Essential Cleaner Virus -- Please help remove...

View previous topic View next topic Go down

Essential Cleaner Virus -- Please help remove...

Post by kasturi2006 on Sat May 07, 2011 12:07 am

My system got infected with Essential Cleaner Virus. Please help remove.

Malware Bytes crashes my system when I try to run it...

I have executed the OTL.exe and these are the 2 outputs I got:

OTL logfile created on: 5/6/2011 6:23:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\501831044\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\PageFile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.02 Gb Total Space | 94.52 Gb Free Space | 81.46% Space Free | Partition Type: NTFS
Drive D: | 114.85 Gb Total Space | 97.49 Gb Free Space | 84.88% Space Free | Partition Type: NTFS

Computer Name: T00690712 | User Name: 501831044 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/06 18:22:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\501831044\Desktop\OTL.exe
PRC - [2011/05/06 18:00:05 | 000,377,344 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\nO31000AlMdN31000\nO31000AlMdN31000.exe
PRC - [2011/04/30 16:46:15 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/30 14:26:17 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jdk1.6.0_18\bin\java.exe
PRC - [2011/04/29 14:45:47 | 000,125,992 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
PRC - [2011/04/29 14:45:47 | 000,030,248 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
PRC - [2011/04/29 14:45:44 | 000,093,736 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/04/29 14:45:41 | 000,104,488 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/04/29 14:45:38 | 000,802,816 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2011/04/29 14:45:38 | 000,278,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2011/02/23 08:22:08 | 000,094,008 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
PRC - [2011/02/23 08:22:06 | 000,347,448 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
PRC - [2010/12/16 17:54:58 | 000,931,184 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe
PRC - [2010/12/16 17:54:54 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
PRC - [2010/12/16 17:26:50 | 000,152,944 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
PRC - [2010/12/16 05:32:26 | 000,402,800 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\Endpoint Defense\dsEES.exe
PRC - [2010/12/16 00:37:00 | 000,198,000 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2010/07/07 22:43:32 | 000,217,912 | ---- | M] (WebEx) -- C:\Program Files\WebEx\Connect\wbxcOIEx.exe
PRC - [2010/07/07 22:39:36 | 003,677,496 | ---- | M] (Cisco WebEx) -- C:\Program Files\WebEx\Connect\connect.exe
PRC - [2010/05/13 04:33:44 | 000,288,112 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/04/21 06:58:54 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/04/21 06:58:54 | 000,237,650 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010/04/12 11:50:58 | 000,238,904 | ---- | M] () -- C:\Program Files\WebEx\Connect\Widget.exe
PRC - [2010/03/24 08:09:28 | 000,812,448 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2010/03/24 08:09:28 | 000,027,040 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2010/03/23 21:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/18 00:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/02/03 04:09:46 | 000,429,096 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/02/03 04:09:46 | 000,175,144 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/01/10 20:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
PRC - [2009/11/20 23:55:42 | 002,119,032 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/11/20 23:55:42 | 000,632,160 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/02 05:19:16 | 000,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
PRC - [2009/09/19 01:01:08 | 000,333,088 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwtracepktwpp.exe
PRC - [2009/08/19 09:20:52 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2009/07/07 10:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/03/26 22:58:08 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/02/08 03:11:00 | 000,155,648 | ---- | M] (CA) -- C:\Program Files\CA\DSM\bin\amswmagt.exe
PRC - [2009/02/08 03:10:10 | 000,026,624 | ---- | M] () -- C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
PRC - [2009/02/08 01:23:12 | 000,221,184 | ---- | M] (CA) -- C:\Program Files\CA\DSM\bin\ccnfAgent.exe
PRC - [2009/02/08 01:22:48 | 000,031,232 | ---- | M] (CA) -- C:\Program Files\CA\DSM\bin\ccsmagtd.exe
PRC - [2009/02/08 01:21:10 | 000,200,704 | ---- | M] (CA) -- C:\Program Files\CA\DSM\bin\cfnotsrvd.exe
PRC - [2009/02/08 01:21:10 | 000,057,344 | ---- | M] (CA) -- C:\Program Files\CA\DSM\bin\cfFTPlugin.exe
PRC - [2009/02/08 01:21:10 | 000,027,136 | ---- | M] (CA) -- C:\Program Files\CA\DSM\bin\cfsmsmd.exe
PRC - [2009/02/08 01:21:08 | 000,188,416 | ---- | M] (CA) -- C:\Program Files\CA\DSM\bin\CAF.exe
PRC - [2009/02/01 07:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/12/09 16:34:20 | 000,147,456 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SC\CAM\bin\cam.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2005/08/29 22:03:50 | 059,027,456 | ---- | M] (Oracle Corporation) -- d:\oracle\product\10.2.0\db_1\BIN\oracle.exe
PRC - [2005/08/16 12:22:04 | 000,006,656 | ---- | M] (Oracle Corporation) -- D:\oracle\product\10.2.0\db_1\BIN\emagent.exe
PRC - [2005/08/16 12:21:06 | 000,024,064 | ---- | M] (Oracle Corporation) -- D:\oracle\product\10.2.0\db_1\BIN\nmesrvc.exe
PRC - [2005/08/16 01:23:02 | 000,053,248 | ---- | M] (Oracle) -- D:\oracle\product\10.2.0\db_1\BIN\isqlplussvc.exe
PRC - [2005/08/15 23:57:48 | 000,204,800 | ---- | M] () -- D:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.EXE
PRC - [2005/04/08 19:09:00 | 000,045,161 | ---- | M] () -- D:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
PRC - [2004/11/15 09:35:30 | 000,016,384 | ---- | M] () -- D:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe


========== Modules (SafeList) ==========

MOD - File not found -- C:\WINDOWS\System32\DgApi.dll
MOD - File not found -- C:\Program Files\DGAgent\plugins\09D849B6-32D3-4a40-85EE-6B84BA29E35B\AME_SMTPSensor.dll
MOD - File not found -- C:\Program Files\DGAgent\plugins\09D849B6-32D3-4a40-85EE-6B84BA29E35B\AME_OutlookSensor.dll
MOD - File not found -- C:\Program Files\DGAgent\plugins\09D849B6-32D3-4a40-85EE-6B84BA29E35B\AE_MailSensor_Plugin.dll
MOD - [2011/05/06 18:22:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\501831044\Desktop\OTL.exe
MOD - [2011/04/29 14:45:40 | 000,237,832 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/11/20 23:55:52 | 000,099,688 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/29 14:45:47 | 000,125,992 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2011/04/29 14:45:47 | 000,030,248 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2011/04/29 14:45:44 | 000,093,736 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/04/29 14:45:41 | 000,104,488 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/04/29 14:45:38 | 000,802,816 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2011/04/29 14:45:38 | 000,278,528 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2010/12/16 17:54:54 | 000,193,904 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe -- (odClientService)
SRV - [2010/12/16 17:26:50 | 000,152,944 | ---- | M] (Juniper Networks) [On_Demand | Running] -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe -- (EacService)
SRV - [2010/12/16 00:37:00 | 000,198,000 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2010/08/14 01:11:20 | 008,750,408 | ---- | M] () [Auto | Running] -- C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\MAVservice.exe -- (IAScan)
SRV - [2010/04/21 06:58:54 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/03/24 08:09:28 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2010/03/24 08:09:28 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2010/02/03 04:09:46 | 000,175,144 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/01/10 20:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/10/02 05:19:16 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2009/03/26 22:58:08 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/02/08 01:21:08 | 000,188,416 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\DSM\bin\caf.exe -- (caf)
SRV - [2008/12/09 16:34:20 | 000,147,456 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SC\CAM\bin\cam.exe -- (CA-MessageQueuing)
SRV - [2005/08/29 22:03:50 | 059,027,456 | ---- | M] (Oracle Corporation) [Auto | Running] -- d:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE -- (OracleServiceENOVIA)
SRV - [2005/08/29 19:32:22 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- d:\oracle\product\10.2.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerENOVIA)
SRV - [2005/08/16 12:21:06 | 000,024,064 | ---- | M] (Oracle Corporation) [Auto | Running] -- D:\oracle\product\10.2.0\db_1\BIN\nmesrvc.exe -- (OracleDBConsoleenovia)
SRV - [2005/08/16 01:23:02 | 000,053,248 | ---- | M] (Oracle) [Auto | Running] -- D:\oracle\product\10.2.0\db_1\BIN\isqlplussvc.exe -- (OracleOraDb10g_home1iSQL*Plus)
SRV - [2005/08/15 23:57:48 | 000,204,800 | ---- | M] () [Auto | Running] -- D:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe -- (OracleOraDb10g_home1TNSListener)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\DGUSBMon.SYS -- (DGUSBMon)
DRV - File not found [Kernel | Unknown | Running] -- C:\WINDOWS\System32\Drivers\DGTDIMon.SYS -- (DGTDIMon)
DRV - File not found [Kernel | Unknown | Running] -- C:\WINDOWS\System32\Drivers\DGRule.SYS -- (DGRule)
DRV - File not found [File_System | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\DgRec.sys -- (DGREC)
DRV - File not found [Kernel | Unknown | Running] -- C:\WINDOWS\System32\Drivers\DGMaster.sys -- (DGMaster)
DRV - File not found [Kernel | Unknown | Running] -- C:\WINDOWS\System32\Drivers\DGKPMail.sys -- (DGKPMail)
DRV - File not found [Kernel | Unknown | Running] -- C:\WINDOWS\System32\Drivers\DGFSMon.SYS -- (DGFSMon)
DRV - File not found [File_System | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\DgFiltr.sys -- (DGFILTR)
DRV - File not found [File_System | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\DgDtl.sys -- (DGDTL)
DRV - File not found [File_System | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\DgDt.sys -- (DGDT)
DRV - File not found [File_System | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\DgDsl.sys -- (DGDSL)
DRV - File not found [File_System | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\DgDs.sys -- (DGDS)
DRV - File not found [File_System | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\DgDmkl.sys -- (DGDmkl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\DgDmkDisk.sys -- (DgDmkDisk)
DRV - File not found [File_System | Unknown | Stopped] -- C:\WINDOWS\System32\Drivers\DgDmk.sys -- (DGDmk)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\DGCOTMAN.sys -- (DGCOTMAN)
DRV - File not found [Kernel | Unknown | Running] -- C:\WINDOWS\System32\Drivers\DGBusMon.SYS -- (DGBusMon)
DRV - File not found [Kernel | Unknown | Running] -- C:\WINDOWS\System32\Drivers\DGAPIMon.SYS -- (DGAPIMon)
DRV - [2011/04/29 21:58:18 | 000,909,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011/04/29 21:58:18 | 000,047,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2011/04/29 19:05:18 | 000,019,920 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\MANDIANT\MANDIANT Intelligent Response Agent\mktools.sys -- (Mandiant_Tools)
DRV - [2011/04/29 14:45:47 | 000,100,136 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2011/04/29 14:45:45 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2011/04/29 14:45:42 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/04/29 14:45:42 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/04/29 14:45:40 | 000,152,192 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2011/04/24 18:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2010/12/16 17:09:44 | 000,282,496 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips2.sys -- (odFips2)
DRV - [2010/12/16 17:09:44 | 000,009,856 | ---- | M] (Juniper Networks, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\odFips.sys -- (odFips)
DRV - [2010/07/15 15:09:18 | 000,034,800 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2010/07/15 15:09:14 | 000,017,776 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jnprva.sys -- (jnprva)
DRV - [2010/07/15 15:09:12 | 000,420,464 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna.sys -- (jnprna)
DRV - [2010/05/13 04:17:00 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/21 06:58:54 | 001,660,051 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/04/06 08:35:56 | 000,168,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2010/03/20 00:39:08 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010/02/27 07:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 11:47:36 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/01/19 20:50:12 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/01/18 15:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)
DRV - [2010/01/18 15:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stdfltn.sys -- (stdflt)
DRV - [2009/11/04 01:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/10/06 13:49:48 | 000,187,960 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ahcix86.sys -- (ahcix86)
DRV - [2009/10/02 05:18:49 | 000,015,248 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SbPrcCtl.sys -- (SbPrcCtl)
DRV - [2009/10/02 05:18:27 | 000,006,496 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/10/02 05:18:23 | 000,033,328 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\RsvLock.sys -- (RsvLock)
DRV - [2009/10/02 05:18:16 | 000,034,480 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SbFlop.sys -- (SbFlop)
DRV - [2009/10/02 05:17:57 | 000,103,760 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/05/21 05:48:10 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/04/22 06:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/26 22:41:04 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/08/13 13:51:42 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SBAlg)
DRV - [2008/06/04 22:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/04/04 21:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2007/09/19 15:36:16 | 000,100,096 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2004/11/05 16:54:50 | 000,136,704 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = [You must be registered and logged in to see this link.]

========== FireFox ==========

FF - prefs.js..network.proxy.autoconfig_url: "http://ps.setpac.ge.com/pac.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/30 16:46:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 16:46:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/29 18:17:24 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\501831044\Application Data\Mozilla\Extensions
[2011/05/03 21:16:16 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\501831044\Application Data\Mozilla\Firefox\Profiles\9flgsxuu.default\extensions
[2011/04/30 16:57:40 | 000,000,000 | ---D | M] (KeyScrambler) -- D:\Documents and Settings\501831044\Application Data\Mozilla\Firefox\Profiles\9flgsxuu.default\extensions\keyscrambler@qfx.software.corporation
[2011/04/30 14:27:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/30 14:26:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
() (No name found) -- D:\DOCUMENTS AND SETTINGS\501831044\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9FLGSXUU.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- D:\DOCUMENTS AND SETTINGS\501831044\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9FLGSXUU.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
[2011/04/30 16:46:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/05 19:43:41 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [GEvpnPacCheck] C:\Program Files\Juniper Networks\VPN_PAC_CHECK.vbs ()
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (Juniper Networks, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [SetCacheMode] C:\WINDOWS\System32\ptipbmf.dll ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_15\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [CheckIt] C:\WINDOWS/SYSTEM32/GE/Scripts/Checkit.vbs ()
O4 - HKCU..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4 - HKCU..\RunOnce: [nO31000AlMdN31000] D:\Documents and Settings\All Users\Application Data\nO31000AlMdN31000\nO31000AlMdN31000.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\IconAC76BA86.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nodrivetypeautorun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: vetco.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: vetcogray.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ge.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([*.supportcentral] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([cincnt1.ssqc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([cincnt2.ssqc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([genet.ae] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([inside] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([libraries] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([ssqc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ge.com ([time.infra] * in Trusted sites)
O15 - HKCU\..Trusted Domains: logmeinrescue-enterprise.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mahindrasatyam.com ([ontime] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vetco.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: vetcogray.com ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} [You must be registered and logged in to see this link.] (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O16 - DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} [You must be registered and logged in to see this link.] (Loader Class v5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = psamer.ps.ge.com
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\CAF: DllName - C:\Program Files\CA\DSM\Bin\cfwlogon.dll - C:\Program Files\CA\DSM\bin\cfWlogon.dll (CA)
O20 - Winlogon\Notify\OdysseyClient: DllName - odyEvent.dll - C:\WINDOWS\System32\odyEvent.dll (Juniper Networks, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/05 11:28:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6d4d3ccc-e02b-11de-9e7b-ed3e4b11f6bb}\Shell\AutoRun\command - "" = Programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{8a9ac29a-a232-11de-a438-844cddf9895f}\Shell\AutoRun\command - "" = Programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{96e5771a-8bda-11df-b3c4-bc2b75784766}\Shell\AutoRun\command - "" = Programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{dff8e6fa-7348-11df-8f47-cc826885f0a8}\Shell - "" = AutoRun
O33 - MountPoints2\{dff8e6fa-7348-11df-8f47-cc826885f0a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dff8e6fa-7348-11df-8f47-cc826885f0a8}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{dff8e6fb-7348-11df-8f47-c4cfda9322b7}\Shell\AutoRun\command - "" = Programs\nu2menu\nu2menu.exe
O33 - MountPoints2\{f6189e64-e23e-11df-a702-9801d6bd58ac}\Shell\AutoRun\command - "" = Programs\nu2menu\nu2menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 18:22:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\501831044\Desktop\OTL.exe
[2011/05/06 18:00:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\nO31000AlMdN31000
[2011/05/05 08:08:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\Google
[2011/05/02 14:50:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/05/02 10:40:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\ief
[2011/05/01 20:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Dassault Systemes
[2011/05/01 20:46:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\DassaultSystemes
[2011/05/01 20:46:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\DassaultSystemes
[2011/05/01 19:59:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\Mercury Interactive
[2011/05/01 19:58:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\09D849B6-32D3-4a40-85EE-6B84BA29E35B
[2011/05/01 19:56:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\{F28EEC54-8380-4273-BE32-4052A058D37E}
[2011/05/01 19:55:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Seven Zip
[2011/05/01 19:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mercury Interactive
[2011/05/01 00:56:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Start Menu\Programs\EditPlus 3
[2011/05/01 00:56:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\EditPlus 3
[2011/05/01 00:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\EditPlus 3
[2011/04/30 17:06:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\QFX Software
[2011/04/30 17:06:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\QFX Software
[2011/04/30 16:57:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\KeyScrambler
[2011/04/30 16:57:26 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[2011/04/30 16:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/04/30 16:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\EditPlus 2
[2011/04/30 16:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/04/30 16:46:21 | 000,199,904 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/04/30 16:46:16 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/04/30 16:46:16 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/04/30 16:46:16 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/04/30 16:46:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/04/30 16:46:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Real
[2011/04/30 16:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/04/30 16:45:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Real
[2011/04/30 16:44:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\501831044\Desktop\ZAPGRAB2.EXE
[2011/04/30 16:25:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2011/04/30 16:03:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\ENOVIA Live Collaboration Server
[2011/04/30 16:01:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Oracle
[2011/04/30 15:54:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\ENOVIA Studio Modeling Platform
[2011/04/30 15:53:09 | 000,000,000 | ---D | C] -- C:\enoviav6r2010x
[2011/04/30 15:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\apache-tomcat-6.0.24
[2011/04/30 14:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET
[2011/04/30 14:42:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\Microsoft Help
[2011/04/30 14:41:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Oracle - OraDb10g_home1
[2011/04/30 14:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/04/30 14:27:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2011/04/30 14:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/04/29 22:02:29 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/04/29 22:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2011/04/29 22:02:23 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll
[2011/04/29 22:02:23 | 000,255,096 | ---- | C] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\drivers\Apfiltr.sys
[2011/04/29 22:02:23 | 000,109,122 | ---- | C] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\Vxdif.dll
[2011/04/29 22:01:50 | 000,106,557 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\btw_ci.dll
[2011/04/29 22:01:50 | 000,092,072 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwsecfl.sys
[2011/04/29 22:01:50 | 000,047,656 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwusb.sys
[2011/04/29 22:01:49 | 000,909,736 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btkrnl.sys
[2011/04/29 22:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/04/29 22:01:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2011/04/29 21:56:48 | 000,042,672 | ---- | C] (ST Microelectronics) -- C:\WINDOWS\System32\drivers\Accelern.sys
[2011/04/29 21:56:48 | 000,017,072 | ---- | C] (ST Microelectronics) -- C:\WINDOWS\System32\drivers\stdfltn.sys
[2011/04/29 21:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\STMicroelectronics
[2011/04/29 21:56:46 | 000,000,000 | ---D | C] -- C:\Dell
[2011/04/29 21:56:32 | 002,696,448 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS
[2011/04/29 21:56:23 | 011,870,298 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtsg.cpl
[2011/04/29 21:56:23 | 003,358,720 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2011/04/29 21:56:23 | 000,737,280 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AESTFltr.exe
[2011/04/29 21:56:23 | 000,253,952 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AESTCtrl.cpl
[2011/04/29 21:56:20 | 001,660,051 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys
[2011/04/29 21:56:20 | 000,544,866 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2011/04/29 21:56:20 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st326281.dll
[2011/04/29 21:56:18 | 000,113,664 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AESTAud.sys
[2011/04/29 21:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/04/29 21:55:55 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01005.dll
[2011/04/29 21:55:55 | 000,033,832 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\cvusbdrv.sys
[2011/04/29 21:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom Corporation
[2011/04/29 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/04/29 21:55:18 | 000,026,608 | ---- | C] (Dell Inc) -- C:\WINDOWS\System32\drivers\PBADRV.sys
[2011/04/29 21:55:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccid.sys
[2011/04/29 21:55:10 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys
[2011/04/29 21:54:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\BioAPIFFDB
[2011/04/29 21:52:07 | 000,168,616 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\e1k5132.sys
[2011/04/29 21:52:07 | 000,074,944 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstK.dll
[2011/04/29 21:52:07 | 000,068,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\e1kmsg.dll
[2011/04/29 21:51:59 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2011/04/29 21:51:57 | 000,132,480 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\Impcd.sys
[2011/04/29 21:51:56 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2011/04/29 21:51:55 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2011/04/29 21:51:53 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2011/04/29 21:51:52 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2011/04/29 21:51:51 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2011/04/29 21:51:50 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2011/04/29 21:51:49 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2011/04/29 21:51:48 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2011/04/29 21:51:47 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2011/04/29 21:51:46 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2011/04/29 21:51:44 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2011/04/29 21:51:42 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/04/29 21:51:42 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2011/04/29 21:51:42 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/04/29 21:51:42 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2011/04/29 21:51:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/04/29 21:51:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2011/04/29 21:51:39 | 000,235,520 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\IntcDAud.sys
[2011/04/29 21:51:29 | 010,960,384 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ig4icd32.dll
[2011/04/29 21:51:29 | 004,095,488 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2011/04/29 21:51:29 | 003,477,088 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2011/04/29 21:51:29 | 003,145,752 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\GfxUI.exe
[2011/04/29 21:51:29 | 000,828,928 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2011/04/29 21:51:29 | 000,194,048 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2011/04/29 21:51:29 | 000,181,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2011/04/29 21:51:29 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2011/04/29 21:51:29 | 000,121,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\gfxSrvc.dll
[2011/04/29 21:51:29 | 000,115,200 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2011/04/29 21:51:29 | 000,094,720 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2011/04/29 21:51:29 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2011/04/29 21:51:29 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresn.lrc
[2011/04/29 21:51:29 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2011/04/29 21:51:29 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2011/04/29 21:51:29 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2011/04/29 21:51:29 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2011/04/29 21:51:29 | 000,082,944 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2011/04/29 21:51:29 | 000,082,944 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2011/04/29 21:51:29 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2011/04/29 21:51:29 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2011/04/29 21:51:29 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxCoIn_v5258.dll
[2011/04/29 21:51:29 | 000,057,856 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2011/04/29 21:51:29 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2011/04/29 21:51:29 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2011/04/29 21:51:29 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/04/29 21:50:54 | 000,196,608 | ---- | C] (RICOH) -- C:\WINDOWS\System32\RiSDIcon.dll
[2011/04/29 21:50:54 | 000,188,416 | ---- | C] (RICOH) -- C:\WINDOWS\System32\RiMMCIcon.dll
[2011/04/29 21:50:54 | 000,059,904 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\risdpe86.sys
[2011/04/29 21:50:53 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/04/29 21:50:01 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2011/04/29 21:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/04/29 21:50:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/04/29 21:49:58 | 000,000,000 | ---D | C] -- C:\Intel
[2011/04/29 21:49:46 | 000,053,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011/04/29 21:49:26 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/04/29 21:49:23 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2011/04/29 21:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/04/29 19:30:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\WebEx
[2011/04/29 19:05:12 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Application Data\MANDIANT
[2011/04/29 19:05:12 | 000,000,000 | -H-D | C] -- C:\Program Files\MANDIANT
[2011/04/29 19:03:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Start Menu\Programs\Juniper Networks

kasturi2006
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2011-05-06
Gender : Female
OS : Windows XP

View user profile

Back to top Go down

Re: Essential Cleaner Virus -- Please help remove...

Post by kasturi2006 on Sat May 07, 2011 12:07 am

[2011/04/29 19:03:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Juniper Networks
[2011/04/29 19:02:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Sun
[2011/04/29 18:27:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\My Documents\Downloads
[2011/04/29 18:15:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\Mozilla
[2011/04/29 18:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/29 18:03:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\Adobe
[2011/04/29 17:22:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\GE
[2011/04/29 17:12:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\WebEx
[2011/04/29 16:54:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Webex
[2011/04/29 16:38:56 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\501831044\PrivacIE
[2011/04/29 16:38:25 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\501831044\IETldCache
[2011/04/29 16:38:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Macromedia
[2011/04/29 16:12:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Mozilla
[2011/04/29 16:12:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Connect
[2011/04/29 16:11:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\WebEx Connect
[2011/04/29 16:11:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\WebEx Connect
[2011/04/29 16:08:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\My Documents\Outlook Files
[2011/04/29 16:00:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Bluetooth Software
[2011/04/29 16:00:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\My Documents\Bluetooth Exchange Folder
[2011/04/29 16:00:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\Identities
[2011/04/29 16:00:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Windows Desktop Search
[2011/04/29 16:00:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Funk Software
[2011/04/29 15:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GE
[2011/04/29 15:58:15 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\501831044\Cookies
[2011/04/29 15:58:07 | 000,000,000 | --SD | C] -- D:\Documents and Settings\501831044\Application Data\Microsoft
[2011/04/29 15:58:07 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\501831044\SendTo
[2011/04/29 15:58:07 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\501831044\Recent
[2011/04/29 15:58:07 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\501831044\Application Data
[2011/04/29 15:58:07 | 000,000,000 | R--D | C] -- D:\Documents and Settings\501831044\Start Menu\Programs\Startup
[2011/04/29 15:58:07 | 000,000,000 | R--D | C] -- D:\Documents and Settings\501831044\Start Menu
[2011/04/29 15:58:07 | 000,000,000 | R--D | C] -- D:\Documents and Settings\501831044\My Documents\My Videos
[2011/04/29 15:58:07 | 000,000,000 | R--D | C] -- D:\Documents and Settings\501831044\My Documents\My Pictures
[2011/04/29 15:58:07 | 000,000,000 | R--D | C] -- D:\Documents and Settings\501831044\My Documents\My Music
[2011/04/29 15:58:07 | 000,000,000 | R--D | C] -- D:\Documents and Settings\501831044\My Documents
[2011/04/29 15:58:07 | 000,000,000 | R--D | C] -- D:\Documents and Settings\501831044\Favorites
[2011/04/29 15:58:07 | 000,000,000 | R--D | C] -- D:\Documents and Settings\501831044\Start Menu\Programs\Administrative Tools
[2011/04/29 15:58:07 | 000,000,000 | R--D | C] -- D:\Documents and Settings\501831044\Start Menu\Programs\Accessories
[2011/04/29 15:58:07 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\501831044\Templates
[2011/04/29 15:58:07 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\501831044\PrintHood
[2011/04/29 15:58:07 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\501831044\NetHood
[2011/04/29 15:58:07 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\501831044\Local Settings
[2011/04/29 15:58:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\Western Digital
[2011/04/29 15:58:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Local Settings\Application Data\Microsoft
[2011/04/29 15:58:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Identities
[2011/04/29 15:58:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Desktop
[2011/04/29 15:58:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\501831044\Application Data\Adobe
[2011/04/29 15:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/04/29 15:09:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/04/29 15:08:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2011/04/29 15:00:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/29 14:47:25 | 000,100,136 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\scfdriver.sys
[2011/04/29 14:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sophos
[2011/04/29 14:46:54 | 000,129,576 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2011/04/29 14:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/04/29 14:46:27 | 000,026,664 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2011/04/29 14:45:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/04/29 14:45:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sophos
[2011/04/29 14:45:45 | 000,024,064 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2011/04/29 14:45:42 | 000,023,928 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\sdcfilter.sys
[2011/04/29 14:45:42 | 000,014,976 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\SophosBootDriver.sys
[2011/04/29 14:45:40 | 000,152,192 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2011/04/29 14:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/04/29 14:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\SafeBoot Tray Manager
[2011/04/29 14:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/04/29 14:43:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Dialup + VPN
[2011/04/29 14:42:49 | 000,345,384 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2011/04/29 14:41:32 | 000,000,000 | ---D | C] -- C:\Source
[2011/04/29 14:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/04/29 14:37:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/04/29 14:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/29 14:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/04/29 14:37:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Microsoft
[2011/04/29 14:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/04/29 14:35:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/04/29 14:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/29 14:35:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/04/29 14:35:26 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/04/29 14:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\GE
[2011/04/29 14:32:45 | 000,012,304 | ---- | C] (CA) -- C:\WINDOWS\cfig50wnt.sys
[2011/04/29 14:32:32 | 000,061,440 | R--- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System\CAWinXsN.dll
[2011/04/29 14:32:32 | 000,061,440 | R--- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System\CAWinExN.dll
[2011/04/29 14:32:32 | 000,057,344 | R--- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System\CAWinXsF.dll
[2011/04/29 14:32:32 | 000,057,344 | R--- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System\CAWinExF.dll
[2011/04/29 14:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2011/04/29 14:32:04 | 000,000,000 | ---D | C] -- C:\tags
[2011/04/29 14:32:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2011/04/29 14:32:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Minitab 12 for Windows
[2011/04/29 14:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\MTBWIN
[2011/04/29 14:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/04/29 14:29:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Adobe
[2011/04/29 14:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/29 14:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2011/04/29 14:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/04/29 14:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/04/29 14:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/04/29 14:27:47 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/04/29 14:27:47 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/04/29 14:27:47 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/04/29 14:27:47 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/04/29 14:27:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/04/29 14:27:46 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/04/29 14:25:01 | 000,000,000 | ---D | C] -- C:\GE Logo
[2011/04/29 14:24:43 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2011/04/29 14:24:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/29 14:24:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/29 14:24:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/29 14:24:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/29 14:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/29 14:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/29 14:23:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/04/29 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\GEUNINST
[2011/04/29 14:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/04/29 14:23:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\GE Applications
[2011/04/29 14:23:13 | 000,234,864 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\odyGina.dll
[2011/04/29 14:23:12 | 000,415,088 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\odGinaLibrary.dll
[2011/04/29 14:23:12 | 000,218,480 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\odyEvent.dll
[2011/04/29 14:22:59 | 000,226,672 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\odLogin.dll
[2011/04/29 14:22:48 | 000,034,800 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprvamgr.sys
[2011/04/29 14:22:33 | 000,017,776 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprva.sys
[2011/04/29 14:22:16 | 000,420,464 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprna.sys
[2011/04/29 14:22:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2011/04/29 14:22:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/04/29 14:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Juniper Networks
[2011/04/29 14:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Funk Software
[2011/04/29 14:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2011/04/29 14:20:55 | 000,000,000 | --SD | C] -- D:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/04/29 14:20:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/04/29 14:20:54 | 000,000,000 | --SD | C] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/04/29 14:20:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/04/29 14:19:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/04/29 14:19:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Start Menu
[2011/04/29 14:19:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Videos
[2011/04/29 14:19:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Pictures
[2011/04/29 14:19:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Music
[2011/04/29 14:19:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents
[2011/04/29 14:19:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/04/29 14:19:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/04/29 14:19:39 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\DRM
[2011/04/29 14:19:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Templates
[2011/04/29 14:19:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Favorites
[2011/04/29 14:19:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Documentation
[2011/04/29 14:19:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Desktop
[2011/04/29 14:19:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Applications
[2011/04/29 14:19:38 | 000,000,000 | --SD | C] -- D:\Documents and Settings\All Users\Application Data\Microsoft
[2011/04/29 14:19:38 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\All Users\Application Data
[2011/04/29 14:19:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Dell
[2011/04/29 14:19:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Broadcom
[2011/04/29 14:19:34 | 000,000,000 | ---D | C] -- C:\Tmp
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 18:23:30 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-857407748-547254352-1705232-270332.job
[2011/05/06 18:23:30 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-857407748-547254352-1705232-270332.job
[2011/05/06 18:22:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\501831044\Desktop\OTL.exe
[2011/05/06 18:13:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-857407748-547254352-1705232-270332UA.job
[2011/05/06 13:07:09 | 000,000,340 | -H-- | M] () -- C:\WINDOWS\tasks\ITAM Agent Check Daily.job
[2011/05/06 12:12:30 | 000,000,142 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/06 08:13:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-857407748-547254352-1705232-270332Core.job
[2011/05/05 12:14:54 | 000,038,600 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol
[2011/05/05 10:54:03 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\ITAM Agent Check.job
[2011/05/05 10:31:40 | 000,465,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/05 10:31:40 | 000,079,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/05 10:25:18 | 000,026,725 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_5_5_10_25_17.dmp
[2011/05/05 10:24:35 | 000,002,193 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/05/05 10:23:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 01:38:20 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/05/05 00:00:04 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/05/04 22:47:59 | 000,026,725 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_5_4_22_47_59.dmp
[2011/05/04 14:21:38 | 000,000,167 | ---- | M] () -- C:\WINDOWS\mercury.ini
[2011/05/03 08:30:12 | 000,026,725 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_5_3_8_30_10.dmp
[2011/05/03 08:28:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/02 14:50:41 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/02 12:00:01 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Workstation.job
[2011/05/01 20:59:47 | 000,000,885 | ---- | M] () -- D:\Documents and Settings\501831044\Desktop\Shortcut to DShomepage.htm.lnk
[2011/05/01 19:58:15 | 000,001,064 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\HR.lnk
[2011/05/01 19:57:37 | 000,000,081 | ---- | M] () -- C:\DGAgentInstall_5.2.4.1013.flg
[2011/05/01 19:50:17 | 000,001,204 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Raise a Concern.lnk
[2011/05/01 19:49:55 | 000,000,150 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\GE Energy Global Security.URL
[2011/05/01 00:56:39 | 000,000,670 | ---- | M] () -- D:\Documents and Settings\501831044\Desktop\EditPlus 3.lnk
[2011/04/30 16:46:32 | 000,000,831 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/04/30 16:46:21 | 000,199,904 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/04/30 16:46:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/04/30 16:46:16 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/04/30 16:46:16 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/04/30 16:04:06 | 000,000,050 | ---- | M] () -- C:\WINDOWS\eMatrix.ini
[2011/04/30 15:54:50 | 000,000,051 | ---- | M] () -- C:\WINDOWS\Matrix.ini
[2011/04/30 14:26:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2011/04/30 14:26:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/30 14:26:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/30 14:26:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/30 14:26:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/29 22:14:16 | 000,001,495 | ---- | M] () -- C:\WINDOWS\System32\Oeminfo.ini
[2011/04/29 22:14:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SOCLX011-27.EXE
[2011/04/29 22:02:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2011/04/29 22:02:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/04/29 22:02:12 | 000,000,810 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Bluetooth Problem Report.lnk
[2011/04/29 22:02:12 | 000,000,631 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/04/29 21:58:18 | 001,127,760 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\btrez.dll
[2011/04/29 21:58:18 | 000,909,736 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btkrnl.sys
[2011/04/29 21:58:18 | 000,106,557 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\btw_ci.dll
[2011/04/29 21:58:18 | 000,092,072 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwsecfl.sys
[2011/04/29 21:58:18 | 000,047,656 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwusb.sys
[2011/04/29 21:56:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
[2011/04/29 21:56:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/04/29 18:15:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 18:15:26 | 000,000,628 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/29 18:15:26 | 000,000,628 | ---- | M] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 17:22:56 | 000,001,224 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Health Answers.lnk
[2011/04/29 17:19:26 | 000,304,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/29 17:16:42 | 000,001,704 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\WebEx Recording Editor.lnk
[2011/04/29 17:16:42 | 000,001,655 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\WebEx Player.lnk
[2011/04/29 17:16:42 | 000,001,639 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\WebEx Recorder.lnk
[2011/04/29 17:12:30 | 000,001,646 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\WebEx One-Click.lnk
[2011/04/29 16:10:59 | 000,002,199 | ---- | M] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Info.lnk
[2011/04/29 16:02:48 | 000,000,656 | ---- | M] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/04/29 15:58:14 | 000,008,242 | RHS- | M] () -- D:\Documents and Settings\501831044\ntuser.pol
[2011/04/29 15:08:44 | 021,102,592 | RHS- | M] () -- C:\SafeBoot.fs
[2011/04/29 15:08:31 | 000,589,824 | RHS- | M] () -- C:\SafeBoot.rsv
[2011/04/29 14:45:47 | 000,100,136 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\scfdriver.sys
[2011/04/29 14:45:45 | 000,024,064 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2011/04/29 14:45:42 | 000,023,928 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\sdcfilter.sys
[2011/04/29 14:45:42 | 000,014,976 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\SophosBootDriver.sys
[2011/04/29 14:45:40 | 000,152,192 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2011/04/29 14:45:40 | 000,129,576 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2011/04/29 14:45:40 | 000,026,664 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2011/04/29 14:45:19 | 000,000,604 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk
[2011/04/29 14:42:23 | 000,000,078 | ---- | M] () -- C:\WINDOWS\init.ini
[2011/04/29 14:32:05 | 000,000,104 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Helpdesk.url
[2011/04/29 14:32:03 | 000,000,117 | ---- | M] () -- C:\WINDOWS\MTB12.INI
[2011/04/29 14:31:34 | 000,001,653 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/04/29 14:29:10 | 000,001,604 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Cisco WebEx Connect.lnk
[2011/04/29 14:23:14 | 000,000,912 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\PEAP Installation User Guide.lnk
[2011/04/29 14:23:13 | 000,234,864 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\odyGina.dll
[2011/04/29 14:23:12 | 000,415,088 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\odGinaLibrary.dll
[2011/04/29 14:23:12 | 000,218,480 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\odyEvent.dll
[2011/04/29 14:22:59 | 000,226,672 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\odLogin.dll
[2011/04/29 14:19:47 | 000,010,446 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/04/29 14:19:17 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/04/24 18:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 10:25:17 | 000,026,725 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_5_5_10_25_17.dmp
[2011/05/05 08:08:35 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-857407748-547254352-1705232-270332UA.job
[2011/05/05 08:08:35 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-857407748-547254352-1705232-270332Core.job
[2011/05/04 22:47:59 | 000,026,725 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_5_4_22_47_59.dmp
[2011/05/03 08:30:10 | 000,026,725 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_5_3_8_30_10.dmp
[2011/05/01 20:56:51 | 000,000,885 | ---- | C] () -- D:\Documents and Settings\501831044\Desktop\Shortcut to DShomepage.htm.lnk
[2011/05/01 20:09:18 | 000,001,520 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Accessibility Wizard.lnk
[2011/05/01 19:58:15 | 000,001,064 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\HR.lnk
[2011/05/01 19:57:37 | 000,000,081 | ---- | C] () -- C:\DGAgentInstall_5.2.4.1013.flg
[2011/05/01 19:49:55 | 000,000,150 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\GE Energy Global Security.URL
[2011/05/01 19:49:43 | 000,000,340 | -H-- | C] () -- C:\WINDOWS\tasks\ITAM Agent Check Daily.job
[2011/05/01 19:49:12 | 000,000,167 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2011/05/01 00:56:39 | 000,000,670 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\EditPlus 3.lnk
[2011/05/01 00:56:39 | 000,000,670 | ---- | C] () -- D:\Documents and Settings\501831044\Desktop\EditPlus 3.lnk
[2011/04/30 16:46:52 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-857407748-547254352-1705232-270332.job
[2011/04/30 16:46:50 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-857407748-547254352-1705232-270332.job
[2011/04/30 16:46:32 | 000,000,831 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/04/30 16:04:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\eMatrix.ini
[2011/04/30 15:54:52 | 000,497,065 | ---- | C] () -- C:\WINDOWS\System32\vgalaxy7.vr
[2011/04/30 15:54:50 | 000,000,051 | ---- | C] () -- C:\WINDOWS\Matrix.ini
[2011/04/29 22:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SOCLX011-27.EXE
[2011/04/29 22:02:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\EvtMessage.dll
[2011/04/29 22:02:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2011/04/29 22:02:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/04/29 21:56:15 | 000,308,624 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2011/04/29 21:56:15 | 000,206,216 | ---- | C] () -- C:\WINDOWS\System32\bipbsp.dll
[2011/04/29 21:56:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_cvusbdrv_01005.Wdf
[2011/04/29 21:56:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/04/29 21:55:18 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2011/04/29 21:52:07 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\e1k5132.din
[2011/04/29 21:51:29 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/04/29 21:51:29 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2011/04/29 21:51:29 | 000,189,340 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.th-TH.resources
[2011/04/29 21:51:29 | 000,178,206 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.el-GR.resources
[2011/04/29 21:51:29 | 000,165,180 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ru-RU.resources
[2011/04/29 21:51:29 | 000,139,707 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ar-SA.resources
[2011/04/29 21:51:29 | 000,136,208 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ja-JP.resources
[2011/04/29 21:51:29 | 000,133,546 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.he-IL.resources
[2011/04/29 21:51:29 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2011/04/29 21:51:29 | 000,125,353 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.it-IT.resources
[2011/04/29 21:51:29 | 000,123,034 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ko-KR.resources
[2011/04/29 21:51:29 | 000,122,729 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.es-ES.resources
[2011/04/29 21:51:29 | 000,122,506 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.de-DE.resources
[2011/04/29 21:51:29 | 000,120,971 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.tr-TR.resources
[2011/04/29 21:51:29 | 000,120,587 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fr-FR.resources
[2011/04/29 21:51:29 | 000,120,166 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-BR.resources
[2011/04/29 21:51:29 | 000,119,404 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.hu-HU.resources
[2011/04/29 21:51:29 | 000,119,387 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nl-NL.resources
[2011/04/29 21:51:29 | 000,119,147 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sv-SE.resources
[2011/04/29 21:51:29 | 000,118,864 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-PT.resources
[2011/04/29 21:51:29 | 000,118,560 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.cs-CZ.resources
[2011/04/29 21:51:29 | 000,118,483 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fi-FI.resources
[2011/04/29 21:51:29 | 000,118,215 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pl-PL.resources
[2011/04/29 21:51:29 | 000,117,855 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sk-SK.resources
[2011/04/29 21:51:29 | 000,114,639 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nb-NO.resources
[2011/04/29 21:51:29 | 000,114,160 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sl-SI.resources
[2011/04/29 21:51:29 | 000,114,048 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.da-DK.resources
[2011/04/29 21:51:29 | 000,110,011 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.en-US.resources
[2011/04/29 21:51:29 | 000,103,839 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-TW.resources
[2011/04/29 21:51:29 | 000,102,678 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-CN.resources
[2011/04/29 21:51:29 | 000,058,558 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011/04/29 21:51:29 | 000,034,064 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011/04/29 21:51:29 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/04/29 21:51:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/04/29 18:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 18:15:26 | 000,000,628 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/29 18:15:26 | 000,000,628 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/29 18:15:26 | 000,000,628 | ---- | C] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/29 17:22:56 | 000,001,224 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Health Answers.lnk
[2011/04/29 17:16:42 | 000,001,704 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\WebEx Recording Editor.lnk
[2011/04/29 17:16:15 | 000,001,655 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\WebEx Player.lnk
[2011/04/29 17:16:15 | 000,001,639 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\WebEx Recorder.lnk
[2011/04/29 17:12:30 | 000,001,646 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\WebEx One-Click.lnk
[2011/04/29 16:02:48 | 000,000,656 | ---- | C] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/04/29 15:58:45 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\ITAM Agent Check.job
[2011/04/29 15:58:14 | 000,008,242 | RHS- | C] () -- D:\Documents and Settings\501831044\ntuser.pol
[2011/04/29 15:58:08 | 000,002,199 | ---- | C] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Info.lnk
[2011/04/29 15:58:08 | 000,001,528 | ---- | C] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\Lock Computer.lnk
[2011/04/29 15:58:08 | 000,001,467 | ---- | C] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\Task Manager.lnk
[2011/04/29 15:58:08 | 000,001,435 | ---- | C] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2011/04/29 15:58:08 | 000,000,821 | ---- | C] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/29 15:58:08 | 000,000,079 | ---- | C] () -- D:\Documents and Settings\501831044\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/04/29 15:58:07 | 000,000,809 | ---- | C] () -- D:\Documents and Settings\501831044\Start Menu\Programs\Internet Explorer.lnk
[2011/04/29 15:11:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/04/29 15:11:18 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/04/29 15:08:41 | 021,102,592 | RHS- | C] () -- C:\SafeBoot.fs
[2011/04/29 15:08:31 | 000,589,824 | RHS- | C] () -- C:\SafeBoot.rsv
[2011/04/29 14:59:40 | 000,000,142 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/29 14:47:30 | 000,000,530 | ---- | C] () -- C:\WINDOWS\tasks\Workstation.job
[2011/04/29 14:45:19 | 000,000,604 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sophos AutoUpdate Monitor.lnk
[2011/04/29 14:42:23 | 000,000,078 | ---- | C] () -- C:\WINDOWS\init.ini
[2011/04/29 14:33:50 | 000,001,629 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Application Depot.lnk
[2011/04/29 14:32:05 | 000,000,104 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Helpdesk.url
[2011/04/29 14:32:04 | 000,001,204 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Raise a Concern.lnk
[2011/04/29 14:32:03 | 000,000,117 | ---- | C] () -- C:\WINDOWS\MTB12.INI
[2011/04/29 14:31:34 | 000,001,675 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/04/29 14:31:34 | 000,001,653 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/04/29 14:29:36 | 000,002,193 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/04/29 14:29:16 | 000,001,668 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Cisco WebEx Connect.lnk
[2011/04/29 14:29:10 | 000,001,604 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Cisco WebEx Connect.lnk
[2011/04/29 14:28:27 | 000,111,376 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/29 14:23:31 | 000,000,804 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Player.lnk
[2011/04/29 14:23:14 | 000,000,912 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\PEAP Installation User Guide.lnk
[2011/04/29 14:19:39 | 000,038,600 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol
[2011/04/29 14:19:39 | 000,000,907 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2011/04/29 14:19:39 | 000,000,816 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Bluetooth Problem Report.lnk
[2011/04/29 14:19:39 | 000,000,810 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Bluetooth Problem Report.lnk
[2011/04/29 14:19:39 | 000,000,631 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/12/16 17:09:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\odFIPS2.sys.icv
[2010/10/25 18:33:25 | 000,131,072 | ---- | C] () -- C:\WINDOWS\CSL_RebootDelay.exe
[2010/05/27 10:27:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/11/20 23:55:52 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/10/02 05:17:57 | 000,103,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2009/09/30 09:25:31 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\ptipbmf.dll
[2009/09/05 11:32:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/05 11:25:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/05 10:11:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/05 10:10:23 | 000,304,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/14 00:29:31 | 000,001,495 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2009/01/20 20:32:04 | 000,024,056 | ---- | C] () -- C:\WINDOWS\System32\providers.bin
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,465,640 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/18 14:47:54 | 001,318,400 | ---- | C] () -- C:\WINDOWS\System32\PcInfo.exe
[2006/06/30 20:58:44 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 20:58:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2001/11/14 20:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >

kasturi2006
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2011-05-06
Gender : Female
OS : Windows XP

View user profile

Back to top Go down

Re: Essential Cleaner Virus -- Please help remove...

Post by kasturi2006 on Sat May 07, 2011 12:08 am

OTL Extras logfile created on: 5/6/2011 6:23:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\501831044\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\PageFile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.02 Gb Total Space | 94.52 Gb Free Space | 81.46% Space Free | Partition Type: NTFS
Drive D: | 114.85 Gb Total Space | 97.49 Gb Free Space | 84.88% Space Free | Partition Type: NTFS

Computer Name: T00690712 | User Name: 501831044 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 4

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\WebEx\Connect\wbxcOIEx.exe" = C:\Program Files\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx -- (WebEx)
"C:\Program Files\WebEx\Connect\widget.exe" = C:\Program Files\WebEx\Connect\widget.exe:*:Enabled:widget -- ()
"C:\Program Files\WebEx\Connect\connect.exe" = C:\Program Files\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect -- (Cisco WebEx)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WebEx\Connect\wbxcOIEx.exe" = C:\Program Files\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx -- (WebEx)
"C:\Program Files\WebEx\Connect\widget.exe" = C:\Program Files\WebEx\Connect\widget.exe:*:Enabled:widget -- ()
"C:\Program Files\WebEx\Connect\connect.exe" = C:\Program Files\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect -- (Cisco WebEx)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" Adobe Reader 8.2.0" = Adobe Reader 8.2.0
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{093DC023-51FD-4D04-B10E-19EE1F70F421}" = WebEx Recorder and Player
"{0E3EC4BD-B479-4E52-82F0-D2EE69648C3C}" = ENOVIA Live Collaboration Server
"{13280FCB-56FF-4B70-8581-F1231D5779EE}" = ENOVIA Studio Modeling Platform
"{1588357F-F5BC-4D5C-BF9D-2C1351B1990F}" = WebEx Recording Editor
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17071117-5BB2-4737-B05B-C5FABD367313}" = Sophos Client Firewall
"{178EFF7E-B1E6-469E-98C8-E31874BB8D27}" = GE
"{1842BFCD-601D-4A3B-AD51-48BEA48D17A1}" = S&P Polices Screen Saver
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D2908F4-2CC5-4F72-BAFF-9026CF04C227}" = PC Info
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2079D49F-070C-4EF0-BFC9-34FE2EA30C98}" = MANDIANT Intelligent Response Agent
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{26A24AE4-039D-4CA4-87B4-2F83216015F0}" = Java(TM) 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B3639A8-73A7-4635-A1EF-BEF0CF28047F}" = Minitab Release 12
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.11.01.02
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3ED749F6-135B-4559-8936-15FF6979F67E}" = VC8 C Runtime
"{4A321ABA-4FC6-4966-950C-8F68A6078540}" = GE Fonts Version 5
"{5A26B7C0-55B1-4DA8-A693-E51380497A5E}" = Dell ControlVault Host Components Installer
"{624FA386-3A39-4EBF-9CB9-C2B484D78B29}" = CA Unicenter DSM Agent + Asset Management Plugin
"{62ADA55C-1B98-431F-8618-CDF3CE4CFEEC}" = CA Unicenter DSM Agent + Software Delivery Plugin
"{62BCEE79-229D-4F69-A09F-D2E742A9F238}" = Internet Explorer
"{6A7737FA-18A5-4F17-B39E-1FE13EF76F6F}" = Juniper Installer Service
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6BD43C5A-7957-426F-B20C-0A62FD7AED67}" = GE Energy Custom Settings
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}" = Adobe Shockwave Player 11.5
"{774BB298-5233-4538-819A-663CC728D1CD}" = Inspira Fonts v2.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{49ABEBFD-392C-4456-8C72-21A079B18C96}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A612905F-CB7A-4CDB-B5FA-3A68A5553113}" = IE Trusted Sites
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B16DF965-3124-4828-94C2-FEE7BE099F68}" = WebEx Productivity Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6F7FA43-7E2A-4348-B956-19051ABD2A29}" = Cisco WebEx Connect 5762 Patch
"{C9E72B0C-1F6A-4C67-84D8-3F7743B87E37}" = GE Energy Office Templates
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EAABB87A-DDCD-4888-B42C-EB519623D540}" = GE Logo
"{EF418A4F-35A6-4A7F-84D3-2139A410CA9A}" = Cisco WebEx Connect
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F48BE301-EC78-4686-B580-EE4934558798}" = WIDCOMM Bluetooth Software
"{FA1D6742-0515-4A94-AD5D-F0484026E4A2}" = Adobe Flash Player 10 ActiveX
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave 11.5" = Adobe Shockwave 11.5
"Dassault Systemes Doc English B208" = Dassault Systemes Doc English ENOVIA_LC B208
"DW WLAN Card" = DW WLAN Card
"EditPlus 3" = EditPlus 3
"GE Pitch Builder 2010" = GE Pitch Builder 2010
"ie8" = Windows Internet Explorer 8
"Infra Scripts" = Infra Scripts
"Internet Explorer 8" = Internet Explorer 8
"J2SE Runtime Environment 1.5.0_10 Static Config" = J2SE Runtime Environment 1.5.0_10 Static Config
"J2SE Runtime Environment 1.6.0_15 Static Config" = J2SE Runtime Environment 1.6.0_15 Static Config
"Juniper Network Connect" = Juniper Network Connect
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Odyssey Access Client" = Juniper Odyssey Access Client 5.2
"Juniper Odyssey Wireless Access Client 5.2" = Juniper Odyssey Wireless Access Client 5.2
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KeyScrambler" = KeyScrambler
"Mandiant Intelligent Response Agent" = Mandiant Intelligent Response Agent
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Professional Plus 2010" = Microsoft Office Professional Plus 2010
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSet" = Intel(R) Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Sophos Endpoint Security and Control" = Sophos Endpoint Security and Control
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebEx Connect" = WebEx Connect
"WebEx Connect 5762" = WebEx Connect 5762
"Windows Desktop Search 4.0" = Windows Desktop Search 4.0
"Windows Installer 4.5" = Windows Installer 4.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2011 10:23:56 AM | Computer Name = T00690712 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 5/5/2011 10:25:17 AM | Computer Name = T00690712 | Source = OracleDBConsoleenovia | ID = 131076
Description = Agent process exited abnormally during initialization.

Error - 5/5/2011 5:28:42 PM | Computer Name = T00690712 | Source = Sophos Message Router | ID = 8006
Description = The network identity (also known as the Interoperable Object Reference
or IOR) of the local computer is invalid.%3

Error - 5/5/2011 6:23:08 PM | Computer Name = T00690712 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/6/2011 2:23:09 AM | Computer Name = T00690712 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/6/2011 9:53:28 AM | Computer Name = T00690712 | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: c.avgroup.blue.ge.com.%3

Error - 5/6/2011 9:53:59 AM | Computer Name = T00690712 | Source = Sophos Message Router | ID = 8006
Description = The network identity (also known as the Interoperable Object Reference
or IOR) of the local computer is invalid.%3

Error - 5/6/2011 5:19:26 PM | Computer Name = T00690712 | Source = Userenv | ID = 1104
Description = Windows cannot perform filter check for Group Policy object cn={2AB1015A-A100-4747-A51A-9AB56C33CE0A},cn=policies,cn=system,DC=psamer,DC=ps,DC=ge,DC=com.
The associated filter cannot be found. This Group Policy Object will be skipped.

Error - 5/6/2011 5:20:41 PM | Computer Name = T00690712 | Source = Sophos Message Router | ID = 8006
Description = The network identity (also known as the Interoperable Object Reference
or IOR) of the local computer is invalid.%3

Error - 5/6/2011 6:23:11 PM | Computer Name = T00690712 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 5/5/2011 10:17:14 PM | Computer Name = T00690712 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PSAMER due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/5/2011 11:29:16 PM | Computer Name = T00690712 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 5/6/2011 3:29:16 AM | Computer Name = T00690712 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 5/6/2011 9:02:09 AM | Computer Name = T00690712 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PSAMER due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/6/2011 10:02:01 AM | Computer Name = T00690712 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.10 for the Network Card with network
address 5CAC4C6AB387 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/6/2011 10:02:04 AM | Computer Name = T00690712 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/6/2011 5:39:21 PM | Computer Name = T00690712 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PSAMER due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/6/2011 5:39:51 PM | Computer Name = T00690712 | Source = Dhcp | ID = 1002
Description = The IP address lease 3.29.244.171 for the Network Card with network
address 5CAC4C6AB387 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/6/2011 5:39:57 PM | Computer Name = T00690712 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/6/2011 5:54:59 PM | Computer Name = T00690712 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.


< End of report >

kasturi2006
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2011-05-06
Gender : Female
OS : Windows XP

View user profile

Back to top Go down

Re: Essential Cleaner Virus -- Please help remove...

Post by Belahzur on Sat May 07, 2011 1:49 pm

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.


Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum