Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus 360 and maybe more. Please help


  • This topic is locked This topic is locked
13 replies to this topic

#1 FAZAL

FAZAL

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 19 December 2008 - 02:27 PM

Hello,

I am definitely infected with Antivirus 360. I tried to do an online Kapersky scan to see if Ive caught other viruses/spyware, however the scan froze at 78% with file: "6a6La.msi" in directory: C:\windows\installer. I will try again with Kapersky and with other scanners. Meanwhile, I have attached my current HJT. Thank you very much.


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:03 PM, on 12/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CBE3FC57-6DBC-4A30-BF5A-3A76156954E6} - C:\WINDOWS\system32\xlpektvl.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: (no name) - http://by7fd.bay7.hotmail.msn.com/cgi-bin/...ain=hotmail.com
O24 - Desktop Component 1: (no name) - http://mail.google.com/mail/?view=att&...08f49f506ed409e

--
End of file - 9414 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 24 December 2008 - 12:42 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log
  • What problems do you have? Please tell me in your next reply.

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 FAZAL

FAZAL
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 24 December 2008 - 03:55 PM

Hi Extremeboy,

Thanks for your response. There is one problem however, the person whose computer is infected is a colleague of mine from work. And unfortunately, due to the holidays, I will not have access to her computer again until Monday (12/29). I understand you guys have a 5-day no response policy and Monday will be the 6th day from today. Is there anyway we can make an exception and wait until Monday to carry out the steps you've outlined?

Thanks
Fazal

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 24 December 2008 - 04:39 PM

Hello FAZAL.

Thanks for your response. There is one problem however, the person whose computer is infected is a colleague of mine from work. And unfortunately, due to the holidays, I will not have access to her computer again until Monday (12/29). I understand you guys have a 5-day no response policy and Monday will be the 6th day from today. Is there anyway we can make an exception and wait until Monday to carry out the steps you've outlined?

That's fine. Thanks for letting me know. Our 5 day no-response policy doesn't mean you can not receive help after that or cannot re-open a topic. I'll close this topic off for now. Once you are able to reach your colleague, tell him to do the instructions I listed in my previous post. Once you retrieve the logs back please PM me back giving me the address of this thread and I'll re-open the topic for you and we can continue from there and let you post the results back to me.

Does that sound okay for you? Please post back telling me, so I can close this topic and I know you have read it.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 FAZAL

FAZAL
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 24 December 2008 - 05:36 PM

Thats sounds good. Thanks

Fazal

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 24 December 2008 - 09:14 PM

Hello.

Thats sounds good. Thanks

No Problem. Remeber to give me the address of this thread as well.

Please Send Me a Message when you come back with the logs. In your message please include the address of this thread in your request. This topic is now Closed.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 31 December 2008 - 03:58 PM

Hello.

Sorry I couldn't open it ealier, I was somewhat sick...

Topic re-opened open user's request.

Please post back with:
-kaspersky
-OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 FAZAL

FAZAL
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 31 December 2008 - 06:42 PM

OTViewIt.txt

OTViewIt logfile created on: 12/29/2008 10:38:10 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sheema\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.23 Mb Total Physical Memory | 118.51 Mb Available Physical Memory | 26.56% Memory free
1.03 Gb Paging File | 0.79 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 52.74 Gb Free Space | 70.76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHEEMA
Current User Name: Sheema
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/04/11 15:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/08/21 08:04:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
[2004/12/22 18:50:04 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
[2005/01/17 18:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[2003/08/25 16:41:30 | 01,421,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2004/08/27 17:33:32 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2008/12/19 11:09:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/08/21 08:06:32 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
[2008/11/13 06:38:36 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
[2008/10/01 05:28:43 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
[2008/11/13 06:38:30 | 00,790,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
[2004/05/13 15:46:02 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
[2005/04/25 11:15:26 | 00,034,816 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2005/04/11 15:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2007/08/30 09:55:27 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/29 10:37:11 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheema\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/12/22 18:50:04 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/04/11 15:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2005/01/17 18:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2003/08/25 16:41:30 | 01,421,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2004/08/27 17:33:32 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/19 11:09:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2005/01/26 18:30:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/26 18:25:34 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2008/08/21 08:06:32 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService [Unknown | Running])
[2008/08/21 08:04:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService [Unknown | Running])
[2008/11/13 06:38:36 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent [Auto | Running])
[2008/10/01 05:28:43 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service [Auto | Running])
[2008/11/13 06:38:30 | 00,790,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router [Auto | Running])
[2005/01/26 18:20:14 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2005/01/24 21:36:52 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
[2004/05/13 15:46:02 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
[2005/04/25 11:15:26 | 00,034,816 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/04/12 18:19:42 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2005/03/25 17:04:40 | 02,314,560 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2004/12/22 18:45:36 | 00,393,600 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[2005/04/11 15:33:52 | 01,035,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2003/10/22 22:15:02 | 00,067,024 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2003/10/22 22:15:02 | 00,024,698 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003/05/01 13:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2003/08/25 16:40:44 | 00,268,360 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2002/08/26 17:09:42 | 00,138,916 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2004/08/17 05:21:00 | 00,087,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/12/23 04:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2005/09/04 20:17:42 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2005/02/25 02:33:26 | 00,102,320 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2003/01/29 16:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[2003/09/19 17:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/10/21 04:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/12/02 18:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2008/07/18 06:49:39 | 00,104,704 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl [System | Running])
[2008/07/18 06:49:24 | 00,035,584 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/12/02 13:04:20 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/12/02 13:04:10 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2004/10/14 17:14:04 | 00,185,728 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2003/06/11 10:53:22 | 00,006,867 | ---- | M] () -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv [Auto | Running])
[2005/01/14 03:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/01/14 03:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/01/14 03:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/01/14 03:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/01/14 03:05:00 | 00,087,706 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/01/14 03:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/01/14 03:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/01/14 03:05:00 | 00,099,098 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/01/14 03:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2005/03/15 10:33:30 | 00,004,992 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD [On_Demand | Running])
[2005/04/15 15:46:04 | 00,029,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs [On_Demand | Running])
[2003/03/03 14:08:56 | 00,176,896 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2003/01/10 18:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.hotmail.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.toshibadirect.com/dpdstart

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.toshibadirect.com/dpdstart

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.toshibadirect.com/dpdstart

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.toshibadirect.com/dpdstart

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.hotmail.com/

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1

========== (O1) Hosts File ==========

HOSTS File = (290277 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
9998 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CBE3FC57-6DBC-4A30-BF5A-3A76156954E6} (HKLM) -- C:\WINDOWS\system32\xlpektvl.dll File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BA52B914-B692-46c4-B683-905236F6F655}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Startup Folders ==========

[2007/08/30 09:55:27 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 04:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 04:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}: Button: AOL Toolbar -- Reg Error: Key does not exist or could not be opened. File not found
{4982D40A-C53B-4615-B15B-B5B5E98D167C}: Menu: AOL Toolbar -- Reg Error: Key does not exist or could not be opened. File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- Reg Error: Key does not exist or could not be opened. File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 15:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
turbotax.com: https in Trusted sites
92 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
92 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
92 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
103 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
103 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
turbotax.com: https in Trusted sites
92 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{1BDE1C76-8459-469D-9DAF-0C3D2AB54763} (Servers: | Description: Atheros AR5005G Wireless Network Adapter)
{25250ED2-AFBF-4FFC-9B11-2B81E6397F82} (Servers: | Description: )
{8D514E12-B687-4F5E-9E4A-9662AFC5976D} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
>[2008/01/31 20:16:47 | 00,173,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/04/20 15:34:37 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47f8d90-87f6-11dd-9a0b-0011f57420f6}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47f8d90-87f6-11dd-9a0b-0011f57420f6}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47f8d90-87f6-11dd-9a0b-0011f57420f6}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[2008/12/29 10:37:10 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sheema\Desktop\OTViewIt.exe
[2008/12/29 07:30:55 | 00,020,943 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\SONY_SLV_D100.jpg
[2008/12/28 20:22:45 | 00,130,104 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2008/12/28 20:21:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2008/12/28 20:21:40 | 00,023,552 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2008/12/23 18:49:43 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2008/12/23 18:49:43 | 00,000,232 | -H-- | C] () -- C:\sqmdata01.sqm
[2008/12/23 18:37:34 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2008/12/23 15:48:56 | 00,000,153 | ---- | C] () -- C:\DelUS.bat
[2008/12/23 14:21:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheema\Desktop\AOL Saved PFC
[2008/12/23 14:21:43 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/23 12:45:11 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/12/23 11:01:17 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2008/12/19 14:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/19 13:54:19 | 00,000,811 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Internet Explorer (2).lnk
[2008/12/18 16:49:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/12/18 14:00:47 | 14,968,808 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Sheema\Desktop\spybotsd160.exe
[2008/12/18 14:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/12/18 14:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2008/12/18 14:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2008/12/18 14:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2008/12/18 12:37:14 | 46,798,0288 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/17 11:43:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/17 11:43:13 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/17 11:43:13 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/17 11:43:13 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/17 11:43:13 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/17 11:43:12 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/17 11:43:12 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/12/17 11:43:12 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/17 11:43:11 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/12/17 11:43:11 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/17 11:42:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/17 11:42:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/12/17 11:40:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/17 11:40:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/17 11:40:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/17 11:39:15 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/12/17 11:36:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/12/17 11:36:22 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2008/12/17 11:15:10 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/17 09:51:06 | 00,000,669 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Antivirus 360.lnk
[2008/12/17 09:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\A360
[2008/12/14 10:59:15 | 04,729,631 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Mohini_Poonam.JPG
[2008/12/14 10:56:47 | 02,571,116 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Mohini_Bhatia.jpg
[2008/12/14 10:41:52 | 00,222,514 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\navjote_Jal_Preeti.JPG
[2008/12/14 10:07:29 | 01,731,188 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Chicago 08.jpg
[2008/12/13 23:05:45 | 01,806,106 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\ROC Dec08.jpg
[2008/12/13 23:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheema\Desktop\Gala_Chicago_Pics
[2008/12/13 09:34:04 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2008/12/13 09:33:27 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/12/13 09:32:39 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/12/09 06:41:15 | 00,388,903 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\wt.pdf

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[2008/12/29 10:37:11 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheema\Desktop\OTViewIt.exe
[2008/12/29 10:22:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/29 10:22:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/29 10:21:59 | 46,798,0288 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/29 10:15:34 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2008/12/29 07:30:13 | 00,020,943 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\SONY_SLV_D100.jpg
[2008/12/28 21:57:05 | 00,001,144 | -H-- | M] () -- C:\Documents and Settings\Sheema\My Documents\Default.rdp
[2008/12/28 20:14:05 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/24 17:20:38 | 00,000,580 | ---- | M] () -- C:\Documents and Settings\Sheema\My Documents\My Sharing Folders.lnk
[2008/12/23 18:49:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/12/23 18:49:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/12/23 15:48:56 | 00,000,153 | ---- | M] () -- C:\DelUS.bat
[2008/12/23 14:22:21 | 00,000,645 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/23 14:21:53 | 00,000,004 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2008/12/23 12:44:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/23 12:44:07 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/19 13:54:19 | 00,000,811 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Internet Explorer (2).lnk
[2008/12/19 10:52:39 | 02,114,256 | -H-- | M] () -- C:\Documents and Settings\Sheema\Local Settings\Application Data\IconCache.db
[2008/12/19 09:10:53 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Notebook Maximizer.LNK
[2008/12/18 15:28:09 | 00,000,268 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/18 14:42:16 | 00,290,277 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/18 14:01:16 | 14,968,808 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sheema\Desktop\spybotsd160.exe
[2008/12/18 03:02:04 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/17 12:57:35 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Sheema\My Documents\desktop.ini
[2008/12/17 11:15:10 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/17 09:51:06 | 00,000,669 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Antivirus 360.lnk
[2008/12/17 08:26:28 | 00,008,634 | ---- | M] () -- C:\WINDOWS\hh.dat
[2008/12/14 10:59:17 | 04,729,631 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Mohini_Poonam.JPG
[2008/12/14 10:56:47 | 02,571,116 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Mohini_Bhatia.jpg
[2008/12/14 10:41:52 | 00,222,514 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\navjote_Jal_Preeti.JPG
[2008/12/13 21:56:38 | 01,806,106 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\ROC Dec08.jpg
[2008/12/13 21:56:34 | 01,731,188 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Chicago 08.jpg
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/09 06:41:16 | 00,388,903 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\wt.pdf
< End of report >



Extras.txt

OTViewIt Extras logfile created on: 12/29/2008 10:38:10 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sheema\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.23 Mb Total Physical Memory | 118.51 Mb Available Physical Memory | 26.56% Memory free
1.03 Gb Paging File | 0.79 Gb Available in Paging File | 76.17% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 52.74 Gb Free Space | 70.76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHEEMA
Current User Name: Sheema
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 07:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 07:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/11/03 16:06:34 | 00,462,848 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine
[2005/03/17 18:37:26 | 00,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2002/07/19 17:15:34 | 00,692,224 | ---- | M] (Hummingbird Ltd.) -- C:\Program Files\Hummingbird\Accessories\ftp.exe:*:Enabled:FTP for Windows NT4/2000/XP
[2004/10/14 17:33:08 | 00,012,888 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
File not found -- C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
File not found -- C:\Program Files\Common Files\AOL\1144283792\EE\AOLServiceHost.exe:*:Enabled:AOL
[2004/04/07 14:07:36 | 00,103,536 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
[2006/11/30 21:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/11/30 21:49:06 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2007/03/08 00:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/04/10 19:00:56 | 03,679,784 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2008/03/05 22:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 17:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/19 19:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 16:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 17:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 00:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}"=TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{034759DA-E21A-4795-BFB3-C66D17FAD183}"=Sophos Anti-Virus
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}"=Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}"=TOSHIBA Assist
"{15C418EB-7675-42be-B2B3-281952DA014D}"=Sophos AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{29B6FCC3-B594-4DD2-8BB6-2C306ECEE61B}"=Step3 CCS
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}"=TurboTax ItsDeductible 2005
"{2F151B50-B434-4838-B51D-70442EBA093E}"=OpenMG Secure Module 4.1.00
"{3248F0A8-6813-11D6-A77B-00B0D0150010}"=J2SE Runtime Environment 5.0 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}"=QuickTime
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}"=TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}"=TOSHIBA Software Upgrades
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}"=VPN Client
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}"=Touch and Launch
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}"=TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}"=TOSHIBA Hotkey Utility
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}"=Canon PhotoRecord
"{69BE47C2-36FE-4397-8199-85D8EAE69982}"=TOSHIBA TouchPad ON/Off Utility
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}"=Atheros Client Utility
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}"=TOSHIBA Utilities
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}"=TOSHIBA Virtual Sound
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91A10409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}"=REALTEK Gigabit and Fast Ethernet NIC Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}"=Roxio Burn Engine
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}"=DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}"=CD/DVD Drive Acoustic Silencer
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 3.0
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}"=TOSHIBA Controls
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}"=TurboTax ItsDeductible 2006
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BA561482-C49D-4687-A61C-96236C1688F0}"=ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}"=TOSHIBA ConfigFree
"{C8F7C1E5-0150-11D6-A96C-00D05908F85D}"=USB Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD395C58-AE9F-40C1-BF65-21C223EA3BF2}"=Hummingbird HostExplorer V8.0
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}"=WexTech AnswerWorks
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}"=TOSHIBA Speech System Applications
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}"=Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FF11005D-CBC8-45D5-A288-25C7BB304121}"=Sophos Remote Management System
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"CAL"=Canon Camera Access Library
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC"=Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CSCLIB"=Canon Camera Support Core Library
"EOS Utility"=Canon Utilities EOS Utility
"HijackThis"=HijackThis 2.0.2
"HostExplorer and OAS GUI"=HostExplorer and OAS GUI
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}"=OpenMG Secure Module 4.1.00
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}"=QuickTime
"MetaFrame Presentation Server Web Client for Win32"=MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer"=Notebook Maximizer
"OpenMG HotFix4.1-05-13-31-01"=OpenMG Limited Patch 4.1-05-13-31-01
"PC Diagnostic Tool"=TOSHIBA PC Diagnostic Tool
"PhotoStitch"=Canon Utilities PhotoStitch
"Power Saver"=TOSHIBA Power Saver
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0"=RealPlayer
"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Weather Channel Desktop"=The Weather Channel Desktop
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver"=Toshiba Tbiosdrv Driver
"TurboTax Deluxe 2005"=TurboTax Deluxe 2005
"TurboTax Deluxe 2007"=TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006"=TurboTax Deluxe Deduction Maximizer 2006
"ViewpointMediaPlayer"=Viewpoint Media Player
"Weather Services"=Weather Services
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Yahoo! Customizations"=Yahoo! Browser Services
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2008 9:26:01 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 12/28/2008 9:37:06 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 12/28/2008 9:48:20 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 12/28/2008 9:59:38 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 12/28/2008 10:19:15 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 12/28/2008 10:30:27 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 12/28/2008 10:41:24 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 12/29/2008 8:36:37 AM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 12/29/2008 8:47:51 AM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 12/29/2008 8:59:02 AM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

[ System Events ]
Error - 12/23/2008 4:48:44 PM | Computer Name = SHEEMA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/23/2008 4:48:44 PM | Computer Name = SHEEMA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/23/2008 4:48:45 PM | Computer Name = SHEEMA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/23/2008 4:48:45 PM | Computer Name = SHEEMA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/23/2008 4:48:45 PM | Computer Name = SHEEMA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/23/2008 4:48:45 PM | Computer Name = SHEEMA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/23/2008 5:19:27 PM | Computer Name = SHEEMA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 12/23/2008 5:19:27 PM | Computer Name = SHEEMA | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 12/23/2008 7:29:02 PM | Computer Name = SHEEMA | Source = Dhcp | ID = 1002
Description = The IP address lease 172.16.228.25 for the Network Card with network
address 00A0D122A343 has been denied by the DHCP server 24.24.29.160 (The DHCP Server
sent a DHCPNACK message).

Error - 12/29/2008 11:08:47 AM | Computer Name = SHEEMA | Source = Dhcp | ID = 1002
Description = The IP address lease 69.207.187.14 for the Network Card with network
address 00A0D122A343 has been denied by the DHCP server 172.18.155.192 (The DHCP
Server sent a DHCPNACK message).


< End of report >



Kapersky
I did a scan of "Critical Areas":

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 31, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 31, 2008 17:43:24
Records in database: 1539200
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Sheema\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 57475
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:15:10


File name / Threat name / Threats count
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

Thanks
Fazal

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 01 January 2009 - 02:55 PM

Hello FAZAL.

Any Problems you have these days regarding your machine?

Your log looks okay to me, some house cleaning work we need to do but other than that not too much I see. Could explain to me anything strange or problems with your machine?

Disable Realtime Protection

Realtime security programs are important for keeping out malware. However, they can interfere with the tools we need to run. Please disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

The Real-time anti-malware programs that I need you to disable are:
  • Spyboy S&D
  • Sophos Anti-Virus
Note: Please re-enable them after running the OTMoveIT3. I had experience with other users complaning OTMoveIT was being flagged sometimes so we are going to temporairly disable it.

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\system32\xlpektvl.dll 
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBE3FC57-6DBC-4A30-BF5A-3A76156954E6}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Please post back with:
-OTMoveIT log
-Malwarebytes Anti-Malware log
-New OTViewiT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 FAZAL

FAZAL
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 02 January 2009 - 12:59 PM

OTMOVEIT

========== FILES ==========
File/Folder C:\WINDOWS\system32\xlpektvl.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBE3FC57-6DBC-4A30-BF5A-3A76156954E6}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_228.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_794.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01022009_120155

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_228.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_794.dat not found!



OTVIEWIT

OTViewIt logfile created on: 1/2/2009 12:14:12 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sheema\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.23 Mb Total Physical Memory | 118.91 Mb Available Physical Memory | 26.65% Memory free
1.03 Gb Paging File | 0.78 Gb Available in Paging File | 75.77% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 53.72 Gb Free Space | 72.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHEEMA
Current User Name: Sheema
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/04/11 15:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/08/21 08:04:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
[2004/12/22 18:50:04 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
[2005/01/17 18:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[2003/08/25 16:41:30 | 01,421,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2004/08/27 17:33:32 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2008/12/19 11:09:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/08/21 08:06:32 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
[2008/11/13 06:38:36 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
[2008/10/01 05:28:43 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
[2008/11/13 06:38:30 | 00,790,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
[2004/05/13 15:46:02 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
[2005/04/25 11:15:26 | 00,034,816 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2005/04/11 15:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2004/08/04 07:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2004/08/04 07:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2007/08/30 09:55:27 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/15 02:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/29 10:37:11 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheema\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/12/22 18:50:04 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/04/11 15:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/09/30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2005/01/17 18:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2003/08/25 16:41:30 | 01,421,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2004/08/27 17:33:32 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/12/19 11:09:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2005/01/26 18:30:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/26 18:25:34 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2008/08/21 08:06:32 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService [Unknown | Running])
[2008/08/21 08:04:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService [Unknown | Running])
[2008/11/13 06:38:36 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent [Auto | Running])
[2008/10/01 05:28:43 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service [Auto | Running])
[2008/11/13 06:38:30 | 00,790,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router [Auto | Running])
[2005/01/26 18:20:14 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2005/01/24 21:36:52 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
[2004/05/13 15:46:02 | 00,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
[2005/04/25 11:15:26 | 00,034,816 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
[2004/08/11 03:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/04/12 18:19:42 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2005/03/25 17:04:40 | 02,314,560 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2004/12/22 18:45:36 | 00,393,600 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[2005/04/11 15:33:52 | 01,035,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2003/10/22 22:15:02 | 00,067,024 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2003/10/22 22:15:02 | 00,024,698 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2003/05/01 13:26:34 | 00,005,220 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2003/08/25 16:40:44 | 00,268,360 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2002/08/26 17:09:42 | 00,138,916 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2004/08/17 05:21:00 | 00,087,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/12/23 04:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2005/09/04 20:17:42 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2005/02/25 02:33:26 | 00,102,320 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2003/01/29 16:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[2003/09/19 17:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/10/21 04:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/12/02 18:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/03 17:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2008/07/18 06:49:39 | 00,104,704 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl [System | Running])
[2008/07/18 06:49:24 | 00,035,584 | ---- | M] (Sophos Plc) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/12/02 13:04:20 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/12/02 13:04:10 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2004/10/14 17:14:04 | 00,185,728 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2003/06/11 10:53:22 | 00,006,867 | ---- | M] () -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv [Auto | Running])
[2005/01/14 03:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/01/14 03:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/01/14 03:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/01/14 03:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/01/14 03:05:00 | 00,087,706 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/01/14 03:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/01/14 03:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/01/14 03:05:00 | 00,099,098 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/01/14 03:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2005/03/15 10:33:30 | 00,004,992 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD [On_Demand | Running])
[2005/04/15 15:46:04 | 00,029,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs [On_Demand | Running])
[2003/03/03 14:08:56 | 00,176,896 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2003/01/10 18:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.hotmail.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.toshibadirect.com/dpdstart

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.toshibadirect.com/dpdstart

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.toshibadirect.com/dpdstart

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.toshibadirect.com/dpdstart

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.hotmail.com/

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1

========== (O1) Hosts File ==========

HOSTS File = (290277 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
9998 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BA52B914-B692-46c4-B683-905236F6F655}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Startup Folders ==========

[2007/08/30 09:55:27 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 04:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
&Yahoo! Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 04:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}: Button: AOL Toolbar -- Reg Error: Key does not exist or could not be opened. File not found
{4982D40A-C53B-4615-B15B-B5B5E98D167C}: Menu: AOL Toolbar -- Reg Error: Key does not exist or could not be opened. File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [AOL Toolbar] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 00:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 15:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
turbotax.com: https in Trusted sites
92 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
92 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
92 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
103 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
103 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-510397198-4040956125-966354338-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
turbotax.com: https in Trusted sites
92 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{1BDE1C76-8459-469D-9DAF-0C3D2AB54763} (Servers: | Description: Atheros AR5005G Wireless Network Adapter)
{25250ED2-AFBF-4FFC-9B11-2B81E6397F82} (Servers: | Description: )
{8D514E12-B687-4F5E-9E4A-9662AFC5976D} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
>[2008/01/31 20:16:47 | 00,173,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/04/20 15:34:37 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47f8d90-87f6-11dd-9a0b-0011f57420f6}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47f8d90-87f6-11dd-9a0b-0011f57420f6}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f47f8d90-87f6-11dd-9a0b-0011f57420f6}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[2009/01/02 12:01:55 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/02 11:58:12 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sheema\Desktop\OTMoveIt3.exe
[2009/01/01 13:49:45 | 00,130,104 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2009/01/01 13:48:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2009/01/01 13:48:36 | 00,023,552 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2008/12/31 15:50:28 | 00,003,071 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\kapersky report.html
[2008/12/29 10:37:10 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sheema\Desktop\OTViewIt.exe
[2008/12/23 18:49:43 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2008/12/23 18:49:43 | 00,000,232 | -H-- | C] () -- C:\sqmdata01.sqm
[2008/12/23 18:37:34 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2008/12/23 15:48:56 | 00,000,153 | ---- | C] () -- C:\DelUS.bat
[2008/12/23 14:21:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheema\Desktop\AOL Saved PFC
[2008/12/23 14:21:43 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/23 12:45:11 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/12/23 11:01:17 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2008/12/19 14:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/19 13:54:19 | 00,000,811 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Internet Explorer (2).lnk
[2008/12/18 16:49:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/12/18 14:00:47 | 14,968,808 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Sheema\Desktop\spybotsd160.exe
[2008/12/18 14:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/12/18 14:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2008/12/18 14:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2008/12/18 14:00:31 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2008/12/18 12:37:14 | 46,798,0288 | -HS- | C] () -- C:\hiberfil.sys
[2008/12/17 11:43:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/17 11:43:13 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/17 11:43:13 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/17 11:43:13 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/17 11:43:13 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/17 11:43:12 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/17 11:43:12 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/12/17 11:43:12 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/17 11:43:11 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/12/17 11:43:11 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/17 11:42:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/17 11:42:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/12/17 11:40:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/17 11:40:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/17 11:40:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/17 11:39:15 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/12/17 11:36:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/12/17 11:36:22 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2008/12/17 11:15:10 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/17 09:51:06 | 00,000,669 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Antivirus 360.lnk
[2008/12/17 09:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\A360
[2008/12/14 10:59:15 | 04,729,631 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Mohini_Poonam.JPG
[2008/12/14 10:56:47 | 02,571,116 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Mohini_Bhatia.jpg
[2008/12/14 10:41:52 | 00,222,514 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\navjote_Jal_Preeti.JPG
[2008/12/14 10:07:29 | 01,731,188 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\Chicago 08.jpg
[2008/12/13 23:05:45 | 01,806,106 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\ROC Dec08.jpg
[2008/12/13 23:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sheema\Desktop\Gala_Chicago_Pics
[2008/12/13 09:34:04 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2008/12/13 09:33:27 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys
[2008/12/13 09:32:39 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/12/09 06:41:15 | 00,388,903 | ---- | C] () -- C:\Documents and Settings\Sheema\Desktop\wt.pdf

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[2009/01/02 12:06:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/02 12:06:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/02 12:06:05 | 46,798,0288 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/02 11:58:13 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheema\Desktop\OTMoveIt3.exe
[2009/01/02 06:58:19 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2009/01/01 20:51:42 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Microsoft Office PowerPoint 2003.lnk
[2009/01/01 11:27:46 | 00,013,312 | ---- | M] () -- C:\Documents and Settings\Sheema\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/31 23:41:10 | 00,003,540 | -H-- | M] () -- C:\Documents and Settings\Sheema\Desktop\ZbThumbnail.info
[2008/12/31 15:50:28 | 00,003,071 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\kapersky report.html
[2008/12/30 07:21:58 | 00,001,144 | -H-- | M] () -- C:\Documents and Settings\Sheema\My Documents\Default.rdp
[2008/12/29 10:37:11 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sheema\Desktop\OTViewIt.exe
[2008/12/28 20:14:05 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/24 17:20:38 | 00,000,580 | ---- | M] () -- C:\Documents and Settings\Sheema\My Documents\My Sharing Folders.lnk
[2008/12/23 18:49:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/12/23 18:49:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/12/23 15:48:56 | 00,000,153 | ---- | M] () -- C:\DelUS.bat
[2008/12/23 14:22:21 | 00,000,645 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/23 14:21:53 | 00,000,004 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2008/12/23 12:44:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/23 12:44:07 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/19 13:54:19 | 00,000,811 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Internet Explorer (2).lnk
[2008/12/19 10:52:39 | 02,114,256 | -H-- | M] () -- C:\Documents and Settings\Sheema\Local Settings\Application Data\IconCache.db
[2008/12/19 09:10:53 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Notebook Maximizer.LNK
[2008/12/18 15:28:09 | 00,000,268 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/18 14:42:16 | 00,290,277 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/18 14:01:16 | 14,968,808 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sheema\Desktop\spybotsd160.exe
[2008/12/18 03:02:04 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/17 12:57:35 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\Sheema\My Documents\desktop.ini
[2008/12/17 11:15:10 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/12/17 09:51:06 | 00,000,669 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Antivirus 360.lnk
[2008/12/17 08:26:28 | 00,008,634 | ---- | M] () -- C:\WINDOWS\hh.dat
[2008/12/14 10:59:17 | 04,729,631 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Mohini_Poonam.JPG
[2008/12/14 10:56:47 | 02,571,116 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Mohini_Bhatia.jpg
[2008/12/14 10:41:52 | 00,222,514 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\navjote_Jal_Preeti.JPG
[2008/12/13 21:56:38 | 01,806,106 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\ROC Dec08.jpg
[2008/12/13 21:56:34 | 01,731,188 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\Chicago 08.jpg
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/09 06:41:16 | 00,388,903 | ---- | M] () -- C:\Documents and Settings\Sheema\Desktop\wt.pdf
< End of report >



Extras

OTViewIt Extras logfile created on: 1/2/2009 12:14:12 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sheema\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.23 Mb Total Physical Memory | 118.91 Mb Available Physical Memory | 26.65% Memory free
1.03 Gb Paging File | 0.78 Gb Available in Paging File | 75.77% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 53.72 Gb Free Space | 72.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHEEMA
Current User Name: Sheema
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 07:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 07:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/11/03 16:06:34 | 00,462,848 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine
[2005/03/17 18:37:26 | 00,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2002/07/19 17:15:34 | 00,692,224 | ---- | M] (Hummingbird Ltd.) -- C:\Program Files\Hummingbird\Accessories\ftp.exe:*:Enabled:FTP for Windows NT4/2000/XP
[2004/10/14 17:33:08 | 00,012,888 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
File not found -- C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
File not found -- C:\Program Files\Common Files\AOL\1144283792\EE\AOLServiceHost.exe:*:Enabled:AOL
[2004/04/07 14:07:36 | 00,103,536 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
[2006/11/30 21:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/11/30 21:49:06 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2007/03/08 00:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/04/10 19:00:56 | 03,679,784 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2008/03/05 22:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[2007/10/22 17:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 04:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/19 19:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 16:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 17:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 00:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}"=TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{034759DA-E21A-4795-BFB3-C66D17FAD183}"=Sophos Anti-Virus
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}"=Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}"=TOSHIBA Assist
"{15C418EB-7675-42be-B2B3-281952DA014D}"=Sophos AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{29B6FCC3-B594-4DD2-8BB6-2C306ECEE61B}"=Step3 CCS
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}"=TurboTax ItsDeductible 2005
"{2F151B50-B434-4838-B51D-70442EBA093E}"=OpenMG Secure Module 4.1.00
"{3248F0A8-6813-11D6-A77B-00B0D0150010}"=J2SE Runtime Environment 5.0 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}"=QuickTime
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}"=TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}"=TOSHIBA Software Upgrades
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}"=VPN Client
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}"=Touch and Launch
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}"=TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}"=TOSHIBA Hotkey Utility
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}"=Canon PhotoRecord
"{69BE47C2-36FE-4397-8199-85D8EAE69982}"=TOSHIBA TouchPad ON/Off Utility
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}"=Atheros Client Utility
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}"=TOSHIBA Utilities
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}"=TOSHIBA Virtual Sound
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91A10409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office OneNote 2003
"{94FB906A-CF42-4128-A509-D353026A607E}"=REALTEK Gigabit and Fast Ethernet NIC Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}"=Roxio Burn Engine
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}"=DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}"=CD/DVD Drive Acoustic Silencer
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 3.0
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}"=TOSHIBA Controls
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}"=TurboTax ItsDeductible 2006
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BA561482-C49D-4687-A61C-96236C1688F0}"=ArcSoft Software Suite
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}"=TOSHIBA ConfigFree
"{C8F7C1E5-0150-11D6-A96C-00D05908F85D}"=USB Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD395C58-AE9F-40C1-BF65-21C223EA3BF2}"=Hummingbird HostExplorer V8.0
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}"=WexTech AnswerWorks
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}"=TOSHIBA Speech System Applications
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}"=Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FF11005D-CBC8-45D5-A288-25C7BB304121}"=Sophos Remote Management System
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"CAL"=Canon Camera Access Library
"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC"=Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CSCLIB"=Canon Camera Support Core Library
"EOS Utility"=Canon Utilities EOS Utility
"HijackThis"=HijackThis 2.0.2
"HostExplorer and OAS GUI"=HostExplorer and OAS GUI
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}"=OpenMG Secure Module 4.1.00
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}"=QuickTime
"MetaFrame Presentation Server Web Client for Win32"=MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer"=Notebook Maximizer
"OpenMG HotFix4.1-05-13-31-01"=OpenMG Limited Patch 4.1-05-13-31-01
"PC Diagnostic Tool"=TOSHIBA PC Diagnostic Tool
"PhotoStitch"=Canon Utilities PhotoStitch
"Power Saver"=TOSHIBA Power Saver
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0"=RealPlayer
"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Weather Channel Desktop"=The Weather Channel Desktop
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver"=Toshiba Tbiosdrv Driver
"TurboTax Deluxe 2005"=TurboTax Deluxe 2005
"TurboTax Deluxe 2007"=TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006"=TurboTax Deluxe Deduction Maximizer 2006
"ViewpointMediaPlayer"=Viewpoint Media Player
"Weather Services"=Weather Services
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Yahoo! Customizations"=Yahoo! Browser Services
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2009 9:18:50 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 1/1/2009 9:30:03 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 1/1/2009 9:41:16 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 1/1/2009 9:52:30 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 1/1/2009 10:25:24 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 1/1/2009 10:36:37 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 1/1/2009 10:47:50 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 1/1/2009 10:59:04 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 1/1/2009 11:10:10 PM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

Error - 1/2/2009 7:05:54 AM | Computer Name = SHEEMA | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: SOPHOSRELAY2.%3

[ System Events ]
Error - 12/29/2008 2:31:41 PM | Computer Name = SHEEMA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/29/2008 2:31:41 PM | Computer Name = SHEEMA | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/30/2008 7:09:58 AM | Computer Name = SHEEMA | Source = Dhcp | ID = 1002
Description = The IP address lease 172.16.228.25 for the Network Card with network
address 00A0D122A343 has been denied by the DHCP server 24.24.29.160 (The DHCP Server
sent a DHCPNACK message).

Error - 12/31/2008 11:49:14 AM | Computer Name = SHEEMA | Source = Dhcp | ID = 1002
Description = The IP address lease 74.74.156.61 for the Network Card with network
address 00A0D122A343 has been denied by the DHCP server 172.18.155.192 (The DHCP
Server sent a DHCPNACK message).

Error - 12/31/2008 6:31:47 PM | Computer Name = SHEEMA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.10 for the Network Card with network
address 00A0D122A343 has been denied by the DHCP server 24.24.29.160 (The DHCP Server
sent a DHCPNACK message).

Error - 1/1/2009 10:30:03 AM | Computer Name = SHEEMA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/1/2009 10:30:03 AM | Computer Name = SHEEMA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/1/2009 10:30:03 AM | Computer Name = SHEEMA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/1/2009 10:30:03 AM | Computer Name = SHEEMA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 1/2/2009 10:39:52 AM | Computer Name = SHEEMA | Source = Dhcp | ID = 1002
Description = The IP address lease 74.74.156.61 for the Network Card with network
address 00A0D122A343 has been denied by the DHCP server 172.18.155.192 (The DHCP
Server sent a DHCPNACK message).


< End of report >




Malwarebytes

Malwarebytes' Anti-Malware 1.31
Database version: 1596
Windows 5.1.2600 Service Pack 2

1/2/2009 12:42:33 PM
mbam-log-2009-01-02 (12-42-33).txt

Scan type: Quick Scan
Objects scanned: 57632
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{dbe49762-874f-41ac-9409-ecdd4b3db4a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b27cc68-110c-46a9-80d3-f3107de6eb98} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12da1bc4-5384-42fd-a119-3c99d2d146a2} (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\?ssembly (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheema\Start Menu\Antivirus 360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheema\Start Menu\Antivirus 360\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheema\Start Menu\Antivirus 360\Help.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheema\Start Menu\Antivirus 360\Registration.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheema\Desktop\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheema\Desktop\Internet Security Suite.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sheema\Desktop\Click to Find and Fix Errors.url (Rogue.Link) -> Quarantined and deleted successfully.


As far as symptoms/problems go...when you asked me this question the first time I sent a respone to you through PM, which was: "at first we were experiencing a lot of typical pop-ups with "Antivirus 360." The computer was frequently displaying the 'blue screen of death' and other strange anomalies (ex. it would suddenly change the resolution of the desktop from 800x600 to 640x480). Once I disabled Antivirus 360 from starting up through msconfig, these problems seemed to stop. Although I know Antivirus 360 is still resident on the computer, as I havent made any attempts to remove it. My colleague still complians about general slowness and sluggishness of her computer - this may or may not be spyware related."

-that pretty much sums up exactly what were experiencing still. The pop-ups and anomalies have stopped since I disabled Antivirus 360 from starting up. However the computer was still slow, we'll see if the changes we made today have improved the speed. I also plan to defrag the HDD soon (I was waiting until we deleted the infected files).

I also want to uninstall the "viewpoint media player" and "The Weather Channel Desktop" from this computer. Can you send me instructions for this? Actually I have tried to uninstall the weather channel desktop and it is not uninstalling.

Thanks
Fazal

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 03 January 2009 - 12:23 PM

Hello FAZAL.

Sorry for the delay.

MBAM took out those rogue entries, relating to your AV360. :thumbsup:

I also want to uninstall the "viewpoint media player" and "The Weather Channel Desktop" from this computer. Can you send me instructions for this? Actually I have tried to uninstall the weather channel desktop and it is not uninstalling.

Not sure why it's not uninstalling let's try using it's command to uninstall it. Viewpoint is a froistware and you uninstalled it I believe?

Remove Program with HijackThis Uninstall Command
  • Double click the HijackThis icon on your desktop.
  • If you see a while screen, click Main Menu at the middle bottom of the window, otherwise move onto the next step.
  • Click Open the Misc Tools section.
  • Under System tools, select Uninstall Manager....
  • Under the Add/Remove Programs Manager, highlight weather channel desktop using your mouse.
  • On your Right hand side there is a section called: "Uninstall Command"
  • In the Uninstall Command there is a box and copy that command (the whole thing)
  • Now go to Start>>Run>> In the open field please paste in what you copied in the uninstall command.
  • This shall uninstall it and follow any prompts on uninstall it.
Tell me how it goes, also it may be already removed as I don't see signs of that program in the log.

Run Script with OTMoveIt3
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\Program Files\A360
    C:\Documents and Settings\Sheema\Desktop\Antivirus 360.lnk
    :commands
    [EmptyTemp]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download and run MalwareBytes Anti-Malware(Full Scan)

Please download Malwarebytes Anti-Malware and save it to your desktop if you lost your copy and need to install it, otherwise skip the installation step and continue with the Full Scan.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Please post back with:
-OTMOveIT log
-MBAM log
-New OTViewiT logs
-Any other problems?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 FAZAL

FAZAL
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 03 January 2009 - 11:22 PM

Hello,

Thank you for your response. I will carry out the steps you provided on Monday when I have access to my colleague's computer again. And yes I have removed the Viewpoint Media Player, simply through add/remove programs.
As far as viruses/malware is concerned, do my logs look pretty clean? Besides the 3 logs you've requested, are there any other logs that you think you may want? The reason I ask is because I may not have access to my colleagues computer for many days longer (Monday might be the last day-unless you find something really wrong). My colleague is extremely appreciative of the service you and I are providing, but I think bringing her laptop into work everyday is becoming alittle bit of a hassle for her - and I don't blame her, shes brought it for two weeks straight already. We get alot of snow up here and just getting to work alone is a hassle! :thumbsup:

Anyways, thanks for all your help!!! Ill post back on Monday.

Fazal

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 04 January 2009 - 05:03 PM

Hello.

Yup. Your log looks okay to me. Maybe just some minor lefotver entries that need to be removed and it'll be okay.

Thanks for letting me know, post back with the results when you have access to the computer.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:35 PM

Posted 08 January 2009 - 04:02 PM

Hello.

I thought you would post back this Monday.. lol.

Anyways to be fair to other members, I will close this topic as it will be more than a week. Please send me a message when you get back and I will re-open the topic for you to post back the logs..

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users