPM\EPMTcpAn.sys ()

DRV - (EPMProcMon) -- c:\Eracent\EPM\EPMProcMon.sys ()

DRV - (EracentARPC) -- c:\Eracent\EPA\arpcollector.sys (Eracent Corporation)

DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)

DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)

DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://teamcomcast

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;24.40.*;www.teamcomcast.com;172.*;126.*;*.cable.comcast.com;*.hostedeet.com;*.adphc.com;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = divproxywae1.cable.comcast.com:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 08:42:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/29 09:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MAmaro000\Application Data\Mozilla\Extensions

[2011/04/18 16:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MAmaro000\Application Data\Mozilla\Firefox\Profiles\roskl1p3.default\extensions

[2011/04/19 13:08:21 | 000,000,000 | ---D | M] (Avery Toolbar) -- C:\Documents and Settings\MAmaro000\Application Data\Mozilla\Firefox\Profiles\roskl1p3.default\extensions\toolbar@ask.com

[2011/03/30 10:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2011/03/29 14:40:29 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MAMARO000\APPLICATION DATA\MOVE NETWORKS

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAMARO000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ROSKL1P3.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI

[2010/11/16 13:34:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/11/16 14:08:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/05/02 08:41:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/08/25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/15 14:38:50 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKCU..\Run: [COMMUNICATOR] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Taskix] C:\Program Files\Robust IT\Taskix\Taskix32.exe (Robust IT)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .OPT - C:\Program Files\Stellent\IBPM\IBPMVwr.dll (Oracle)

O15 - HKCU\..Trusted Domains: comcast.com ([*.cable] * in Trusted sites)

O15 - HKCU\..Trusted Domains: comcast.com ([*.cifa.cable] * in Local intranet)

O15 - HKCU\..Trusted Domains: comcast.com ([ahcmt26.cable] * in Local intranet)

O15 - HKCU\..Trusted Domains: comcast.com ([ahcws03.cable] * in Local intranet)

O15 - HKCU\..Trusted Domains: comcast.com ([certsrv.cable] * in Trusted sites)

O15 - HKCU\..Trusted Domains: comcast.com ([teamcomcast.cable] * in Local intranet)

O15 - HKCU\..Trusted Domains: comcastnets.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: comcastnets.com ([portal] https in Trusted sites)

O15 - HKCU\..Trusted Domains: comtrac ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: curl.bz ([www] * in Trusted sites)

O15 - HKCU\..Trusted Domains: grandslam ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: hostedeet.com ([]* in Local intranet)

O15 - HKCU\..Trusted Domains: pachqconfsch01 ([]http in Local intranet)

O15 - HKCU\..Trusted Domains: teamcomcast ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: teamcomcast.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: teamcomcast.com ([www] * in Local intranet)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289924630406 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289924806203 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://portal.comcastnets.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.252.80.80 69.252.81.81

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corphq.comcast.com

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\MAmaro000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\MAmaro000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/11/16 12:18:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/09/10 12:20:33 | 000,000,172 | ---- | M] () - K:\autorun (PBhaga000 v1).inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 13:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAmaro000\Local Settings\Application Data\Deployment

[2011/05/09 13:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAmaro000\Application Data\Malwarebytes

[2011/05/09 13:13:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/09 13:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/09 13:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/05/09 13:13:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/05/09 13:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/09 11:56:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MAmaro000\Recent

[2011/05/09 11:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAmaro000\Application Data\Windows Search

[2011/05/09 10:58:45 | 000,000,000 | -H-D | C] -- C:\Quarantine

[2011/05/09 10:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\TaskColors 4Outlook

[2011/05/09 10:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TaskColors 4Outlook

[2011/05/06 18:13:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ms

[2011/05/04 11:55:46 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Meetings-Joel

[2011/05/03 09:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAmaro000\Local Settings\Application Data\Help

[2011/05/03 09:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAmaro000\Application Data\Help

[2011/05/03 09:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TimeLeft 3

[2011/05/03 09:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\TimeLeft3

[2011/05/03 09:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAmaro000\Application Data\NesterSoft

[2011/05/03 09:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\1Time

[2011/05/03 09:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\1Time

[2011/04/29 10:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oracle

[2011/04/29 10:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WinMain

[2011/04/29 10:25:17 | 000,106,984 | ---- | C] (Apex Software Corporation) -- C:\WINDOWS\System32\xarraydb.ocx

[2011/04/29 10:25:17 | 000,106,496 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\System32\xadb7.ocx

[2011/04/29 10:25:10 | 000,249,856 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\System32\todgub7.dll

[2011/04/29 10:25:10 | 000,242,640 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\todgub6.dll

[2011/04/29 10:25:09 | 000,983,040 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\System32\todg7.ocx

[2011/04/29 10:25:09 | 000,861,128 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\todg6.ocx

[2011/04/29 10:25:09 | 000,527,024 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\tibase6.dll

[2011/04/29 10:25:09 | 000,274,064 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\tidate6.ocx

[2011/04/29 10:25:09 | 000,245,904 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\tinumb6.ocx

[2011/04/29 10:25:09 | 000,225,432 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\tinumbl6.ocx

[2011/04/29 10:25:09 | 000,225,424 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\timask6.ocx

[2011/04/29 10:25:09 | 000,133,296 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\tishare6.dll

[2011/04/29 10:25:08 | 000,950,272 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\System32\tdbg7.ocx

[2011/04/29 10:25:08 | 000,832,448 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\tdbg6.ocx

[2011/04/29 10:25:08 | 000,489,128 | ---- | C] (ComponentOne LLC) -- C:\WINDOWS\System32\tdbgpp7.dll

[2011/04/29 10:25:08 | 000,316,344 | ---- | C] (Apex Software Corporation) -- C:\WINDOWS\System32\tdbgpp.dll

[2011/04/29 10:24:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXML3a.dll

[2011/04/29 10:24:47 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX

[2011/04/29 10:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stellent

[2011/04/29 10:24:43 | 000,000,000 | -H-D | C] -- C:\temp

[2011/04/29 10:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS

[2011/04/28 09:58:57 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\My Pics

[2011/04/27 09:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer

[2011/04/22 08:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/04/22 08:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/04/22 08:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/04/22 08:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/04/21 15:52:07 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\CET

[2011/04/21 15:23:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2011/04/19 08:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAmaro000\Local Settings\Application Data\AskToolbar

[2011/04/19 08:33:01 | 000,000,000 | -HSD | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\RECYCLER

[2011/04/18 16:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MAmaro000\Application Data\Avery

[2011/04/18 16:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avery

[2011/04/18 16:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2011/04/18 09:52:26 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\VERSUS STUFF

[2011/04/18 09:52:16 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Travel

[2011/04/18 09:52:15 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Tracking

[2011/04/18 09:52:09 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Timesheets

[2011/04/18 09:52:05 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Temple NAMIC 10-0510

[2011/04/18 09:52:04 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Templates

[2011/04/18 09:51:36 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Scanned Docs

[2011/04/18 09:51:22 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Print for Kim

[2011/04/18 09:51:13 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Pres Rep

[2011/04/18 09:51:12 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Personal-Neal

[2011/04/18 09:51:09 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Personal 2

[2011/04/18 09:50:59 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Personal

[2011/04/18 09:50:58 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Performance Appraisals

[2011/04/18 09:50:57 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\One Site

[2011/04/18 09:50:56 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Neal Call Logs

[2011/04/18 09:50:56 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\NAMIC

[2011/04/18 09:50:55 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\My Received Files

[2011/04/18 09:50:54 | 000,000,000 | --SD | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\My Data Sources

[2011/04/18 09:50:54 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\My Meetings

[2011/04/18 09:50:53 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Microsoft Info

[2011/04/18 09:50:39 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Downloads

[2011/04/18 09:50:36 | 000,000,000 | ---D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Contacts

[2011/04/18 09:49:13 | 000,000,000 | -HSD | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\$RECYCLE.BIN

[2011/04/18 09:48:44 | 000,000,000 | R--D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\My Music

[2011/04/18 09:48:38 | 000,000,000 | R--D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\My Pictures

[2011/04/18 09:48:32 | 000,000,000 | R--D | C] -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\My Videos

[2011/04/11 21:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 14:03:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/09 14:03:04 | 000,018,792 | RHS- | M] () -- C:\Documents and Settings\MAmaro000\ntuser.pol

[2011/05/09 14:03:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2011/05/09 14:02:32 | 662,578,176 | ---- | M] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\CPGmail.pst

[2011/05/09 14:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/05/09 13:35:41 | 000,000,222 | ---- | M] () -- C:\CHQ-ACCOUNT (K).lnk

[2011/05/09 13:34:50 | 000,000,463 | ---- | M] () -- C:\WINDOWS\smscfg.ini

[2011/05/09 13:33:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/09 13:13:33 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/09 11:21:18 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18013988

[2011/05/06 18:14:20 | 000,529,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/05/06 18:14:20 | 000,096,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/05/06 18:14:20 | 000,004,764 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.ini

[2011/05/06 18:14:20 | 000,000,621 | ---- | M] () -- C:\WINDOWS\System32\CcmFramework.h

[2011/05/03 11:04:05 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\MAmaro000\Desktop\Templates.lnk

[2011/05/03 11:03:39 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\MAmaro000\Desktop\Safari.lnk

[2011/05/02 21:00:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/05/02 14:44:23 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\MAmaro000\Desktop\24th Floor Scanner.lnk

[2011/04/28 14:44:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/27 11:40:13 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\MAmaro000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/26 11:37:39 | 000,075,759 | ---- | M] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Melinda

[2011/04/26 11:16:58 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\MAmaro000\Desktop\2011-Consultants.lnk

[2011/04/25 11:20:49 | 000,061,064 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/04/21 08:59:11 | 001,326,666 | ---- | M] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Zips_online-countdown3.zip

[2011/04/20 16:41:49 | 117,269,123 | ---- | M] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\NJa03464

[2011/04/20 08:55:17 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\MAmaro000\Desktop\(Q) Drive.lnk

[2011/04/19 13:59:38 | 000,022,767 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2011/04/18 16:49:29 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 13:35:41 | 000,000,222 | ---- | C] () -- C:\CHQ-ACCOUNT (K).lnk

[2011/05/09 13:13:33 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/09 11:21:15 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18013988

[2011/05/06 18:14:20 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini

[2011/05/06 18:14:20 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.h

[2011/05/03 11:04:04 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\MAmaro000\Desktop\Templates.lnk

[2011/05/03 11:03:39 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\MAmaro000\Desktop\Safari.lnk

[2011/04/29 15:55:59 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\MAmaro000\Desktop\24th Floor Scanner.lnk

[2011/04/27 11:40:13 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\MAmaro000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/26 11:37:39 | 000,075,759 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Melinda

[2011/04/26 11:16:58 | 000,000,544 | ---- | C] () -- C:\Documents and Settings\MAmaro000\Desktop\2011-Consultants.lnk

[2011/04/21 08:59:09 | 001,326,666 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Zips_online-countdown3.zip

[2011/04/20 16:41:12 | 117,269,123 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\NJa03464

[2011/04/20 08:55:17 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\MAmaro000\Desktop\(Q) Drive.lnk

[2011/04/19 10:06:57 | 662,578,176 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\CPGmail.pst

[2011/04/18 16:33:55 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/04/18 09:54:50 | 001,340,642 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Zips_online-stopwatch2.zip

[2011/04/18 09:54:50 | 001,326,666 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Zips_online-countdown.zip

[2011/04/18 09:54:49 | 002,568,427 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\VSlogoupdate.pdf

[2011/04/18 09:54:49 | 000,521,603 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\VS_Logo-Standard[1].png

[2011/04/18 09:54:49 | 000,480,542 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Versus-Dot-Com.png

[2011/04/18 09:54:49 | 000,112,370 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\vm instructions.pdf

[2011/04/18 09:54:48 | 001,897,943 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\TheEffectiveExecutiveAssistant.pdf

[2011/04/18 09:54:48 | 000,957,731 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\StressManagement.pdf

[2011/04/18 09:54:48 | 000,248,957 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\Phone 1140_quick reference guide.pdf

[2011/04/18 09:54:47 | 000,031,507 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\online-countdown.swf

[2011/04/18 09:54:43 | 002,312,862 | R--- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\bug-in-mouth-brings-out-the-street-in-reporter_1.wmv

[2011/04/18 09:54:43 | 000,037,888 | ---- | C] () -- \\cable.comcast.com\corp-dfs\CHQ-USERS3\MAmaro000\My Documents\06206279.xlt

[2011/04/06 11:07:48 | 000,061,064 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/03/29 09:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/03/28 21:46:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll

[2010/11/16 15:09:17 | 000,000,463 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/11/16 15:05:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2010/11/16 15:05:07 | 000,529,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/16 15:05:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2010/11/16 15:05:07 | 000,096,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/16 15:05:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2010/11/16 15:05:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2010/11/16 15:05:06 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2010/11/16 15:05:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2010/11/16 15:05:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2010/11/16 15:05:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2010/11/16 15:05:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2010/11/16 15:04:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2010/11/16 13:39:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/16 12:23:01 | 000,000,051 | ---- | C] () -- C:\WINDOWS\smsts.ini

[2010/11/16 12:20:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/11/16 12:15:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/11/16 12:15:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2010/11/16 07:12:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/11/16 07:11:10 | 000,287,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2011/03/29 08:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy

[2011/03/29 10:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2011/04/06 11:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/04/18 16:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAmaro000\Application Data\Avery

[2011/03/29 09:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAmaro000\Application Data\emergingsoft

[2011/03/29 09:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAmaro000\Application Data\ICAClient

[2011/03/29 10:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAmaro000\Application Data\Juniper Networks

[2011/04/04 13:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAmaro000\Application Data\LynchMarks

[2011/05/03 09:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAmaro000\Application Data\NesterSoft

[2010/11/16 12:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAmaro000\Application Data\Windows Desktop Search

[2011/05/09 11:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MAmaro000\Application Data\Windows Search

[2011/05/09 14:03:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[2011/05/09 14:01:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

EXTRAS.TXT.

-----------

OTL Extras logfile created on: 5/9/2011 2:12:32 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = N:\CHQ-Comcast Information Services\EA

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): C:\pagefile.sys 3006 3006 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.49 Gb Total Space | 52.90 Gb Free Space | 71.02% Space Free | Partition Type: NTFS

Drive K: | 1295.77 Gb Total Space | 138.14 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Drive N: | 2340.00 Gb Total Space | 251.47 Gb Free Space | 10.75% Space Free | Partition Type: NTFS

Drive Q: | 1275.00 Gb Total Space | 138.62 Gb Free Space | 10.87% Space Free | Partition Type: NTFS

Drive S: | 2211.84 Gb Total Space | 764.24 Gb Free Space | 34.55% Space Free | Partition Type: NTFS

Computer Name: DIVWD-HNHZ4G1 | User Name: MAmaro000 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes

"{398DA395-DF34-4A03-8DE9-3E7A8680BB51}" = Comcast ProRescue Calling Card

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari

"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DDD659C-33B9-4565-BCA0-C08289398459}" = PS|Ship for Outlook

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.