GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


windows.tool.disabled

2 posters

descriptionwindows.tool.disabled Emptywindows.tool.disabled12th May 2010, 10:46 pm

more_horiz
OTL logfile created on: 5/12/2010 7:37:20 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\bc218305\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 33.41 Gb Free Space | 44.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LT-BER0197
Current User Name: bc218305
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 19:37:08 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bc218305\Desktop\OTL.exe
PRC - [2010/04/12 09:24:12 | 000,010,240 | ---- | M] (Tenable Network Security, Inc) -- C:\Program Files\Tenable\Nessus\nessus-service.exe
PRC - [2010/04/12 09:23:04 | 000,619,520 | ---- | M] (Tenable Network Security, Inc) -- C:\Program Files\Tenable\Nessus\nessusd.exe
PRC - [2010/02/05 18:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2010/01/22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2010/01/22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2010/01/22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/11/18 15:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009/10/15 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/15 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/09/28 17:27:18 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 16:44:48 | 000,954,368 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/08/31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/20 10:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/06 16:53:24 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2009/07/23 04:11:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009/07/23 04:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/06/12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/03/23 01:54:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/03/13 18:32:46 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/10 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/03/10 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/03/10 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/03/10 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/02 19:04:08 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/10/06 11:14:18 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/11/14 20:49:10 | 000,660,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngctw32.exe
PRC - [2007/10/18 16:58:48 | 000,135,168 | ---- | M] () -- C:\WINDOWS\sabserv.exe
PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2001/11/09 14:07:42 | 000,055,296 | ---- | M] () -- C:\WINDOWS\system32\CfgSrvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 19:37:08 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bc218305\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/12 09:24:12 | 000,010,240 | ---- | M] (Tenable Network Security, Inc) [Auto | Running] -- C:\Program Files\Tenable\Nessus\nessus-service.exe -- (Tenable Nessus)
SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2010/01/22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Unknown | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/11/18 15:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/10/15 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/10/09 13:12:30 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009/09/21 16:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/09/21 16:44:48 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/09/21 16:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/08/31 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/08/31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/08/31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/06 16:53:24 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/03 19:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/06/12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/03/23 01:54:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/03/10 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2008/05/20 04:00:00 | 000,249,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/11/14 20:49:10 | 000,660,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)
SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2001/11/09 14:07:42 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CfgSrvc.exe -- (HsspConfig)
SRV - [2001/11/09 14:07:42 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CfgSrvc.exe -- (CfgSrvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/12 18:50:18 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2010/01/22 21:58:02 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/01/22 21:57:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/01/22 21:57:56 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/01/22 21:57:54 | 000,854,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/01/22 21:57:54 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2010/01/22 21:00:42 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/01/22 17:13:00 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/11/18 15:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/10/09 13:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/10/09 13:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/09/15 13:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/08/31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/08/31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/08/31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/08/31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/08/31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/08/31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/08/10 02:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/03/26 09:55:49 | 006,048,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/03/26 09:55:21 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2009/03/26 09:55:12 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/03/26 09:55:12 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/03/26 09:55:11 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/03/26 09:52:51 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2009/03/23 01:54:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2008/10/06 10:47:36 | 000,225,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/05/20 04:00:00 | 000,023,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008/05/12 23:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/04/24 18:53:22 | 000,308,736 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/09 03:57:02 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/02/19 02:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/09/05 10:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.college.bm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.college.bm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.10.10:9999

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.476
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2010/04/09 10:39:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/01 20:12:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 20:12:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 20:12:59 | 000,000,000 | ---D | M]

[2009/05/27 17:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc218305\Application Data\Mozilla\Extensions
[2010/05/07 20:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc218305\Application Data\Mozilla\Firefox\Profiles\07x257nt.default\extensions
[2009/10/23 08:53:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bc218305\Application Data\Mozilla\Firefox\Profiles\07x257nt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 20:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bc218305\Application Data\Mozilla\Firefox\Profiles\07x257nt.default\extensions\firefox@tvunetworks.com
[2010/04/22 10:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 10:30:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\scriptff.dll
[2010/04/22 10:29:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/07 16:41:56 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll (PC-Doctor, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [AmlAssistDirect] C:\Program Files\Aml Pages\AmlAssistDirect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sabre Server.lnk = C:\WINDOWS\sabserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Nosecuritytab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUpdateCheck = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WindowsUpdate: DisableWindowsUpdateAccess = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: college.bm ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: college.bm ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: lycos.com ([registration] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sabre.com ([my] https in Trusted sites)
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} https://my.sabre.com/jars/TMinReqX.dll (TMinReq Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab (DLM Control)
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://cas-primary.college.bm/auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261150403531 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} http://servicedesk/SCRSDE/Reports/activeXViewer/activexviewer.cab (Crystal ActiveX Report Viewer Control 10.0)
O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} https://cas-primary.college.bm/auth/CCALogin.CAB (CCAWebLogin Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.240.40.193 209.240.43.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = college.bm
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\bc218305\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bc218305\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/31 18:09:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0046ac51-3b3b-11df-bbf9-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0046ac51-3b3b-11df-bbf9-005056c00008}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 19:37:04 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bc218305\Desktop\OTL.exe
[2010/05/12 14:44:15 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\bc218305\Desktop\wmp11-windowsxp-x86-enu.exe
[2010/05/10 09:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Password Recovery Bootdisk
[2010/05/10 09:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\Aml Pages
[2010/05/07 20:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc218305\Local Settings\Application Data\TVU Networks
[2010/05/07 20:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2010/05/07 20:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc218305\LocalLow
[2010/05/07 20:26:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx
[2010/05/05 20:50:39 | 000,278,528 | ---- | C] (HP) -- C:\WINDOWS\System32\hpdj5100
[2010/05/04 15:58:16 | 000,059,952 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetinst.dll
[2010/05/04 15:58:16 | 000,016,560 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetadapter.sys
[2010/05/04 15:58:10 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2010/05/04 15:58:08 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2010/05/04 15:58:07 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2010/05/04 15:58:03 | 000,018,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnet.sys
[2010/05/04 15:57:58 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2010/05/04 15:57:49 | 000,023,216 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2010/05/04 15:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/05/04 09:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/03 11:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/05/01 21:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc218305\Application Data\Uniblue
[2010/05/01 21:12:20 | 010,043,336 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\bc218305\Desktop\windows-kb890830-v3.6.exe
[2010/05/01 20:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/04/30 19:23:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/22 18:03:34 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx
[2010/04/22 18:03:30 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX
[2010/04/22 18:03:30 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2010/04/22 18:03:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2010/04/22 18:03:29 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010/04/22 18:03:29 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2010/04/22 18:03:29 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2010/04/22 18:03:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2010/04/22 18:03:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2010/04/22 18:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc218305\Application Data\FreeBurner
[2010/04/22 18:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy Burner
[2010/04/22 16:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2010/04/22 15:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bc218305\Desktop\pwdcrack
[2010/04/22 10:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/22 10:30:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/22 10:30:05 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/22 10:30:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/22 10:30:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/21 15:19:20 | 000,038,976 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys
[2010/04/21 15:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Tenable
[2010/04/20 13:54:38 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\bc218305\My Documents\*.tmp files -> C:\Documents and Settings\bc218305\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 19:37:08 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bc218305\Desktop\OTL.exe
[2010/05/12 19:34:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\tftp2.job
[2010/05/12 19:21:26 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\HiJackThis.lnk
[2010/05/12 18:53:27 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/05/12 18:53:15 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1454471165-839522115-1667.job
[2010/05/12 18:53:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1454471165-839522115-30760.job
[2010/05/12 18:53:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/12 18:52:57 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3239957843-1081785333-1894486604-500.job
[2010/05/12 18:52:53 | 000,000,323 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/05/12 18:52:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/12 18:50:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/05/12 18:50:18 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys
[2010/05/12 18:49:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/12 18:49:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/12 17:58:24 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3239957843-1081785333-1894486604-500.job
[2010/05/12 14:52:06 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\bc218305\NTUSER.DAT
[2010/05/12 14:44:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\bc218305\ntuser.ini
[2010/05/12 14:44:16 | 025,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\bc218305\Desktop\wmp11-windowsxp-x86-enu.exe
[2010/05/12 14:35:41 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\Windows Media Player.lnk
[2010/05/12 14:33:52 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/12 14:33:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/12 14:30:45 | 000,000,189 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/10 10:29:32 | 002,967,552 | ---- | M] () -- C:\bootimg.iso
[2010/05/10 09:56:59 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\Windows Password Recovery Bootdisk Creator.lnk
[2010/05/10 09:34:55 | 003,353,121 | ---- | M] () -- C:\Documents and Settings\bc218305\My Documents\bootdisk_old.zip
[2010/05/10 09:19:38 | 000,064,936 | R--- | M] () -- C:\Documents and Settings\bc218305\My Documents\MyDemoDoc.apd
[2010/05/08 00:47:10 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1454471165-839522115-1667.job
[2010/05/07 21:06:29 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1454471165-839522115-30760.job
[2010/05/07 16:41:56 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/07 16:41:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2010/05/07 12:19:06 | 000,001,359 | ---- | M] () -- C:\WINDOWS\Sabre.Ini
[2010/05/07 12:18:31 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/05/07 12:18:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.bak
[2010/05/06 08:54:43 | 000,058,225 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/05/06 08:54:10 | 000,002,988 | RHS- | M] () -- C:\Documents and Settings\bc218305\ntuser.pol
[2010/05/06 08:05:09 | 004,843,634 | -H-- | M] () -- C:\Documents and Settings\bc218305\Local Settings\Application Data\IconCache.db
[2010/05/05 20:50:46 | 000,028,780 | ---- | M] () -- C:\WINDOWS\hpdj5100.his
[2010/05/05 20:50:46 | 000,004,638 | ---- | M] () -- C:\WINDOWS\hpdj5100.ini
[2010/05/05 11:25:19 | 000,000,239 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/05 11:25:19 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/04 15:57:38 | 000,561,600 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 15:57:38 | 000,471,722 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/04 15:57:38 | 000,081,862 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/04 15:57:36 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2010/05/04 14:57:18 | 2400,454,656 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\7600.16385.090713-1255_x86fre_enterprise_en-us_EVAL_Eval_Enterprise-GRMCENEVAL_EN_DVD.iso
[2010/05/04 14:23:52 | 000,002,480 | ---- | M] () -- C:\Software.Tbl
[2010/05/04 14:23:52 | 000,000,613 | ---- | M] () -- C:\WINDOWS\SabSite.INI
[2010/05/04 14:23:51 | 000,000,461 | ---- | M] () -- C:\WINDOWS\curl.err
[2010/05/04 14:23:41 | 000,000,350 | ---- | M] () -- C:\WINDOWS\oadpcfg.ini
[2010/05/04 14:23:22 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MySabre.url
[2010/05/04 14:22:24 | 000,000,224 | ---- | M] () -- C:\WINDOWS\curl.hdr
[2010/05/04 14:21:34 | 000,003,444 | ---- | M] () -- C:\WINDOWS\curl.bod
[2010/05/04 09:24:10 | 000,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/04 09:07:19 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\CCleaner.lnk
[2010/05/03 17:16:57 | 004,954,112 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\03_GC_An_Era_of_Spiritual_Darkness.mp3
[2010/05/01 21:12:22 | 010,043,336 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\bc218305\Desktop\windows-kb890830-v3.6.exe
[2010/05/01 20:12:52 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/05/01 20:12:39 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/05/01 20:12:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/05/01 20:12:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/05/01 20:11:32 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 07:20:36 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\bc218305\My Documents\New Hard Disk.vhd
[2010/04/28 16:13:34 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\Microsoft Office Access 2007.lnk
[2010/04/27 21:59:35 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\bc218305\sslvpn-config.properties
[2010/04/27 21:26:52 | 000,023,042 | ---- | M] () -- C:\WINDOWS\_detmp.1
[2010/04/22 18:03:35 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\Free Easy Burner.lnk
[2010/04/22 16:26:32 | 435,847,168 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\ophcrack-xp-livecd-2.3.1.iso
[2010/04/22 15:56:26 | 002,405,964 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\amlpages_en.zip
[2010/04/22 15:54:33 | 000,041,921 | ---- | M] () -- C:\Documents and Settings\bc218305\Desktop\pwdcrack.zip
[2010/04/22 10:29:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/22 10:29:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/22 10:29:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/22 10:29:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/22 10:29:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/21 15:19:18 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nessus Server Manager.lnk
[2010/04/21 15:18:37 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nessus Client.lnk
[2010/04/20 14:04:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\bc218305\My Documents\~$glish Final Essay.doc
[2010/04/15 11:35:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\bc218305\My Documents\*.tmp files -> C:\Documents and Settings\bc218305\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 19:20:52 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\bc218305\Desktop\HiJackThis.lnk
[2010/05/12 14:47:45 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3239957843-1081785333-1894486604-500.job
[2010/05/12 14:47:43 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3239957843-1081785333-1894486604-500.job
[2010/05/12 14:35:41 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\bc218305\Desktop\Windows Media Player.lnk
[2010/05/10 10:11:12 | 002,967,552 | ---- | C] () -- C:\bootimg.iso
[2010/05/10 09:56:59 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\bc218305\Desktop\Windows Password Recovery Bootdisk Creator.lnk
[2010/05/10 09:55:51 | 003,353,121 | ---- | C] () -- C:\Documents and Settings\bc218305\My Documents\bootdisk_old.zip
[2010/05/10 09:22:02 | 000,064,936 | R--- | C] () -- C:\Documents and Settings\bc218305\My Documents\MyDemoDoc.apd
[2010/05/07 21:30:43 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1454471165-839522115-1667.job
[2010/05/07 21:30:42 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1454471165-839522115-1667.job
[2010/05/04 15:57:36 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2010/05/04 09:07:19 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\bc218305\Desktop\CCleaner.lnk
[2010/05/03 13:28:48 | 000,023,042 | ---- | C] () -- C:\WINDOWS\_detmp.1
[2010/05/01 20:12:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1454471165-839522115-30760.job
[2010/05/01 20:12:57 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1454471165-839522115-30760.job
[2010/05/01 20:12:52 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/04/27 21:27:14 | 000,000,350 | ---- | C] () -- C:\WINDOWS\oadpcfg.ini
[2010/04/22 18:03:35 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\bc218305\Desktop\Free Easy Burner.lnk
[2010/04/22 18:03:33 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2010/04/22 18:03:28 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/04/22 16:25:49 | 435,847,168 | ---- | C] () -- C:\Documents and Settings\bc218305\Desktop\ophcrack-xp-livecd-2.3.1.iso
[2010/04/22 15:56:05 | 002,405,964 | ---- | C] () -- C:\Documents and Settings\bc218305\Desktop\amlpages_en.zip
[2010/04/22 15:54:27 | 000,041,921 | ---- | C] () -- C:\Documents and Settings\bc218305\Desktop\pwdcrack.zip
[2010/04/21 15:18:37 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nessus Client.lnk
[2010/04/21 15:18:36 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nessus Server Manager.lnk
[2010/04/20 14:04:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\bc218305\My Documents\~$glish Final Essay.doc
[2010/01/25 18:13:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sabserv.INI
[2010/01/24 21:48:59 | 000,000,195 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/24 21:48:57 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\AAPI.DLL
[2010/01/24 21:48:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\OFEP.DLL
[2010/01/24 21:48:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\matipsp.dll
[2010/01/24 21:48:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Csapi10.dll
[2010/01/24 21:48:56 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\bsdofep.dll
[2010/01/24 21:48:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SOCK32M.DLL
[2010/01/24 21:48:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\CSAPI10s.dll
[2010/01/24 21:48:56 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\WBTRCALL.DLL
[2010/01/24 21:48:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SvcUitl.dll
[2010/01/24 21:48:56 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\sdcomm.dll
[2010/01/24 21:48:56 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\sabver.dll
[2010/01/24 21:48:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\isgsp.dll
[2010/01/24 21:48:56 | 000,040,860 | ---- | C] () -- C:\WINDOWS\System32\TRAVEL.DLL
[2010/01/24 21:48:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\notify.dll
[2010/01/24 21:48:56 | 000,034,272 | ---- | C] () -- C:\WINDOWS\System32\SI.DLL
[2010/01/24 21:48:56 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\CTL32.DLL
[2010/01/24 21:48:56 | 000,030,873 | ---- | C] () -- C:\WINDOWS\System32\AATOOLS.DLL
[2010/01/24 21:48:56 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\iateclass.dll
[2010/01/24 21:48:56 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\CsapiComm.dll
[2010/01/24 21:48:56 | 000,015,680 | ---- | C] () -- C:\WINDOWS\System32\CTL.DLL
[2010/01/24 21:48:56 | 000,015,136 | ---- | C] () -- C:\WINDOWS\System32\SABRE.DRV
[2010/01/24 21:48:56 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\STRGRPS.DLL
[2010/01/24 21:48:56 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\STRGRPPC.DLL
[2010/01/24 21:48:56 | 000,012,832 | ---- | C] () -- C:\WINDOWS\System32\SABKEYW.DLL
[2010/01/24 21:48:56 | 000,005,408 | ---- | C] () -- C:\WINDOWS\System32\SABWNAPI.DLL
[2010/01/24 21:48:56 | 000,004,244 | ---- | C] () -- C:\WINDOWS\System32\SFWVER.DLL
[2010/01/24 21:48:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Csaconn.dll
[2010/01/24 21:48:55 | 000,011,520 | ---- | C] () -- C:\WINDOWS\System32\SB.DLL
[2010/01/24 21:48:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\PORTAL.dll
[2010/01/24 21:48:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\JServAPI.dll
[2010/01/24 21:48:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\JNIREG.dll
[2010/01/22 13:00:11 | 000,000,613 | ---- | C] () -- C:\WINDOWS\SabSite.INI
[2010/01/22 12:57:56 | 000,001,359 | ---- | C] () -- C:\WINDOWS\Sabre.Ini
[2010/01/08 13:31:40 | 000,000,184 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/10/16 11:39:17 | 000,004,638 | ---- | C] () -- C:\WINDOWS\hpdj5100.ini
[2009/05/27 15:54:52 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2009/05/27 15:16:51 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009/05/27 15:01:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/27 15:01:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/27 15:01:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/27 15:01:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/27 15:01:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/27 15:01:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/03/31 18:36:43 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2009/03/31 18:35:41 | 000,000,323 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2009/03/26 09:55:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2002/11/08 14:10:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\bc218305\Desktop\7600.16385.090713-1255_x86fre_enterprise_en-us_EVAL_Eval_Enterprise-GRMCENEVAL_EN_DVD.iso:SummaryInformation
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA029835
< End of report >

descriptionwindows.tool.disabled EmptyRe: windows.tool.disabled13th May 2010, 5:24 pm

more_horiz
Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see this topic.

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.




Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.


Question: did you purposely have a proxy server of 10.10.10.10?

descriptionwindows.tool.disabled EmptyRe: windows.tool.disabled14th May 2010, 10:50 am

more_horiz
At my college the proxy server is 10.10.10.10.

descriptionwindows.tool.disabled EmptyRe: windows.tool.disabled15th May 2010, 4:07 am

more_horiz
Oh ok. Well, if you ran ComboFix, please post its log.

descriptionwindows.tool.disabled EmptyRe: windows.tool.disabled

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum