Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this log: stubborn malware - scareware


  • This topic is locked This topic is locked
28 replies to this topic

#1 ltorres75

ltorres75

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 28 April 2010 - 11:16 PM

I did a malwarebyte scan and cleaned over 100 items. Did a safe mode scan. Did Norton full scan 5 times.

here's my log from hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:50 PM, on 4/28/2010
Platform: Windows XP SP3, v.5938 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {016122F4-D6AD-432C-AFA1-B0E93490F2F3} - C:\WINDOWS\system32\asycfilt32.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - .DEFAULT User Startup: TrueTransparency.exe.lnk = C:\Program Files\TrueTransparency\TrueTransparency.exe (User 'Default user')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.arise.com
O15 - Trusted Zone: http://*.att.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} (InstallShield Setup Player V12) - https://www.lifeofsouthwest.com/saa/ICSolut...Disk1/setup.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www1.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://nationallife.webex.com/client/T27LB...bex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM+ System Executer (DComEx) - Unknown owner - C:\WINDOWS\System32\SoftwareDistribution32\mmc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Software Distribution (SoftwareDistribution32) - Unknown owner - C:\WINDOWS\Rootdistribution32.exe (file missing)
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Sreekumar\My Documents\My Pictures\Linda\Wallpaper_Request_by_Finvara.jpg

--
End of file - 15501 bytes

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:54 AM

Posted 03 May 2010 - 10:22 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %appdata%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 ltorres75

ltorres75
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 May 2010 - 02:59 PM

OTL logfile created on: 5/3/2010 2:49:33 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Sreekumar\Desktop
Windows XP Professional Edition Service Pack 3, v.5938 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.65 Gb Total Space | 358.56 Gb Free Space | 77.00% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA
Current User Name: Sreekumar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/03 14:47:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sreekumar\Desktop\OTL.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/03/10 22:32:08 | 001,819,992 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
PRC - [2010/03/10 17:32:34 | 001,598,808 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2010/01/27 11:34:24 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/11/14 19:33:30 | 002,356,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/08/05 21:34:10 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/02/17 07:15:10 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/29 14:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 08:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/27 15:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/03 14:47:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sreekumar\Desktop\OTL.exe
MOD - [2010/03/26 18:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\asoehook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/01/26 15:58:08 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3300_x-ww_d7ca0dc2\comctl32.dll
MOD - [2008/01/26 15:56:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (DComEx)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/05 21:34:10 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/07/20 11:28:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/11 14:20:50 | 000,000,000 | ---D | M] [Auto | Stopped] -- C:\WINDOWS\system32\SoftwareDistribution32 -- (SoftwareDistribution32)
SRV - [2007/08/29 14:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 08:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/10/14 05:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/01 16:58:50 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/01 16:58:50 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/24 15:38:10 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/20 20:43:44 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/20 12:48:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/26 21:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 21:23:22 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 21:23:22 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:58 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 20:40:52 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/03 20:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/28 17:37:24 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100422.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/08/29 19:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/08/29 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/01/25 23:35:04 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/10 11:08:48 | 000,024,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/06/27 10:42:32 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2007/06/27 10:41:46 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2007/06/26 20:58:16 | 002,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/31 02:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/05/21 02:29:26 | 000,235,648 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2007/04/16 17:40:48 | 000,037,248 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/04/11 11:18:34 | 000,048,000 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/02/07 06:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/22 18:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/06/18 05:11:56 | 000,798,592 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/04/26 16:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/20 12:49:20 | 000,000,000 | ---D | M]

[2009/04/03 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Extensions
[2009/04/03 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2008/07/10 15:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Firefox\Profiles\emgp2ri1.default\extensions
[2010/04/28 17:26:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Firefox\Profiles\emgp2ri1.default\extensions\{303781ec-c6f6-4695-b802-4ff643480d17}
[2010/04/23 08:53:52 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Firefox\Profiles\emgp2ri1.default\extensions\{47967e96-40e1-40a7-aafe-2bc544fcf23e}
[2008/05/23 23:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2008/05/29 17:06:10 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKU\.DEFAULT..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-18..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-19..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-20..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\TrueTransparency.exe.lnk = C:\Program Files\TrueTransparency\TrueTransparency.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: arise.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} https://www.lifeofsouthwest.com/saa/ICSolut...Disk1/setup.exe (InstallShield Setup Player V12)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomeeting.com/default/applets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nationallife.webex.com/client/T27LB...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll File not found
O24 - Desktop Components:0 () - C:\Documents and Settings\Sreekumar\My Documents\My Pictures\Linda\Wallpaper_Request_by_Finvara.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sreekumar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sreekumar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/23 23:23:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{749f50d4-6fdb-11de-b8c7-001e9083e9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{749f50d4-6fdb-11de-b8c7-001e9083e9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{749f50d4-6fdb-11de-b8c7-001e9083e9ef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{efe42cb6-3d77-11dd-b74d-001e9083e9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{efe42cb6-3d77-11dd-b74d-001e9083e9ef}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{efe42cb6-3d77-11dd-b74d-001e9083e9ef}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/05/23 23:07:06 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe - (Hewlett-Packard)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk - C:\Program Files\HP\Digital Imaging\bin\hposol08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe - (Realtek Semiconductor Corp.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Sreekumar^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Sreekumar^Start Menu^Programs^Startup^palmOne Registration.lnk - C:\Program Files\palmOne\register.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Sreekumar^Start Menu^Programs^Startup^TrueTransparency.exe.lnk - C:\Program Files\TrueTransparency\TrueTransparency.exe - ()
MsConfig - StartUpReg: 36X Raid Configurer - hkey= - key= - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Documents and Settings\Sreekumar\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig - StartUpReg: CmPCIaudio - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DrvIcon - hkey= - key= - C:\install\DrvIcon.exe (artArmin)
MsConfig - StartUpReg: EPSON Stylus Photo R280 Series - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\WINDOWS\RaidTool\xInsIDE.exe ()
MsConfig - StartUpReg: LClock - hkey= - key= - C:\Program Files\LClock\LClock.exe ()
MsConfig - StartUpReg: Name of App - hkey= - key= - C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PRISMSVR.EXE - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Search Protection - hkey= - key= - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/03 14:47:44 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sreekumar\Desktop\OTL.exe
[2010/05/03 12:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sreekumar\Application Data\webex
[2010/04/28 22:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/28 22:07:09 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sreekumar\My Documents\HJTInstall.exe
[2010/04/28 16:06:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/28 16:06:17 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 16:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/28 16:05:02 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sreekumar\My Documents\mbam-setup.exe
[2010/04/27 21:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sreekumar\Application Data\Tific
[2010/04/27 21:49:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sreekumar\IECompatCache
[2010/04/27 21:36:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/27 20:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\avG
[2010/04/27 20:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/23 08:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sreekumar\Application Data\WinRAR
[2010/04/23 08:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\90796181
[2010/04/20 19:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/12 09:39:06 | 000,000,000 | -HSD | C] -- C:\FOUND.020
[2010/04/05 19:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/04/04 16:30:39 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/04/04 16:30:39 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/04/04 16:30:33 | 000,037,248 | ---- | C] (Service & Quality Technology.) -- C:\WINDOWS\System32\drivers\Capt905c.sys
[2010/04/04 16:30:33 | 000,025,216 | ---- | C] (Service & Quality Technology.) -- C:\WINDOWS\System32\drivers\Camd905c.sys
[2010/04/04 16:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\MyDSC2
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Sreekumar\*.tmp files -> C:\Documents and Settings\Sreekumar\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/03 14:47:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sreekumar\Desktop\OTL.exe
[2010/05/03 14:36:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 09:44:38 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{642BCE82-BF6B-4E99-A56E-DCD3995CD1D1}.job
[2010/05/03 09:14:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/03 09:12:22 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/03 09:11:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/03 09:11:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/03 09:11:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/01 17:28:40 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Sreekumar\NTUSER.DAT
[2010/05/01 17:28:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\ntuser.ini
[2010/04/30 20:19:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/04/30 18:56:02 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware.job
[2010/04/29 21:30:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Symantec AntiVirus.job
[2010/04/28 22:07:28 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Desktop\HijackThis.lnk
[2010/04/28 22:07:10 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sreekumar\My Documents\HJTInstall.exe
[2010/04/28 17:10:44 | 000,003,751 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891P.manifest
[2010/04/28 17:10:44 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891C.manifest
[2010/04/28 17:10:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891S.manifest
[2010/04/28 17:10:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891O.manifest
[2010/04/28 17:05:50 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\928716786
[2010/04/28 16:06:24 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/28 16:05:02 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sreekumar\My Documents\mbam-setup.exe
[2010/04/28 16:01:56 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\trojan_fakerean_exe_fix.reg
[2010/04/28 15:33:04 | 000,001,065 | -HS- | M] () -- C:\WINDOWS\System32\1728792482
[2010/04/28 13:24:30 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\67db10f5
[2010/04/28 03:00:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/27 21:39:28 | 004,267,054 | -H-- | M] () -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\IconCache.db
[2010/04/27 21:09:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/27 21:00:32 | 000,013,750 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\1BfeNur
[2010/04/27 21:00:32 | 000,013,750 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1BfeNur
[2010/04/27 20:24:50 | 000,000,973 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/27 15:46:42 | 000,000,651 | ---- | M] () -- C:\WINDOWS\LEDGER.INI
[2010/04/27 11:51:24 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Sreekumar\g2mdlhlpx.exe
[2010/04/23 08:54:30 | 000,000,113 | ---- | M] () -- C:\WINDOWS\System32\sl116053296
[2010/04/23 08:54:16 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/04/23 08:21:36 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Sreekumar\default.pls
[2010/04/23 08:20:10 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 13:00:26 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/04/20 11:04:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/19 10:13:58 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Desktop\Watchtower Library 2009 - español.lnk
[2010/04/16 15:06:44 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\DPE.DUS
[2010/04/14 21:17:36 | 000,021,842 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\Resume Suhey Garza 2010.docx
[2010/04/12 16:00:52 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/04/12 16:00:52 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/04/09 18:12:38 | 000,001,455 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Desktop\WebEx Player.LNK
[2010/04/09 17:48:46 | 000,637,440 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\LifeInsuranceinQualifiedPlans.ppt
[2010/04/07 18:11:00 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\FAQ.doc
[2010/04/07 18:10:04 | 000,084,696 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/07 05:18:56 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/04/07 05:18:16 | 001,610,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Sreekumar\*.tmp files -> C:\Documents and Settings\Sreekumar\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/28 22:07:26 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Sreekumar\Desktop\HijackThis.lnk
[2010/04/28 16:06:22 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/28 16:02:17 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Sreekumar\My Documents\trojan_fakerean_exe_fix.reg
[2010/04/27 20:20:36 | 000,013,750 | -HS- | C] () -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\1BfeNur
[2010/04/27 20:20:36 | 000,013,750 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1BfeNur
[2010/04/27 11:51:22 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Sreekumar\g2mdlhlpx.exe
[2010/04/26 18:55:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\67db10f5
[2010/04/23 08:55:29 | 000,001,065 | -HS- | C] () -- C:\WINDOWS\System32\1728792482
[2010/04/23 08:55:28 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\928716786
[2010/04/23 08:54:29 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\sl116053296
[2010/04/23 08:54:14 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/04/23 08:53:49 | 000,003,751 | -HS- | C] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891P.manifest
[2010/04/23 08:53:49 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891C.manifest
[2010/04/23 08:53:49 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891S.manifest
[2010/04/23 08:53:49 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891O.manifest
[2010/04/20 11:04:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/19 10:13:56 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Sreekumar\Desktop\Watchtower Library 2009 - español.lnk
[2010/04/14 21:17:34 | 000,021,842 | ---- | C] () -- C:\Documents and Settings\Sreekumar\My Documents\Resume Suhey Garza 2010.docx
[2010/04/09 18:12:37 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\Sreekumar\Desktop\WebEx Player.LNK
[2010/04/09 17:48:43 | 000,637,440 | ---- | C] () -- C:\Documents and Settings\Sreekumar\My Documents\LifeInsuranceinQualifiedPlans.ppt
[2010/04/07 18:11:34 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Sreekumar\My Documents\FAQ.doc
[2010/03/27 20:00:32 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\net_rim_plazmic_flint_dialog.dll
[2009/12/18 21:43:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\amtui.INI
[2009/12/18 19:28:41 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Ics.ini
[2009/12/18 19:28:41 | 000,000,651 | ---- | C] () -- C:\WINDOWS\LEDGER.INI
[2009/10/07 10:56:11 | 000,000,615 | ---- | C] () -- C:\WINDOWS\tlknw3.ini
[2009/09/06 15:18:14 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Ipg.ini
[2009/09/06 13:56:03 | 000,000,042 | ---- | C] () -- C:\WINDOWS\flexinet.ini
[2009/09/06 12:49:56 | 000,001,316 | ---- | C] () -- C:\WINDOWS\WinFlex6EXT.ini
[2009/09/06 12:37:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APTDB.dll
[2009/09/06 12:35:57 | 000,000,110 | ---- | C] () -- C:\WINDOWS\Utdsysap.ini
[2009/09/06 12:35:57 | 000,000,101 | ---- | C] () -- C:\WINDOWS\applink.ini
[2009/09/06 12:35:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tmp.ini
[2009/09/06 12:33:08 | 000,002,491 | ---- | C] () -- C:\WINDOWS\AIGAGUtility.ini
[2009/09/06 12:31:46 | 000,000,924 | ---- | C] () -- C:\WINDOWS\AIGAGinstalllog.ini
[2009/09/06 12:31:39 | 000,003,996 | ---- | C] () -- C:\WINDOWS\AIG.ini
[2009/08/19 21:55:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/01/03 21:36:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/03 21:35:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2008/09/16 14:17:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/08/20 23:11:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2008/08/13 10:34:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/07/08 20:27:53 | 000,000,094 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2008/06/28 11:50:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/06/18 19:54:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/06/11 14:20:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ODBCNFG.INI
[2008/06/10 19:15:03 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2008/05/31 18:06:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/27 21:32:59 | 000,000,600 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/23 23:28:10 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/23 23:28:06 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/23 23:28:06 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/23 23:28:04 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/23 23:28:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/23 23:28:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/05/23 22:47:50 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/05/23 08:42:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/05/23 08:32:58 | 000,000,067 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/08 01:19:00 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2007/08/10 11:08:48 | 000,024,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== Custom Scans ==========


< %appdata%\*.* >
[2008/05/23 23:13:54 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\desktop.ini
[2010/03/20 12:37:04 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\SamsungLiveUpdateConfig.ini
[2008/06/28 11:54:12 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\$_hpcst$.hpc
[2008/09/16 14:17:56 | 000,001,468 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\HPCOM_48BitScanUpdate.log
[2010/03/27 22:25:40 | 000,006,057 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\BBMS_EXCEPTION.txt
[2010/04/28 17:10:44 | 000,003,751 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891P.manifest
[2010/04/28 17:10:44 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891C.manifest
[2010/04/28 17:10:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891O.manifest
[2010/04/28 17:10:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891S.manifest

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/01/26 16:05:44 | 019,993,055 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/01/25 23:29:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=6A4824B8EBC19B439BCDA3D2766A9E27 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/01/25 23:29:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=6A4824B8EBC19B439BCDA3D2766A9E27 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/01/25 23:29:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=6A4824B8EBC19B439BCDA3D2766A9E27 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: BEEP.SYS >
[2001/08/23 22:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/01/26 15:57:22 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=55DF92329AFA64C22DEA85625E535DAF -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/01/26 15:57:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=7CC2EF3CF9CFA355CBBAF5258DAF6848 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2008/01/26 15:57:52 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=97D1A1FE74A83B36AA8D60EC22F13350 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2008/01/26 15:57:28 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=2D215CD128FBC24BB0BA77CCBF008CA7 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2008/03/07 07:16:10 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=00C0EB2C640ADD25203B904EA0ECFF14 -- C:\WINDOWS\system32\sfcfiles.dll
< End of report >








Second Report:
OTL Extras logfile created on: 5/3/2010 2:49:33 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Sreekumar\Desktop
Windows XP Professional Edition Service Pack 3, v.5938 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.65 Gb Total Space | 358.56 Gb Free Space | 77.00% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA
Current User Name: Sreekumar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\SoftwareDistribution32\ctfmon.exe" = C:\WINDOWS\System32\SoftwareDistribution32\ctfmon.exe:*:Enabled:Microsoft Update Connector -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\WINDOWS\System32\SoftwareDistribution32\ctfmon.exe" = C:\WINDOWS\System32\SoftwareDistribution32\ctfmon.exe:*:Enabled:Microsoft Update Connector -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Documents and Settings\Sreekumar\Application Data\MJUSBSP\magicJack.exe" = C:\Documents and Settings\Sreekumar\Application Data\MJUSBSP\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Documents and Settings\Sreekumar\Local Settings\Temp\7zS7.tmp\SymNRT.exe" = C:\Documents and Settings\Sreekumar\Local Settings\Temp\7zS7.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{04677911-D5DC-C500-A4E8-2D5CCC9180E9}" = CCC Help Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0629A9E3-42C3-38F4-7DE1-84647E9BE9CE}" = ccc-utility
"{070B059B-F742-4532-B9D1-11E1E3887C6C}" = BlackBerry Device Software Updater
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{15327F19-DCA5-D102-0A11-C8B213AC278A}" = Catalyst Control Center Localization Greek
"{170A555B-8B7C-18A7-FBB3-68FCD8171BEF}" = CCC Help English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA30xx Media Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2100F7DB-91AA-8C7C-1917-E41BE3E06C64}" = CCC Help Dutch
"{23101306-56BD-BD95-DE03-907203A2D121}" = CCC Help Russian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F84188-E168-12FC-68E1-0BC2B9ADA0F7}" = CCC Help Thai
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{252E8DB0-E036-1BFD-D1BA-0434C3B66B41}" = ccc-core-preinstall
"{255B921D-AE7F-8C7A-ACEA-9C7420659DC5}" = Catalyst Control Center Localization Thai
"{25F78FDD-6D45-5229-3602-1026D916B534}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{281D1C3D-50DA-46B4-D3E3-B811A9A3E644}" = Catalyst Control Center Localization Dutch
"{2847E94E-E127-1018-BA2D-1B99C229BE71}" = CCC Help Polish
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E7B6B00-5ECD-49A1-8FD4-4B647C5D8027}" = Adobe Captivate 3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32AF8E1C-CCC7-78D0-1BD6-E48EFFBBEE92}" = Catalyst Control Center Localization French
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{385DFAC7-B31A-6FB0-1EB6-CD4854D55219}" = Catalyst Control Center Localization Swedish
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3D6816CE-0943-85C8-8AB4-88C23C38CECB}" = Catalyst Control Center Localization Chinese Traditional
"{4026F0FC-CD1B-C487-B5C6-E815B258A1CA}" = Catalyst Control Center Graphics Light
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44EBA8D8-C559-A742-692D-51D2049AB8F1}" = CCC Help Finnish
"{45E5354A-2CB2-EB0B-D930-29F8DD9F17AC}" = CCC Help Turkish
"{4846B4A3-E2E3-61A3-2B9F-3674291C3C97}" = CCC Help Spanish
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{491E695B-D88A-96B3-5DD6-C8487E6CF145}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52DF099A-2A4A-4714-756F-3E4719FE4672}" = Skins
"{5399ACAF-7B15-43D5-9233-4E797B184FD2}" = AVIVO
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54043BD9-50E5-96F0-D95F-E8BAACE26D89}" = Catalyst Control Center Localization Finnish
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B21299-1523-BA6D-CF0C-37122B5CB762}" = CCC Help Italian
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}" = PDFlib 4.0.1
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5AEE7421-5575-4227-98C6-DD7B226B9E09}" = AIG American General Common Files
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{6072EF5D-2EBB-4FBA-8BE5-1C2BA21E8CFA}" = Watchtower Library 2009 - español
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66EBD70F-A42C-475F-AEDF-277378151033}" = Nero 7 Essentials
"{67E76212-F672-32C4-0828-5BE8F7B85966}" = Catalyst Control Center Graphics Full New
"{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser
"{6A9D8554-E01A-B116-C84D-810589D016A1}" = Catalyst Control Center Localization Japanese
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C144163-02C2-B57F-AB61-56DA5546B2BB}" = Catalyst Control Center Localization Spanish
"{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra)
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71706684-AE15-468D-8082-59D7B64DCDA3}" = FLA Software
"{7261D8B6-ABF0-44AD-86EE-E997CF246AF9}" = AIG American General Illustration Systems
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DF227F-21FD-1B67-B1C2-635B14A0158E}" = CCC Help Danish
"{76CA3745-48C8-1B2E-4090-56711467CD43}" = Catalyst Control Center Localization Portuguese
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B545503-5C31-B8A4-9B77-B6B99ADEC09D}" = Catalyst Control Center Localization Russian
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7D4A509E-8F02-7850-5837-B50D08D47FF5}" = Catalyst Control Center Localization Czech
"{7DD3D82C-714A-F883-D93B-4C129D5FFA15}" = Catalyst Control Center Localization Norwegian
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7E95FCBF-A6E7-2475-7A87-C6D4A355AA66}" = Catalyst Control Center Localization German
"{8010923B-40C7-0ECC-95C5-50623E548D96}" = CCC Help Portuguese
"{82CD426E-31DC-2F43-205E-E01E5C098F5A}" = CCC Help Chinese Traditional
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8AE5117E-7F07-467F-9736-CF5306651EAC}" = Watchtower Library 2008 - Español
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.15
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{920560B7-6A55-DC40-5525-5F44A494F740}" = CCC Help Czech
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B56936D-273E-F723-89D1-6EB3FC858AB5}" = ccc-core-static
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E592B66-DCDF-4774-A27D-DF62A772C0B9}" = IC Solutions
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B545059F-F74D-115D-2BAD-56555D575FCD}" = CCC Help Norwegian
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows Server 2003)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C03DF297-96AD-B6D5-92EA-D99F5D76E5A3}" = CCC Help German
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5DC3DD5-80E0-88B9-2AF4-DFBEF10E4EBB}" = CCC Help Chinese Standard
"{C66844A2-A373-1EEB-589E-AFD77E661FC9}" = Catalyst Control Center Core Implementation
"{C8781F28-84B1-4DBB-4627-951652B04293}" = CCC Help French
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC8EA619-F11E-AD1F-93B7-7B356752185A}" = Catalyst Control Center Localization Polish
"{CD13227D-2CA4-AB85-8674-5F6ADF42B882}" = Catalyst Control Center Localization Korean
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6FC3A76-C2BD-0B95-FB03-7EE37A8D2B21}" = Catalyst Control Center Localization Hungarian
"{D83D00F3-BBEF-B19D-5FE3-AA3C2BD726E3}" = Catalyst Control Center Localization Turkish
"{D8425E1B-D55C-4060-8BF6-07F0AEA85BB1}" = AIG American General WinFlex Files
"{D966EC30-E3FF-9B17-BB68-2277D0870F5B}" = Catalyst Control Center Graphics Previews Common
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}" = Windows Vista Sounds Pack
"{E5ADC9FD-8C1F-456E-DFFB-716FE481C520}" = CCC Help Hungarian
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A1EA72-25C2-4794-BDD7-116E7B5B60B0}" = Asset Allocation
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30E3BD6-F658-FDC3-8FF7-13302359DDD8}" = CCC Help Korean
"{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter
"{F4B265CB-59BF-CCB2-F606-B8D16EE2D8ED}" = Catalyst Control Center Localization Chinese Standard
"{F860DD52-99C8-8746-1F2E-71A662B59FEA}" = Catalyst Control Center Graphics Full Existing
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FAFDA3E9-7035-5EF2-679C-C787EFD01ADF}" = Catalyst Control Center Localization Danish
"{FB63CC95-17BA-A660-35EE-EAEBBA79C30C}" = Catalyst Control Center Localization Italian
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"All ATI Software" = ATI - Software Uninstall Utility
"American General Sales Tools" = American General Sales Tools
"AMO Salesmaker X2" = AMO Salesmaker X2
"ATI Display Driver" = ATI Display Driver
"ATT-AACE" = ATT-AACE
"BlackBerry Theme Studio 5.0" = BlackBerry Theme Studio 5.0
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Business Insurance Online" = Business Insurance Online
"C-Media PCI Audio Driver" = C-Media WDM Audio Driver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"FLA Software" = FLA Software
"GTL Menu" = GTL Menu
"HijackThis" = HijackThis 2.0.2
"Home Alliance" = Home Alliance
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"hp officejet 6100 series_Driver" = hp officejet 6100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Impact Needs Pro" = Impact Needs Pro
"InstallShield_{5AEE7421-5575-4227-98C6-DD7B226B9E09}" = AIG American General Common Files
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.0
"LClock" = LClock
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"novaPDF Professional Desktop 5_is1" = novaPDF Professional Desktop 5.0
"PDFLIB" = PDFLIB
"Prism" = Prism Video Converter
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"Super DVD Ripper v1.90" = Super DVD Ripper v1.90
"Switch" = Switch Sound File Converter
"The Rosetta Stone" = The Rosetta Stone
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Sidebar" = Windows Sidebar
"WinFlex" = WinFlex
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"GoToMeeting" = GoToMeeting 4.5.0.457
"HSHSetup Utility" = HSHSetup Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2010 8:19:57 PM | Computer Name = LINDA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3264, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010f1e.

Error - 4/26/2010 12:16:48 PM | Computer Name = LINDA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3264, faulting
module usrlbva32.dll, version 0.0.0.0, fault address 0x0000f882.

Error - 4/26/2010 12:20:51 PM | Computer Name = LINDA | Source = Application Error | ID = 1001
Description = Fault bucket 1116420106.

Error - 4/26/2010 7:05:47 PM | Computer Name = LINDA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3264, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011689.

Error - 4/27/2010 5:00:23 PM | Computer Name = LINDA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3264, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010f1e.

Error - 4/27/2010 10:28:31 PM | Computer Name = LINDA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/27/2010 10:28:31 PM | Computer Name = LINDA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/27/2010 10:28:31 PM | Computer Name = LINDA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/27/2010 10:28:31 PM | Computer Name = LINDA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 4/28/2010 4:10:02 PM | Computer Name = LINDA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3264, faulting
module 6.tmp, version 0.0.0.0, fault address 0x0003b47c.

[ OSession Events ]
Error - 7/7/2008 2:50:48 PM | Computer Name = MATRIX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 73
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/16/2008 10:13:52 AM | Computer Name = LINDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/15/2009 6:41:40 PM | Computer Name = LINDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86113
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 2/14/2009 6:50:08 PM | Computer Name = LINDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21922
seconds with 180 seconds of active time. This session ended with a crash.

Error - 3/28/2009 4:07:40 PM | Computer Name = LINDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3012
seconds with 540 seconds of active time. This session ended with a crash.

Error - 3/30/2009 10:45:54 PM | Computer Name = LINDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21221
seconds with 3060 seconds of active time. This session ended with a crash.

Error - 4/3/2009 8:14:19 PM | Computer Name = LINDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3332 seconds with 600 seconds of active time. This session ended with a
crash.

Error - 4/13/2009 3:13:04 PM | Computer Name = LINDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/6/2009 1:33:41 PM | Computer Name = LINDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11732
seconds with 840 seconds of active time. This session ended with a crash.

Error - 9/9/2009 3:10:17 PM | Computer Name = LINDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15585
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/28/2010 9:48:27 PM | Computer Name = LINDA | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/28/2010 9:49:48 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 4/30/2010 6:40:05 PM | Computer Name = LINDA | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/30/2010 6:41:26 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 5/1/2010 8:53:22 AM | Computer Name = LINDA | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 5/1/2010 8:54:38 AM | Computer Name = LINDA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 5/3/2010 10:11:24 AM | Computer Name = LINDA | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 5/3/2010 10:12:42 AM | Computer Name = LINDA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 5/3/2010 3:50:14 PM | Computer Name = LINDA | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/3/2010 3:50:14 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >


#4 ltorres75

ltorres75
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 May 2010 - 03:13 PM

Yesterday I removed two items that I cross-referenced from online blogs as mal-ware and rebooted.

After that my IE seems normal again and was NOT re-directing me to other websites, BUT since I do use this PC for business I want to make sure it's CLEAN and I did not miss something.

Thanks
Linda T

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:54 AM

Posted 03 May 2010 - 05:15 PM

Hi ltorres75,

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading.
Select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\System32\unrar.exe

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (DComEx)
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll File not foundMenu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^Sreekumar^Start Menu^Programs^Startup^palmOne Registration.lnk - C:\Program Files\palmOne\register.exe - File not found
    MsConfig - StartUpReg: 36X Raid Configurer - hkey= - key= - File not found
    MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe File not found
    MsConfig - StartUpReg: CmPCIaudio - hkey= - key= - File not found
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: EPSON Stylus Photo R280 Series - hkey= - key= - File not found
    [2010/04/23 08:54:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\90796181
    [2010/04/27 21:00:32 | 000,013,750 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\1BfeNur
    [2010/04/27 21:00:32 | 000,013,750 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1BfeNur
    MsConfig - StartUpReg: PRISMSVR.EXE - hkey= - key= - File not found[2 C:\Documents and Settings\Sreekumar\*.tmp files -> C:\Documents and Settings\Sreekumar\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy the content of the following codebox into the main textfield :
    CODE
    :dir
    C:\WINDOWS\System32\928716786
    C:\WINDOWS\System32\1728792482
    C:\WINDOWS\System32\67db10f5
    C:\WINDOWS\System32\sl116053296
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan, Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Then please post back here with the following logs:
  • Virustotal link
  • OTL results
  • New OTL log
  • SystemLook.txt

Thanks

unite.jpg


#6 ltorres75

ltorres75
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 May 2010 - 05:48 PM

All processes killed
========== OTL ==========
Service DComEx stopped successfully!
Service DComEx deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe\ deleted successfully.
C:\WINDOWS\pss\Reboot.exeCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^Sreekumar^Start Menu^Programs^Startup^palmOne Registration.lnk\ deleted successfully.
C:\WINDOWS\pss\palmOne Registration.lnkStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\36X Raid Configurer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\avgnt\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CmPCIaudio\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ctfmon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\EPSON Stylus Photo R280 Series\ deleted successfully.
C:\WINDOWS\System32\90796181 folder moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Application Data\1BfeNur moved successfully.
C:\Documents and Settings\All Users\Application Data\1BfeNur moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PRISMSVR.EXE\ deleted successfully.
C:\LOG7C0.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 409600 bytes
->Temporary Internet Files folder emptied: 589515 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 12455759 bytes
->Flash cache emptied: 629 bytes

User: Sreekumar
->Temp folder emptied: 10157236 bytes
->Temporary Internet Files folder emptied: 246485937 bytes
->Java cache emptied: 362108 bytes
->FireFox cache emptied: 6433974 bytes
->Flash cache emptied: 4020340 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2396569 bytes
%systemroot%\System32 .tmp files removed: 1079825 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53025988 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23939842 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4119641301 bytes

Total Files Cleaned = 4,274.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService
->Flash cache emptied: 0 bytes

User: Sreekumar
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05032010_173857

Files\Folders moved on Reboot...
C:\Documents and Settings\Sreekumar\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DFBBCB.tmp moved successfully.
File\Folder C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF4886.tmp not found!
File\Folder C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF488D.tmp not found!
File\Folder C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF49DD.tmp not found!
File\Folder C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF49FF.tmp not found!
File\Folder C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF4B62.tmp not found!
File\Folder C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF4B69.tmp not found!
File\Folder C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF4BFC.tmp not found!
File\Folder C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF4C03.tmp not found!
C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF13A7.tmp moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DFED18.tmp moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temp\~DF550B.tmp moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\T04432OA\V0A2FwLzIwMTAwNTAzL3VzX3RhcmdldF9zdGFiYmluZ3MEY2NvZGUDbW9zdHBvcHVsYXIEY3BvcwM0BHBvcwMxBHB0A2hvbWVfY29rZQRzZWMDeW5faGVhZGxpbmVfbGlzdARzbGsDd29tYW5hbGxlZ2Vk[1].txt moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\T04432OA\718[1].txt moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\T04432OA\fc[2].txt moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\T04432OA\01[1].htm moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\LVE1097E\iframe[2].htm moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\LVE1097E\iframe3[1].htm moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\LVE1097E\topic313418[1].htm moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\LVE1097E\reanalisis[1].htm moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\NWR22FH7\st[1] moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\NWR22FH7\st[2] moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\NWR22FH7\st[3] moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\Content.IE5\KEH6CMUA\md[1].txt moved successfully.
C:\Documents and Settings\Sreekumar\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_590.dat not found!

Registry entries deleted on Reboot...


#7 ltorres75

ltorres75
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 May 2010 - 05:49 PM

File has already been analysed:
MD5: bc8123e9966e126fdeb3064eb2fa3302
First received: 2007.11.19 22:53:08 UTC
Date: 2010.04.20 23:35:20 UTC [>12D]
Results: 0/42
Permalink: analisis/c17287e4e0cf015151feec22d739ae7134a61e9d760dfcc169e24f12818328ef-1271806520


#8 ltorres75

ltorres75
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 May 2010 - 05:51 PM

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:50 on 03/05/2010 by Sreekumar (Administrator - Elevation successful)

========== dir ==========

C:\WINDOWS\System32\928716786 - Unable to find folder.

C:\WINDOWS\System32\1728792482 - Unable to find folder.

C:\WINDOWS\System32\67db10f5 - Unable to find folder.

C:\WINDOWS\System32\sl116053296 - Unable to find folder.

-=End Of File=-

#9 ltorres75

ltorres75
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 May 2010 - 05:56 PM

New OTL results WITHOUT bold words etc.

OTL logfile created on: 5/3/2010 5:52:17 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Sreekumar\Desktop
Windows XP Professional Edition Service Pack 3, v.5938 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.65 Gb Total Space | 362.81 Gb Free Space | 77.92% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA
Current User Name: Sreekumar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/03 14:47:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sreekumar\Desktop\OTL.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/03/10 22:32:08 | 001,819,992 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
PRC - [2010/03/10 17:32:34 | 001,598,808 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2010/01/27 11:34:24 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/08/05 21:34:10 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/02/17 07:15:10 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/29 14:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
PRC - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 08:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/03 14:47:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sreekumar\Desktop\OTL.exe
MOD - [2010/03/26 18:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\asoehook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/01/26 15:58:08 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3300_x-ww_d7ca0dc2\comctl32.dll
MOD - [2008/01/26 15:56:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/05 21:34:10 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/07/20 11:28:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/11 14:20:50 | 000,000,000 | ---D | M] [Auto | Stopped] -- C:\WINDOWS\system32\SoftwareDistribution32 -- (SoftwareDistribution32)
SRV - [2007/08/29 14:14:12 | 000,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/10 08:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 08:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/10/14 05:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/01 16:58:50 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/01 16:58:50 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100503.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/24 15:38:10 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/20 20:43:44 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/20 12:48:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/26 21:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 21:23:22 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 21:23:22 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:58 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 20:40:52 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/03 20:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/28 17:37:24 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100429.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/08/29 19:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/08/29 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/01/25 23:35:04 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/10 11:08:48 | 000,024,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/06/27 10:42:32 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2007/06/27 10:41:46 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2007/06/26 20:58:16 | 002,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/31 02:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/05/21 02:29:26 | 000,235,648 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2007/04/16 17:40:48 | 000,037,248 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/04/11 11:18:34 | 000,048,000 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/02/07 06:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/22 18:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/06/18 05:11:56 | 000,798,592 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 22 61 01 AD D6 2C 43 AF A1 B0 E9 34 90 F2 F3 [binary data]
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/04/26 16:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/20 12:49:20 | 000,000,000 | ---D | M]

[2009/04/03 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Extensions
[2009/04/03 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2008/07/10 15:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Firefox\Profiles\emgp2ri1.default\extensions
[2010/04/28 17:26:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Firefox\Profiles\emgp2ri1.default\extensions\{303781ec-c6f6-4695-b802-4ff643480d17}
[2010/04/23 08:53:52 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Sreekumar\Application Data\Mozilla\Firefox\Profiles\emgp2ri1.default\extensions\{47967e96-40e1-40a7-aafe-2bc544fcf23e}
[2008/05/23 23:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2008/05/29 17:06:10 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKU\.DEFAULT..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-18..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-19..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-20..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\TrueTransparency.exe.lnk = C:\Program Files\TrueTransparency\TrueTransparency.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: arise.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKU\S-1-5-21-1614895754-1767777339-1801674531-500\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} https://www.lifeofsouthwest.com/saa/ICSolut...Disk1/setup.exe (InstallShield Setup Player V12)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomeeting.com/default/applets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nationallife.webex.com/client/T27LB...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - C:\Documents and Settings\Sreekumar\My Documents\My Pictures\Linda\Wallpaper_Request_by_Finvara.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sreekumar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sreekumar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/23 23:23:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{749f50d4-6fdb-11de-b8c7-001e9083e9ef}\Shell - "" = AutoRun
O33 - MountPoints2\{749f50d4-6fdb-11de-b8c7-001e9083e9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{749f50d4-6fdb-11de-b8c7-001e9083e9ef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{efe42cb6-3d77-11dd-b74d-001e9083e9ef}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{efe42cb6-3d77-11dd-b74d-001e9083e9ef}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{efe42cb6-3d77-11dd-b74d-001e9083e9ef}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/03 17:38:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/03 14:47:44 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sreekumar\Desktop\OTL.exe
[2010/05/03 12:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sreekumar\Application Data\webex
[2010/04/28 22:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/28 22:07:09 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sreekumar\My Documents\HJTInstall.exe
[2010/04/28 16:06:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/28 16:06:17 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 16:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/28 16:05:02 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sreekumar\My Documents\mbam-setup.exe
[2010/04/27 21:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sreekumar\Application Data\Tific
[2010/04/27 21:49:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sreekumar\IECompatCache
[2010/04/27 21:36:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/27 20:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\avG
[2010/04/27 20:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/23 08:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sreekumar\Application Data\WinRAR
[2010/04/20 19:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/12 09:39:06 | 000,000,000 | -HSD | C] -- C:\FOUND.020
[2010/04/05 19:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/04/04 16:30:39 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/04/04 16:30:39 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/04/04 16:30:33 | 000,037,248 | ---- | C] (Service & Quality Technology.) -- C:\WINDOWS\System32\drivers\Capt905c.sys
[2010/04/04 16:30:33 | 000,025,216 | ---- | C] (Service & Quality Technology.) -- C:\WINDOWS\System32\drivers\Camd905c.sys
[2010/04/04 16:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\MyDSC2
[2 C:\Documents and Settings\Sreekumar\*.tmp files -> C:\Documents and Settings\Sreekumar\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/03 17:50:10 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Desktop\SystemLook.exe
[2010/05/03 17:43:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/03 17:42:12 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/03 17:41:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/03 17:41:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/03 17:41:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/03 17:39:54 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Sreekumar\NTUSER.DAT
[2010/05/03 17:39:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\ntuser.ini
[2010/05/03 17:36:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 17:07:48 | 000,000,600 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/03 17:07:46 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/03 16:58:48 | 000,000,806 | ---- | M] () -- C:\WINDOWS\Ics.ini
[2010/05/03 16:58:48 | 000,000,651 | ---- | M] () -- C:\WINDOWS\LEDGER.INI
[2010/05/03 16:58:18 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\National Life Group Illustrations.lnk
[2010/05/03 16:57:58 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Asset Allocation.lnk
[2010/05/03 15:51:06 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{642BCE82-BF6B-4E99-A56E-DCD3995CD1D1}.job
[2010/05/03 14:47:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sreekumar\Desktop\OTL.exe
[2010/04/30 20:19:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/04/30 18:56:02 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware.job
[2010/04/29 21:30:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Symantec AntiVirus.job
[2010/04/28 22:07:28 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Desktop\HijackThis.lnk
[2010/04/28 22:07:10 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sreekumar\My Documents\HJTInstall.exe
[2010/04/28 17:10:44 | 000,003,751 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891P.manifest
[2010/04/28 17:10:44 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891C.manifest
[2010/04/28 17:10:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891S.manifest
[2010/04/28 17:10:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891O.manifest
[2010/04/28 17:05:50 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\928716786
[2010/04/28 16:06:24 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/28 16:05:02 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sreekumar\My Documents\mbam-setup.exe
[2010/04/28 16:01:56 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\trojan_fakerean_exe_fix.reg
[2010/04/28 15:33:04 | 000,001,065 | -HS- | M] () -- C:\WINDOWS\System32\1728792482
[2010/04/28 13:24:30 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\67db10f5
[2010/04/28 03:00:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/27 21:39:28 | 004,267,054 | -H-- | M] () -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\IconCache.db
[2010/04/27 21:09:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/27 20:24:50 | 000,000,973 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/27 11:51:24 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Sreekumar\g2mdlhlpx.exe
[2010/04/23 08:54:30 | 000,000,113 | ---- | M] () -- C:\WINDOWS\System32\sl116053296
[2010/04/23 08:54:16 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/04/23 08:21:36 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Sreekumar\default.pls
[2010/04/23 08:20:10 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 13:00:26 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2010/04/20 11:04:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/19 10:13:58 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Desktop\Watchtower Library 2009 - español.lnk
[2010/04/16 15:06:44 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\DPE.DUS
[2010/04/14 21:17:36 | 000,021,842 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\Resume Suhey Garza 2010.docx
[2010/04/12 16:00:52 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/04/12 16:00:52 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/04/09 18:12:38 | 000,001,455 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Desktop\WebEx Player.LNK
[2010/04/09 17:48:46 | 000,637,440 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\LifeInsuranceinQualifiedPlans.ppt
[2010/04/07 18:11:00 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Sreekumar\My Documents\FAQ.doc
[2010/04/07 18:10:04 | 000,084,696 | ---- | M] () -- C:\Documents and Settings\Sreekumar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/07 05:18:56 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/04/07 05:18:16 | 001,610,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\Documents and Settings\Sreekumar\*.tmp files -> C:\Documents and Settings\Sreekumar\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/03 17:50:07 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Sreekumar\Desktop\SystemLook.exe
[2010/04/28 22:07:26 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Sreekumar\Desktop\HijackThis.lnk
[2010/04/28 16:06:22 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/28 16:02:17 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Sreekumar\My Documents\trojan_fakerean_exe_fix.reg
[2010/04/27 11:51:22 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Sreekumar\g2mdlhlpx.exe
[2010/04/26 18:55:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\67db10f5
[2010/04/23 08:55:29 | 000,001,065 | -HS- | C] () -- C:\WINDOWS\System32\1728792482
[2010/04/23 08:55:28 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\928716786
[2010/04/23 08:54:29 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\sl116053296
[2010/04/23 08:54:14 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/04/23 08:53:49 | 000,003,751 | -HS- | C] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891P.manifest
[2010/04/23 08:53:49 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891C.manifest
[2010/04/23 08:53:49 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891S.manifest
[2010/04/23 08:53:49 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Sreekumar\Application Data\02000000b660d629891O.manifest
[2010/04/20 11:04:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/19 10:13:56 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Sreekumar\Desktop\Watchtower Library 2009 - español.lnk
[2010/04/14 21:17:34 | 000,021,842 | ---- | C] () -- C:\Documents and Settings\Sreekumar\My Documents\Resume Suhey Garza 2010.docx
[2010/04/09 18:12:37 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\Sreekumar\Desktop\WebEx Player.LNK
[2010/04/09 17:48:43 | 000,637,440 | ---- | C] () -- C:\Documents and Settings\Sreekumar\My Documents\LifeInsuranceinQualifiedPlans.ppt
[2010/04/07 18:11:34 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Sreekumar\My Documents\FAQ.doc
[2010/03/27 20:00:32 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\net_rim_plazmic_flint_dialog.dll
[2009/12/18 21:43:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\amtui.INI
[2009/12/18 19:28:41 | 000,000,806 | ---- | C] () -- C:\WINDOWS\Ics.ini
[2009/12/18 19:28:41 | 000,000,651 | ---- | C] () -- C:\WINDOWS\LEDGER.INI
[2009/10/07 10:56:11 | 000,000,615 | ---- | C] () -- C:\WINDOWS\tlknw3.ini
[2009/09/06 15:18:14 | 000,000,111 | ---- | C] () -- C:\WINDOWS\Ipg.ini
[2009/09/06 13:56:03 | 000,000,042 | ---- | C] () -- C:\WINDOWS\flexinet.ini
[2009/09/06 12:49:56 | 000,001,316 | ---- | C] () -- C:\WINDOWS\WinFlex6EXT.ini
[2009/09/06 12:37:41 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APTDB.dll
[2009/09/06 12:35:57 | 000,000,110 | ---- | C] () -- C:\WINDOWS\Utdsysap.ini
[2009/09/06 12:35:57 | 000,000,101 | ---- | C] () -- C:\WINDOWS\applink.ini
[2009/09/06 12:35:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tmp.ini
[2009/09/06 12:33:08 | 000,002,491 | ---- | C] () -- C:\WINDOWS\AIGAGUtility.ini
[2009/09/06 12:31:46 | 000,000,924 | ---- | C] () -- C:\WINDOWS\AIGAGinstalllog.ini
[2009/09/06 12:31:39 | 000,003,996 | ---- | C] () -- C:\WINDOWS\AIG.ini
[2009/08/19 21:55:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/01/03 21:36:50 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/03 21:35:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2008/09/16 14:17:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/08/20 23:11:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2008/08/13 10:34:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/07/08 20:27:53 | 000,000,094 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2008/06/28 11:50:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/06/18 19:54:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/06/11 14:20:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ODBCNFG.INI
[2008/06/10 19:15:03 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2008/05/31 18:06:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/27 21:32:59 | 000,000,600 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/23 23:28:10 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/23 23:28:06 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/23 23:28:06 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/23 23:28:04 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/23 23:28:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/23 23:28:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/05/23 22:47:50 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/05/23 08:42:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/05/23 08:32:58 | 000,000,067 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/08 01:19:00 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2007/08/10 11:08:48 | 000,024,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
< End of report >


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:54 AM

Posted 03 May 2010 - 06:00 PM

Did you remove these four folders before you ran systemlook?

C:\WINDOWS\System32\928716786
C:\WINDOWS\System32\1728792482
C:\WINDOWS\System32\67db10f5
C:\WINDOWS\System32\sl116053296

unite.jpg


#11 ltorres75

ltorres75
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 May 2010 - 06:05 PM

No. Well as per instructions I did step number one: run the Virustotal: then step 2 was to run OTL with pasted body and then afterwards.. clicked on FIX.
I don't know if this "FIX" button deleted them???

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:54 AM

Posted 03 May 2010 - 06:15 PM

They weren't in the fix so that couldn't of removed them, and they are still showing in the new OTL log. Please manually check if them four folders are still there, you will need to make sure that you can still see hidden files and folders as you did before.

unite.jpg


#13 ltorres75

ltorres75
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 03 May 2010 - 06:41 PM

I made sure all files are visible and not hidden. Ran new System look, here's log:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:39 on 03/05/2010 by Sreekumar (Administrator - Elevation successful)

No Context: C:\WINDOWS\System32\928716786

No Context: C:\WINDOWS\System32\1728792482

No Context: C:\WINDOWS\System32\67db10f5

No Context: C:\WINDOWS\System32\sl116053296

-=End Of File=-

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:54 AM

Posted 04 May 2010 - 08:07 AM

Hi,

I didn't ask for a new systemlook log, I asked you to manually go to them folders and tell me if they are there,
can you do that please.

unite.jpg


#15 ltorres75

ltorres75
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 04 May 2010 - 09:48 AM

Yes they are! Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users