laptop infected with url redirect virus

aravindk · 06-Jun-2010, 09:51 AM #1

Hello,

My laptop is infected with url redirect virus. Below is hijackthis log. Can someone pl. help?

Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:45 AM, on 6/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\SafeBoot\SbClientManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\DLP\Agent\fcags.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mfevtps.exe
C:\Program Files\AIGRAS\netcfgsvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\TNGSD\BIN\SDSERV.EXE
C:\WINNT\system32\StacSV.exe
C:\TNGSD\BIN\TRIGGAG.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\DLP\Agent\fcagswd.exe
C:\Program Files\McAfee\DLP\Agent\fcag.exe
C:\Program Files\McAfee\DLP\Agent\FCAGTE.EXE
C:\WINNT\Explorer.EXE
C:\tempfile\winfo\info.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\SxpInst\sxplog32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\WLTRAY.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\CheckPoint\Integrity Client\iclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINNT\system32\RunDLL32.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINNT\system32\mstsc.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\karavind\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.americangeneral.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Workstation Info] c:\tempfile\winfo\info.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [SafeBootTrayManager] "C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AIGRAS\NetSP.exe" -show
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - .DEFAULT User Startup: RunFilesatStartup.lnk = C:\Tempfile\RunFilesAtStartup.exe (User 'Default user')
O4 - Global Startup: AT&T Global Network Client Monitor.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Update_Policy.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.americangeneral.com
O15 - Trusted Zone: http://138.12.4.*
O15 - Trusted Zone: http://172.21.234.68
O15 - Trusted Zone: http://172.21.234.84
O15 - Trusted Zone: http://207.24.42.*
O15 - Trusted Zone: http://clients.afd-inc.com
O15 - Trusted Zone: *.agfg.com
O15 - Trusted Zone: domino.aig.com
O15 - Trusted Zone: dominodev.aig.com
O15 - Trusted Zone: dominotest.aig.com
O15 - Trusted Zone: http://epcghome.aig.com
O15 - Trusted Zone: http://eups.aig.com
O15 - Trusted Zone: http://eupsmodl.aig.com
O15 - Trusted Zone: http://legalaudit.aig.com
O15 - Trusted Zone: http://livdsapps8.aig.com
O15 - Trusted Zone: http://livdsweb2.aig.com
O15 - Trusted Zone: *.aig.com
O15 - Trusted Zone: *.aig.net
O15 - Trusted Zone: *.aigag.com
O15 - Trusted Zone: *.aigcorpebus.com
O15 - Trusted Zone: *.aiginvestments.com
O15 - Trusted Zone: *.aiginvestments.net
O15 - Trusted Zone: *.aigretirementgold.com
O15 - Trusted Zone: *.aigrs.net
O15 - Trusted Zone: *.aigvalic.com
O15 - Trusted Zone: *.aigwc.com
O15 - Trusted Zone: *.aiuholdings.com
O15 - Trusted Zone: *.chartisinsurance.com
O15 - Trusted Zone: http://www.intellirisknetsource.com
O15 - Trusted IP range: http://172.21.234.84
O15 - Trusted IP range: http://172.21.234.68
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://whiteglove.on.intercall.com/...CWMInstall.cab
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://na.connect.aig.com/llclient/...102+AXXPEE.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1236666346865
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://na.connect.aig.com/dana-cach...erSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://na.connect.aig.com/dana-cach...etupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = r1-core.r1.aig.net
O17 - HKLM\Software\..\Telephony: DomainName = r1-core.r1.aig.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: FCAGWL - fcagwl.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee DLP Agent Service (McAfeeDLPAgentService) - McAfee Inc. - C:\Program Files\McAfee\DLP\Agent\fcags.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\Program Files\AIGRAS\netcfgsvr.exe
O23 - Service: Neevia docuPrinter helper service (NVDPservice) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PictureTaker - LANovation - C:\WINNT\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SafeBoot Client Manager (SafeBootClientManager) - SafeBoot International - C:\Program Files\SafeBoot\SbClientManager.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\TNGSD\BIN\SDSERV.EXE
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINNT\system32\StacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15500 bytes

Rorschach112 · 06-Jun-2010, 10:05 AM #2

Download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log

aravindk · 06-Jun-2010, 10:10 AM #3

Here it is:

10:10:02:468 4228 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
10:10:02:468 4228 =========================================================================== =====
10:10:02:468 4228 SystemInfo:

10:10:02:468 4228 OS Version: 5.1.2600 ServicePack: 2.0
10:10:02:468 4228 Product type: Workstation
10:10:02:468 4228 ComputerName: 1WPW1F1-SEC
10:10:02:468 4228 UserName: KAravind
10:10:02:468 4228 Windows directory: C:\WINNT
10:10:02:468 4228 Processor architecture: Intel x86
10:10:02:468 4228 Number of processors: 2
10:10:02:468 4228 Page size: 0x1000
10:10:02:468 4228 Boot type: Normal boot
10:10:02:468 4228 =========================================================================== =====
10:10:02:781 4228 Initialize success
10:10:02:781 4228
10:10:02:781 4228 Scanning Services ...
10:10:03:359 4228 Raw services enum returned 400 services
10:10:03:375 4228
10:10:03:375 4228 Scanning Drivers ...
10:10:03:890 4228
10:10:03:890 4228 Completed
10:10:03:890 4228
10:10:03:890 4228 Results:
10:10:03:890 4228 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:10:03:890 4228 File objects infected / cured / cured on reboot: 0 / 0 / 0
10:10:03:890 4228
10:10:03:906 4228 KLMD(ARK) unloaded successfully

Rorschach112 · 06-Jun-2010, 12:52 PM #4

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

aravindk · 06-Jun-2010, 10:40 PM #5

Done. Here is the log:

ComboFix 10-06-06.01 - KAravind 06/06/2010 19:34:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1087 [GMT -4:00]
Running from: c:\documents and settings\karavind\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Integrity Agent Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\karavind\GoToAssistDownloadHelper.exe
c:\program files\INSTALL.LOG
c:\winnt\system32\aquaCommServer3.dll
c:\winnt\system32\drivers\etc\lmhosts
c:\winnt\system32\st325602.dll

----- BITS: Possible infected sites -----

hxxp://10.175.32.57
.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-04 02:53 . 2010-06-04 02:53 -------- d-----w- c:\program files\Common Files\xing shared
2010-06-04 02:52 . 2010-06-04 02:53 -------- d-----w- c:\program files\Real
2010-06-04 02:52 . 2010-06-04 02:54 -------- d-----w- c:\program files\Common Files\Real
2010-06-03 00:56 . 2010-06-03 00:56 -------- d-----w- c:\program files\RealVNC
2010-05-26 00:36 . 2010-05-26 00:36 -------- d-----w- c:\documents and settings\karavind\Local Settings\Application Data\Citrix
2010-05-23 11:38 . 2010-05-23 11:38 -------- d-----w- c:\documents and settings\karavind\Application Data\Verizon Wireless
2010-05-23 11:38 . 2010-05-23 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WEngineLite
2010-05-23 11:38 . 2010-05-23 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-05-23 11:38 . 2010-05-23 11:38 -------- d-----w- c:\program files\Verizon Wireless
2010-05-23 11:36 . 2010-05-23 11:36 -------- d-----w- c:\documents and settings\karavind\Application Data\InstallShield
2010-05-21 01:37 . 2010-05-21 01:37 -------- d-----w- c:\documents and settings\karavind\McAfee DLP Quarantined Files
2010-05-20 01:22 . 2009-09-02 22:02 48488 ----a-w- c:\winnt\system32\drivers\mfesmfk.sys
2010-05-20 01:21 . 2010-05-20 01:21 -------- d-----w- c:\winnt\system32\config\systemprofile\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 00:41 . 2010-03-31 02:15 256 ----a-w- c:\winnt\system32\pool.bin
2010-06-06 11:49 . 2010-03-20 14:30 -------- d-----w- c:\documents and settings\karavind\Application Data\Skype
2010-06-04 10:14 . 2009-11-15 13:08 17190356 ----a-w- c:\winnt\Internet Logs\tvDebug.zip
2010-06-04 02:54 . 2010-06-04 02:54 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-04 02:54 . 2010-06-04 02:54 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-04 02:54 . 2010-06-04 02:54 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-04 02:54 . 2010-06-04 02:54 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrows errecordext.dll
2010-06-04 02:54 . 2010-06-04 02:54 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-04 02:54 . 2010-06-04 02:54 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.d ll
2010-06-04 02:54 . 2010-06-04 02:54 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordh elper.dll
2010-06-04 02:54 . 2010-06-04 02:54 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim. dll
2010-06-04 02:54 . 2010-06-04 02:54 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-03 10:35 . 2010-03-14 13:33 -------- d-----w- c:\documents and settings\karavind\Application Data\vlc
2010-06-02 10:45 . 2010-04-06 23:44 -------- d-----w- c:\program files\WinMerge
2010-05-31 21:27 . 2010-05-31 21:27 666112 ----a-w- c:\documents and settings\karavind\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...220-0-main.dll
2010-05-31 21:26 . 2010-05-31 21:26 319488 ----a-w- c:\documents and settings\karavind\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2010-05-29 22:49 . 2010-05-30 07:13 1925120 ----a-w- c:\winnt\Internet Logs\xDB9.tmp
2010-05-28 22:26 . 2009-11-14 00:14 -------- d-----w- c:\documents and settings\karavind\Application Data\FileZilla
2010-05-23 11:29 . 2010-04-24 01:19 256 ----a-w- c:\documents and settings\karavind\pool.bin
2010-05-22 13:50 . 2010-05-22 20:08 1867264 ----a-w- c:\winnt\Internet Logs\xDB8.tmp
2010-05-22 10:26 . 2010-05-22 10:26 503808 ----a-w- c:\documents and settings\karavind\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4db867a1-n\msvcp71.dll
2010-05-22 10:26 . 2010-05-22 10:26 348160 ----a-w- c:\documents and settings\karavind\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4db867a1-n\msvcr71.dll
2010-05-22 10:26 . 2010-05-22 10:26 499712 ----a-w- c:\documents and settings\karavind\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4db867a1-n\jmc.dll
2010-05-20 17:37 . 2010-05-20 23:03 1888256 ----a-w- c:\winnt\Internet Logs\xDB7.tmp
2010-05-20 01:19 . 2010-05-20 01:19 2723264 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\DATALOSS2000\Install\0409\vcredist_x86.exe
2010-05-20 01:19 . 2009-11-12 01:43 443336 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\DATALOSS2000\Install\0409\DLPAgentInstall.exe
2010-04-24 01:36 . 2010-04-24 01:36 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-24 01:25 . 2010-04-24 01:25 -------- d-----w- c:\documents and settings\karavind\Application Data\SanDisk
2010-04-14 20:08 . 2010-04-14 20:08 239992 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\SUPERDAT1000\SuperDAT\0000\Setup.exe
2010-04-10 17:51 . 2010-04-10 18:54 1738240 ----a-w- c:\winnt\Internet Logs\xDB6.tmp
2010-04-09 02:12 . 2010-04-09 10:52 1733120 ----a-w- c:\winnt\Internet Logs\xDB5.tmp
2010-03-20 14:42 . 2010-03-20 14:42 56 ---ha-w- c:\winnt\system32\ezsidmv.dat
2010-03-16 01:34 . 2010-01-16 22:46 38344 ----a-w- c:\winnt\system32\drivers\CO_Mon.sys
2010-03-16 01:34 . 2010-01-16 22:45 36939 ----a-w- c:\documents and settings\karavind\Application Data\Juniper Networks\Setup\uninstall.exe
2010-03-10 08:02 . 1980-01-01 00:00 417792 ----a-w- c:\winnt\system32\vbscript.dll
2009-09-01 01:07 . 2010-02-19 07:51 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\program files\AIGRAS\NetSP.exe" [2007-06-27 42264]
"Google Update"="c:\documents and settings\karavind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-11 135664]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Workstation Info"="c:\tempfile\winfo\info.exe" [2006-03-22 126121]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]
"Sxplog"="c:\sxpinst\sxpstub.exe" [2003-10-29 20480]
"Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2004-08-04 143360]
"Broadcom Wireless Manager UI"="c:\winnt\system32\WLTRAY.exe" [2007-03-16 1392640]
"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2009-06-23 141336]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2009-06-23 173592]
"Persistence"="c:\winnt\system32\igfxpers.exe" [2009-06-23 142360]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-05 20531]
"SafeBootTrayManager"="c:\program files\SafeBoot Tray Manager\SbTrayManager.exe" [2008-06-02 69632]
"Zone Labs Client"="c:\program files\CheckPoint\Integrity Client\iclient.exe" [2007-04-13 784144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-09-25 75008]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-09-25 316672]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-09-01 124240]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"VF0070 STISvc"="V0070Pin.dll" [2004-11-16 36864]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-04 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Global Network Client Monitor.lnk - c:\winnt\Installer\{2B324B71-A7F9-477F-9693-E8974DDA1EC6}\NetGM_1B536450052A4C0BA1B8FC31F1D473F7.exe [2009-11-11 69632]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2009-2-9 831488]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-3-14 5517312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FCAGWL]
2010-01-14 17:50 308544 ----a-w- c:\winnt\system32\fcagwl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfee DlpAgentService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfee EngineService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

R0 SafeBoot;SafeBoot;c:\winnt\system32\drivers\SafeBoot.sys [11/20/2008 12:08 PM 103424]
R0 SBAlg;SBAlg;c:\winnt\system32\drivers\SbAlg.sys [8/13/2008 2:51 PM 44976]
R0 SbFsLock;SbFsLock;c:\winnt\system32\drivers\SbFsLock.sys [9/12/2008 5:11 AM 13152]
R1 fcdrv1;fcdrv1;c:\winnt\system32\drivers\fcdrv1.sys [1/14/2010 1:50 PM 67016]
R1 fcdrv5;fcdrv5;c:\winnt\system32\drivers\fcdrv5.sys [1/14/2010 1:50 PM 95176]
R1 RsvLock;RsvLock;c:\winnt\system32\drivers\RsvLock.sys [9/12/2008 5:11 AM 33264]
R1 SbFlop;SbFlop;c:\winnt\system32\drivers\SbFlop.sys [9/12/2008 5:11 AM 34416]
R1 SbPrcCtl;SbPrcCtl;c:\winnt\system32\drivers\SbPrcCtl.sys [9/12/2008 5:12 AM 15184]
R2 McAfeeDLPAgentService;McAfee DLP Agent Service;c:\program files\McAfee\DLP\Agent\fcags.exe [1/14/2010 1:50 PM 4224320]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [8/31/2009 9:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\winnt\system32\mfevtps.exe [2/19/2010 3:51 AM 70728]
R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\SafeBoot\SbClientManager.exe [11/17/2008 6:53 AM 372796]
R2 SDService;Unicenter Software Delivery;c:\tngsd\BIN\SDServ.exe [11/19/2003 11:29 AM 32768]
R3 fcdrv2;fcdrv2;c:\winnt\system32\drivers\fcdrv2.sys [1/14/2010 1:50 PM 114632]
R3 fcdrv3;fcdrv3;c:\winnt\system32\drivers\fcdrv3.sys [1/14/2010 1:50 PM 96072]
R3 fcdrv4;fcdrv4;c:\winnt\system32\drivers\fcdrv4.sys [11/11/2009 9:43 PM 22856]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [2/19/2010 3:51 AM 65448]
S3 NVDPservice;Neevia docuPrinter helper service;c:\program files\neevia.com\docuPrinterLT\neeviaDP6.lib [11/11/2009 11:50 AM 2372448]
S3 vsinstdv;vsinstdv;\??\c:\docume~1\karavind\LOCALS~1\Temp\{3A218A30-0AEC-4805-A352-CE30D520EAF5}\vsinstdv.sys --> c:\docume~1\karavind\LOCALS~1\Temp\{3A218A30-0AEC-4805-A352-CE30D520EAF5}\vsinstdv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD23
*NewlyCreated* - NVDPSERVICE
*Deregistered* - klmd23
*Deregistered* - mfesmfk01
.
Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054Core.job
- c:\documents and settings\karavind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-11 23:15]

2010-06-06 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054UA.job
- c:\documents and settings\karavind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-11 23:15]

2010-06-06 c:\winnt\Tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-04 c:\winnt\Tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aigtoday.aig.com/
mStart Page = hxxp://aigtoday.aig.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: bmnet.dll
Trusted Zone: 12.4.*\138
Trusted Zone: 21.234.68\172
Trusted Zone: 21.234.84\172
Trusted Zone: 24.42.*\207
Trusted Zone: afd-inc.com\clients
Trusted Zone: agfg.com
Trusted Zone: aig.com
Trusted Zone: aig.com\aiuclaims
Trusted Zone: aig.com\domino
Trusted Zone: aig.com\dominodev
Trusted Zone: aig.com\dominotest
Trusted Zone: aig.com\epcghome
Trusted Zone: aig.com\eups
Trusted Zone: aig.com\eupsmodl
Trusted Zone: aig.com\intellirisknetsourceebs
Trusted Zone: aig.com\legalaudit
Trusted Zone: aig.com\livdsapps8
Trusted Zone: aig.com\livdsweb2
Trusted Zone: aig.net
Trusted Zone: aigag.com
Trusted Zone: aigcorpebus.com
Trusted Zone: aiginvestments.com
Trusted Zone: aiginvestments.net
Trusted Zone: aigretirementgold.com
Trusted Zone: aigrs.net
Trusted Zone: aigvalic.com
Trusted Zone: aigwc.com
Trusted Zone: aiuholdings.com
Trusted Zone: attwireless.com\www
Trusted Zone: attws.com\www
Trusted Zone: chartisinsurance.com
Trusted Zone: eprocurelink.com\www1
Trusted Zone: fleet.com\demo-webconnect
Trusted Zone: fleet.com\webconnect
Trusted Zone: intellirisknetsource.com\www
Trusted Zone: salesforce.com
Trusted Zone: stapleslink.com\bci
Trusted Zone: yourensync.com\mccoy
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} - hxxps://whiteglove.on.intercall.com/confmgr/installs/ICWMInstall.cab
DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://na.connect.aig.com/llclient/Neoteris/winxp/,DanaInfo=10.249.14.102+AXXPEE.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://na.connect.aig.com/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim. dll
FF - plugin: c:\documents and settings\karavind\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SDJobCheck - triggusr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NVDPservice]
"ImagePath"="c:\program files\neevia.com\docuPrinterLT\neeviaDP6.lib"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-825750147-1553096506-3895987836-9054\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1776)
c:\winnt\system32\NetGina.dll
c:\program files\AIGRAS\NetClient.dll
c:\winnt\system32\fcagwl.dll
c:\winnt\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1832)
c:\winnt\system32\SbNp.dll
c:\winnt\system32\bmnet.dll
.
Completion time: 2010-06-06 22:23:55
ComboFix-quarantined-files.txt 2010-06-07 02:23

Pre-Run: 55,248,314,368 bytes free
Post-Run: 55,479,218,176 bytes free

- - End Of File - - F813ECDA4AE39C0C090345B5CD921E05

Rorschach112 · 07-Jun-2010, 07:52 AM #6

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
CREATERESTOREPOINT
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

aravindk · 08-Jun-2010, 07:15 AM #7

Extras.txt:

Code:

OTL Extras logfile created on: 6/8/2010 6:37:38 AM - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Documents and Settings\karavind\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 51.61 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: 1WPW1F1-SEC
Current User Name: KAravind
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}" = SnagIt 8
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{106FB85A-9567-42FC-85CC-E4DA450F4C7B}" = Sprint SmartView
"{14630437-9D8B-4CE9-BBB1-66CE69391E48}" = Clean Disk
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2B324B71-A7F9-477F-9693-E8974DDA1EC6}" = AIG Remote Access Managed VPN Premium Edition
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3A218A30-0AEC-4805-A352-CE30D520EAF5}" = Integrity Agent
"{3F50ED93-A7C7-44E3-AC70-AEDDF9C81C21}" = Exigen Workflow Web DMS Viewer
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{595F83A1-EF0B-42EB-B386-8344A5BA759F}" = WinZip 9.0 SR1
"{5D6EC6F7-9B38-4a02-B063-97C2048B56A2}" = 7200_Help
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{829AC692-C6F1-4FC2-849B-F7DD74C1E3E2}" = McAfee DLP Agent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{94F9723E-900A-43C5-8F4E-AD2D2ED09273}" = Microsoft Visio Viewer 2002
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7391302-FADF-4314-80DC-C757DAE45178}" = 7200
"{A7CA6CC5-465B-41F8-96B5-F66BDF4482C7}" = VZAccess Manager
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC966B90-53CA-4710-8EEE-57ED25387872}" = 7200Trb
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2B2B63-58AB-48F3-AAD5-7E93AFE4268B}" = Quest Software Toad for MySQL Freeware 4.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3EC6A3A-2322-49A5-9E29-6C213876EEE2}" = DRC
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E37E645E-4A0C-4D9E-B30A-7B19E797E743}" = BlackBerry USB Drivers
"{F4071D69-E3F4-4538-8FE2-8FDE7CE0272B}" = Shockwave and Flash Player
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CANONBJ_Deinstall_CNMCP56.DLL" = Canon i860
"CA-SD" = CA Unicenter Software Delivery
"Chartis" = Chartis Screen Saver
"ClientAccessExpress" = IBM iSeries Access for Windows
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative VF0070" = Creative WebCam Notebook Ultra Driver (1.00.05.0127)
"FileZilla Client" = FileZilla Client 3.3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.7
"IrfanView" = IrfanView (remove only)
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neevia docuPrinter LT_is1" = docuPrinter LT v6.0
"PHP Editor_is1" = PHP Editor 2.22
"PX: {07ADBCA7-90D2-4FC7-90DD-1734C98D81FA}" = Turn Off Microsoft Customer Survey
"PX: {106DF6B4-6B96-4361-A630-0771F4CE3FB1}" = DocuPrint LT
"PX: {D1A9C4DF-0EB9-4A6F-8106-2EB72278C38C}" = Java Heap Setting 256MB
"PX: {F98169E6-8BD2-4BEA-AB70-56E0D06A70BF}" = DDAU
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"ST6UNST #1" = AquaNotes 3.5
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Confidence Online EE" = Confidence Online(tm) for Web Applications
"Google Chrome" = Google Chrome
"Juniper_Networks_Cache_Cleaner 6.1.0" = Juniper Networks Cache Cleaner 6.1.0
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/7/2010 6:59:46 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (A socket operation was attempted to an unreachable host. ). Group Policy
 processing aborted. 
 
Error - 6/7/2010 6:06:46 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (A socket operation was attempted to an unreachable host. ). Group Policy
 processing aborted. 
 
Error - 6/7/2010 6:06:52 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (A socket operation was attempted to an unreachable host. ). Group Policy
 processing aborted. 
 
Error - 6/7/2010 6:06:55 PM | Computer Name = 1WPW1F1-SEC | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 6/7/2010 6:07:04 PM | Computer Name = 1WPW1F1-SEC | Source = Google Update | ID = 20
Description = 
 
Error - 6/7/2010 8:45:09 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (A socket operation was attempted to an unreachable host. ). Group Policy
 processing aborted. 
 
Error - 6/7/2010 8:45:22 PM | Computer Name = 1WPW1F1-SEC | Source = Google Update | ID = 20
Description = 
 
Error - 6/8/2010 5:40:05 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (A socket operation was attempted to an unreachable host. ). Group Policy
 processing aborted. 
 
Error - 6/8/2010 5:40:06 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (A socket operation was attempted to an unreachable host. ). Group Policy
 processing aborted. 
 
Error - 6/8/2010 5:40:09 AM | Computer Name = 1WPW1F1-SEC | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
[ System Events ]
Error - 6/7/2010 10:30:57 PM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 120 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 6/7/2010 10:41:10 PM | Computer Name = 1WPW1F1-SEC | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain R1-CORE due to the following:
   %%1311.    Make sure that the computer is connected to the network and try  again. If
 the problem persists, please contact your domain administrator.
 
Error - 6/8/2010 5:40:06 AM | Computer Name = 1WPW1F1-SEC | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain R1-CORE due to the following:
   %%1311.    Make sure that the computer is connected to the network and try  again. If
 the problem persists, please contact your domain administrator.
 
Error - 6/8/2010 5:40:12 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 6/8/2010 5:40:18 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 6/8/2010 5:40:22 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 6/8/2010 5:55:25 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 29 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 6/8/2010 6:25:25 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 59 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 6/8/2010 6:40:37 AM | Computer Name = 1WPW1F1-SEC | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
   %%126
 
Error - 6/8/2010 6:41:06 AM | Computer Name = 1WPW1F1-SEC | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
 with DCOM within the required timeout.
 
 
< End of report >

OTL.TXT:

Code:

OTL logfile created on: 6/8/2010 6:37:38 AM - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Documents and Settings\karavind\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 51.61 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: 1WPW1F1-SEC
Current User Name: KAravind
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/06/08 06:35:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\karavind\My Documents\Downloads\OTL.exe
PRC - [2010/06/03 22:52:58 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/03/10 22:32:08 | 001,819,992 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
PRC - [2010/03/10 17:32:34 | 001,598,808 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2010/01/27 11:34:24 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
PRC - [2010/01/14 13:50:44 | 003,913,024 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagte.exe
PRC - [2010/01/14 13:50:08 | 004,224,320 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcags.exe
PRC - [2010/01/14 13:49:42 | 000,263,488 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagswd.exe
PRC - [2010/01/14 13:49:28 | 008,422,720 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcag.exe
PRC - [2010/01/10 00:13:20 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/09/25 10:04:34 | 000,316,672 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/09/22 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/22 17:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINNT\system32\mfevtps.exe
PRC - [2009/08/31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/08/31 21:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/08/31 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/08/31 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/08/31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/02/09 01:48:39 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/11/17 06:53:47 | 000,372,796 | ---- | M] (SafeBoot International) -- C:\Program Files\SafeBoot\SbClientManager.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/02 10:18:24 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2008/02/22 16:29:24 | 002,572,288 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/02/22 11:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/22 21:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/09 11:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/10/29 15:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/04 19:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/08/23 12:55:06 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2007/06/27 13:49:52 | 000,472,344 | ---- | M] (AT&T) -- C:\Program Files\AIGRAS\netcfgsvr.exe
PRC - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINNT\system32\stacsv.exe
PRC - [2007/05/10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/04/13 20:08:14 | 001,849,096 | ---- | M] (Zone Labs, LLC) -- C:\WINNT\system32\ZoneLabs\vsmon.exe
PRC - [2007/04/13 19:48:40 | 000,784,144 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\CheckPoint\Integrity Client\iclient.exe
PRC - [2006/10/18 21:46:20 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2006/03/22 09:20:14 | 000,126,121 | ---- | M] () -- C:\TEMPFILE\WINFO\info.exe
PRC - [2006/03/14 09:01:00 | 005,517,312 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
PRC - [2006/03/14 09:01:00 | 000,026,112 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/11/19 11:29:28 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) -- C:\TNGSD\BIN\SDServ.exe
PRC - [2003/11/15 12:12:42 | 000,077,824 | ---- | M] (Computer Associates International, Inc.) -- C:\TNGSD\BIN\TRIGGAG.exe
PRC - [2003/10/28 20:15:04 | 000,241,664 | ---- | M] (Computer Associates International, Inc.) -- C:\SxpInst\sxplog32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/06/08 06:35:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\karavind\My Documents\Downloads\OTL.exe
MOD - [2009/06/12 18:13:04 | 000,130,048 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\igfxdo.dll
MOD - [2006/08/25 10:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 03:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/01/14 13:50:08 | 004,224,320 | ---- | M] (McAfee Inc.) [Unknown | Running] -- C:\Program Files\McAfee\DLP\Agent\fcags.exe -- (McAfeeDLPAgentService)
SRV - [2009/11/11 11:34:28 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINNT\system32\PCTKRNT.SYS -- (PictureTaker)
SRV - [2009/09/25 10:04:34 | 000,120,064 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINNT\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/08/31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/08/31 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/08/31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/02/09 01:48:39 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/17 06:53:47 | 000,372,796 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\SafeBoot\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/07 16:48:20 | 002,372,448 | ---- | M] (Neevia Technology) [On_Demand | Stopped] -- C:\Program Files\neevia.com\docuPrinterLT\neeviaDP6.lib -- (NVDPservice)
SRV - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/06/27 13:49:52 | 000,472,344 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AIGRAS\netcfgsvr.exe -- (netcfgsvr)
SRV - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINNT\system32\stacsv.exe -- (STacSV)
SRV - [2007/04/13 20:08:14 | 001,849,096 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINNT\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/11/19 11:29:28 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\TNGSD\BIN\SDSERV.EXE -- (SDService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/03/15 21:34:48 | 000,038,344 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2010/01/14 13:49:54 | 000,095,176 | ---- | M] (McAfee Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\fcdrv5.sys -- (fcdrv5)
DRV - [2010/01/14 13:49:52 | 000,022,856 | ---- | M] (McAfee Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv4.sys -- (fcdrv4)
DRV - [2010/01/14 13:49:50 | 000,096,072 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv3.sys -- (fcdrv3)
DRV - [2010/01/14 13:49:48 | 000,114,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv2.sys -- (fcdrv2)
DRV - [2010/01/14 13:49:48 | 000,067,016 | ---- | M] (McAfee Inc.) [File_System | System | Running] -- C:\WINNT\system32\drivers\fcdrv1.sys -- (fcdrv1)
DRV - [2009/09/25 10:04:42 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/09/25 10:04:42 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/09/25 10:04:42 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/09/25 10:04:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/09/25 10:04:36 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/09/25 10:04:36 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/09/25 10:04:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/09/02 18:02:46 | 000,048,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/02 18:01:36 | 000,343,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/08/31 21:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/08/31 21:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/08/31 21:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/08/31 21:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/08/31 21:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/12 18:52:48 | 006,278,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/20 12:08:08 | 000,103,424 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/09/12 15:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2008/09/12 05:12:25 | 000,015,184 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbPrcCtl.sys -- (SbPrcCtl)
DRV - [2008/09/12 05:11:31 | 000,013,152 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/09/12 05:11:20 | 000,033,264 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\RsvLock.sys -- (RsvLock)
DRV - [2008/09/12 05:11:07 | 000,034,416 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbFlop.sys -- (SbFlop)
DRV - [2008/08/13 14:51:42 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SbAlg.sys -- (SBAlg)
DRV - [2008/05/12 09:04:00 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/02/15 16:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/01/31 16:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/01/22 21:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/10/18 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/10/02 12:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/09/04 12:50:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2007/08/02 20:35:12 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 20:34:30 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 20:34:26 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/18 12:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/13 20:08:02 | 000,383,056 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINNT\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/03/20 16:36:06 | 000,011,264 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2007/03/16 19:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/07 18:31:50 | 000,218,368 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/14 13:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/02/18 14:24:44 | 000,196,657 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\V0070Vid.sys -- (V0070VID)
DRV - [2005/01/07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/08/12 10:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/04/29 18:19:18 | 000,019,328 | ---- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\agnwifi.sys -- (agnwifi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/03 22:54:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 22:54:33 | 000,000,000 | ---D | M]
 
[2009/11/11 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Mozilla\Extensions
[2010/06/07 00:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions
[2010/05/17 06:43:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/17 07:11:39 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2010/06/07 00:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/20 10:30:38 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/08/31 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
 
O1 HOSTS File: ([2010/06/06 22:12:19 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [SDJobCheck] C:\TNGSD\BIN\triggusr.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [Sxplog] C:\SxpInst\sxpstub.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VF0070 STISvc] C:\WINNT\System32\V0070Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [Workstation Info] c:\TEMPFILE\WINFO\info.exe ()
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\CheckPoint\Integrity Client\iclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AIGRAS\NetSP.exe (AT&T)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk = C:\WINNT\Installer\{2B324B71-A7F9-477F-9693-E8974DDA1EC6}\NetGM_1B536450052A4C0BA1B8FC31F1D473F7.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Update_Policy.lnk = C:\WINNT\System32\refresh_policy.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O15 - HKCU\..Trusted Domains: 12.4.* ([138] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 21.234.68 ([172] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 21.234.84 ([172] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 24.42.* ([207] http in Trusted sites)
O15 - HKCU\..Trusted Domains: accessaig.com ([tankguard] https in Local intranet)
O15 - HKCU\..Trusted Domains: accessaig.com ([tankguardmodl] https in Local intranet)
O15 - HKCU\..Trusted Domains: afd-inc.com ([clients] http in Trusted sites)
O15 - HKCU\..Trusted Domains: afd-inc.com ([clients] https in Trusted sites)
O15 - HKCU\..Trusted Domains: agfg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([ahr] http in Local intranet)
O15 - HKCU\..Trusted Domains: aig.com ([ahrmodel] http in Local intranet)
O15 - HKCU\..Trusted Domains: aig.com ([aiuclaims] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([domino] * in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([dominodev] * in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([dominotest] * in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([epcghome] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([eups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([eupsmodl] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([intellirisknetsourceebs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([legalaudit] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([livdsapps8] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([livdsweb2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([livpsweb8] http in Local intranet)
O15 - HKCU\..Trusted Domains: aig.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigag.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigcorpebus.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aiginvestments.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aiginvestments.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigretirementgold.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigrs.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigvalic.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigwc.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aiuholdings.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: attwireless.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: attws.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: chartisinsurance.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: chartisinsurance.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: eprocurelink.com ([www1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fleet.com ([demo-webconnect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fleet.com ([webconnect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intellirisknetsource.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intellirisknetsource.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: livpwaapps3 ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: salesforce.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: stapleslink.com ([bci] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yourensync.com ([mccoy] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} https://whiteglove.on.intercall.com/confmgr/installs/ICWMInstall.cab (ICWMInstallObj Class)
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} https://na.connect.aig.com/llclient/Neoteris/winxp/,DanaInfo=10.249.14.102+AXXPEE.dll (Confidence Online for Web Applications)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236666346865 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://na.connect.aig.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://na.connect.aig.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.5 213.109.72.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = r1-core.r1.aig.net
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NetGina.dll) - C:\WINNT\System32\NetGINA.dll (AT&T)
O20 - Winlogon\Notify\FCAGWL: DllName - fcagwl.dll - C:\WINNT\System32\fcagwl.dll (McAfee Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINNT\Chartiswall.bmp
O24 - Desktop BackupWallPaper: C:\WINNT\Chartiswall.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/08 21:30:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2009/02/08 21:30:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: McAfeeDlpAgentService - C:\Program Files\McAfee\DLP\Agent\fcags.exe (McAfee Inc.)
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McAfeeDlpAgentService - C:\Program Files\McAfee\DLP\Agent\fcags.exe (McAfee Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338225421942784)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/06/06 16:03:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 15:59:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010/06/06 15:59:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010/06/06 15:59:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010/06/06 15:59:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010/06/06 15:59:03 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/06/06 15:58:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/03 22:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/06/03 22:53:01 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINNT\System32\pncrt.dll
[2010/06/03 22:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/06/03 22:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/03 22:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/06/03 22:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Real
[2010/06/02 22:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\My Documents\New Folder
[2010/06/02 20:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2010/05/25 20:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Local Settings\Application Data\Citrix
[2010/05/23 07:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Verizon Wireless
[2010/05/23 07:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/05/23 07:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2010/05/23 07:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
[2010/05/23 07:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\InstallShield
[2010/05/20 21:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\McAfee DLP Quarantined Files
[2010/05/19 21:22:16 | 000,048,488 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\mfesmfk.sys
[2010/05/03 07:23:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\karavind\Recent
[2010/04/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/23 21:33:28 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\UMDF
[2010/04/23 21:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\SanDisk
[2010/04/10 19:43:16 | 000,000,000 | ---D | C] -- C:\found.000
[2010/04/10 18:07:19 | 000,271,696 | ---- | C] (RealVNC Ltd.) -- C:\Documents and Settings\karavind\Desktop\vnc-4_1_3-x86_win32_viewer.exe
[2010/04/09 07:00:36 | 000,000,000 | -H-D | C] -- C:\BJPrinter
[2010/04/06 19:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Scooter Software
[2010/04/06 19:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2010/04/01 15:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Local Settings\Application Data\ApplicationHistory
[2010/04/01 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\ePCGHelpRequest
[2010/03/30 22:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Research In Motion
[2010/03/30 22:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/03/30 22:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/03/30 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/03/20 10:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\skypePM
[2010/03/20 10:36:17 | 000,000,000 | ---D | C] -- C:\WebCam
[2010/03/20 10:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Skype
[2010/03/20 10:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/20 10:30:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/03/20 10:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/14 09:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\vlc
[2010/03/14 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[1996/11/18 02:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINNT\System32\IMPLODE.DLL
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010/06/08 06:46:58 | 000,000,638 | ---- | M] () -- C:\WINNT\win.ini
[2010/06/08 06:31:16 | 000,000,990 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054UA.job
[2010/06/06 22:34:59 | 000,525,770 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/06/06 22:34:59 | 000,444,596 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/06/06 22:34:59 | 000,072,306 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/06/06 22:33:51 | 000,000,256 | ---- | M] () -- C:\WINNT\System32\pool.bin
[2010/06/06 22:32:36 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk
[2010/06/06 22:31:29 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
[2010/06/06 22:31:22 | 000,005,209 | ---- | M] () -- C:\WINNT\System32\vsconfig.xml
[2010/06/06 22:30:42 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/06/06 22:30:40 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/06/06 22:28:51 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\karavind\ntuser.dat
[2010/06/06 22:28:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\karavind\ntuser.ini
[2010/06/06 22:27:50 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\fish tank temperature.xls
[2010/06/06 22:13:29 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/06/06 22:12:49 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\karavind\My Documents\Default.rdp
[2010/06/06 22:12:19 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/06/06 16:03:48 | 000,000,277 | RHS- | M] () -- C:\boot.ini
[2010/06/06 15:56:57 | 003,703,394 | R--- | M] () -- C:\Documents and Settings\karavind\Desktop\ComboFix.exe
[2010/06/06 00:05:46 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/06/06 00:03:01 | 004,271,986 | -H-- | M] () -- C:\Documents and Settings\karavind\Local Settings\Application Data\IconCache.db
[2010/06/05 07:31:01 | 000,000,938 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054Core.job
[2010/06/04 06:16:22 | 000,005,209 | ---- | M] () -- C:\WINNT\System32\vsconfig.bak
[2010/06/03 22:58:23 | 000,000,292 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
[2010/06/03 22:53:01 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINNT\System32\pncrt.dll
[2010/06/02 11:20:17 | 000,000,207 | ---- | M] () -- C:\Boot.bak
[2010/05/30 01:01:22 | 377,913,344 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_02_1.VOB
[2010/05/30 00:16:56 | 539,262,976 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_1.VOB
[2010/05/29 23:00:28 | 250,937,344 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_2.VOB
[2010/05/27 19:32:37 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Google Chrome.lnk
[2010/05/27 07:25:58 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\karavind\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 19:36:41 | 000,401,408 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Worksheet in Chartis_Homeowners_Renewal_Phase1_Scoring_Reports_APR2010.xls
[2010/05/23 07:38:22 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/05/23 07:29:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\karavind\pool.bin
[2010/05/13 17:27:17 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/05/13 17:15:27 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\karavind\ntuser.pol
[2010/05/12 11:32:12 | 000,781,312 | ---- | M] () -- C:\POC_Teradata 2.0.ppt
[2010/05/12 07:05:46 | 001,643,520 | ---- | M] () -- C:\POC_Teradata.ppt
[2010/05/12 06:40:01 | 000,000,000 | ---- | M] () -- C:\teradata.ppt
[2010/05/09 21:39:11 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\fish tank parameters.xls
[2010/05/05 21:21:41 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Microsoft Office Access 2003.lnk
[2010/05/04 20:50:02 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\db3.mdb
[2010/05/04 20:42:46 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\db2.mdb
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINNT\PEV.exe
[2010/04/26 07:02:21 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/04/23 21:50:23 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Windows Media Player.lnk
[2010/04/23 21:49:50 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/23 21:46:15 | 000,023,392 | ---- | M] () -- C:\WINNT\System32\nscompat.tlb
[2010/04/23 21:46:15 | 000,016,832 | ---- | M] () -- C:\WINNT\System32\amcompat.tlb
[2010/04/23 21:34:49 | 000,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx
[2010/04/23 21:33:35 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/22 21:29:27 | 000,017,478 | ---- | M] () -- C:\WINNT\System32\SiteList.xml
[2010/04/22 10:13:27 | 000,075,322 | ---- | M] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
[2010/04/15 21:31:56 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/10 18:07:20 | 000,271,696 | ---- | M] (RealVNC Ltd.) -- C:\Documents and Settings\karavind\Desktop\vnc-4_1_3-x86_win32_viewer.exe
[2010/04/05 18:31:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Menu.doc
[2010/03/30 22:31:22 | 000,003,712 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\cognos_mobile.jad
[2010/03/30 22:00:52 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/03/30 22:00:52 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/28 11:40:37 | 000,637,440 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\reports.xls
[2010/03/20 10:42:10 | 000,000,056 | -H-- | M] () -- C:\WINNT\System32\ezsidmv.dat
[2010/03/20 10:30:18 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/15 21:34:48 | 000,038,344 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\CO_Mon.sys
[2010/03/14 09:30:16 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/03/10 22:32:03 | 000,377,078 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Clipboard09.bmp
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/06/06 16:03:48 | 000,000,207 | ---- | C] () -- C:\Boot.bak
[2010/06/06 16:03:44 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/06 15:59:24 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/06/06 15:59:21 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/06/06 15:59:21 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/06/06 15:59:21 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/06/06 15:59:21 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/06/06 15:56:52 | 003,703,394 | R--- | C] () -- C:\Documents and Settings\karavind\Desktop\ComboFix.exe
[2010/06/04 20:53:49 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\fish tank temperature.xls
[2010/06/03 22:54:26 | 000,000,284 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
[2010/06/03 22:54:25 | 000,000,292 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
[2010/06/02 22:33:46 | 377,913,344 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_02_1.VOB
[2010/06/02 22:31:32 | 539,262,976 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_1.VOB
[2010/06/02 22:30:23 | 250,937,344 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_2.VOB
[2010/06/02 11:20:17 | 000,000,207 | ---- | C] () -- C:\boot.ini.org
[2010/05/23 19:36:39 | 000,401,408 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Worksheet in Chartis_Homeowners_Renewal_Phase1_Scoring_Reports_APR2010.xls
[2010/05/23 07:38:22 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/05/12 07:06:46 | 000,781,312 | ---- | C] () -- C:\POC_Teradata 2.0.ppt
[2010/05/12 07:05:37 | 001,643,520 | ---- | C] () -- C:\POC_Teradata.ppt
[2010/05/12 06:40:00 | 000,000,000 | ---- | C] () -- C:\teradata.ppt
[2010/05/04 20:45:51 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\db3.mdb
[2010/05/04 20:42:11 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\db2.mdb
[2010/04/23 21:49:50 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/23 21:33:35 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/23 21:19:46 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\karavind\pool.bin
[2010/04/22 10:13:25 | 000,075,322 | ---- | C] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
[2010/04/16 07:03:46 | 000,017,478 | ---- | C] () -- C:\WINNT\System32\SiteList.xml
[2010/04/09 07:00:42 | 000,006,656 | ---- | C] () -- C:\WINNT\System32\CNMVS56.DLL
[2010/04/05 18:31:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Menu.doc
[2010/03/30 22:31:49 | 000,003,712 | ---- | C] () -- C:\Documents and Settings\karavind\Desktop\cognos_mobile.jad
[2010/03/30 22:15:09 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\pool.bin
[2010/03/30 22:00:51 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/03/30 22:00:51 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/28 11:40:36 | 000,637,440 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\reports.xls
[2010/03/20 10:42:10 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
[2010/03/20 10:36:18 | 000,005,225 | ---- | C] () -- C:\WINNT\VF0070.uns
[2010/03/20 10:30:18 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/14 09:30:16 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/03/10 22:32:03 | 000,377,078 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Clipboard09.bmp
[2010/03/04 17:29:32 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\jcom.dll
[2010/02/15 22:11:35 | 000,000,120 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2010/02/02 23:23:59 | 000,000,000 | ---- | C] () -- C:\WINNT\tosOBEX.INI
[2010/01/14 13:50:50 | 000,096,072 | ---- | C] () -- C:\WINNT\System32\drivers\fcdrv3.sys
[2010/01/14 13:50:48 | 000,114,632 | ---- | C] () -- C:\WINNT\System32\drivers\fcdrv2.sys
[2009/11/28 20:48:16 | 000,000,147 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2009/11/28 20:48:15 | 000,003,399 | R--- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2009/11/16 07:55:06 | 000,000,605 | ---- | C] () -- C:\WINNT\hpntwksetup.ini
[2009/11/11 14:13:52 | 000,172,032 | ---- | C] () -- C:\WINNT\System32\cwbrw.dll
[2009/11/11 14:13:52 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\cwbsv.dll
[2009/11/11 14:13:52 | 000,020,529 | ---- | C] () -- C:\WINNT\System32\cwbwiz.dll
[2009/11/11 14:13:52 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbsy.dll
[2009/11/11 14:13:52 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbnl.dll
[2009/11/11 14:13:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\cwbnldlg.dll
[2009/11/11 14:13:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\cwbad.dll
[2009/11/11 14:13:51 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbco.dll
[2009/11/11 14:08:02 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\preflib.dll
[2009/11/11 14:08:00 | 000,757,760 | ---- | C] () -- C:\WINNT\System32\bcm1xsup.dll
[2009/11/11 11:50:42 | 000,041,456 | ---- | C] () -- C:\WINNT\System32\NWIPXSPX.DLL
[2009/11/11 11:50:10 | 000,073,216 | ---- | C] () -- C:\WINNT\System32\neeviaprtntwt.dll
[2009/11/11 11:49:56 | 000,000,250 | ---- | C] () -- C:\WINNT\Exigen.INI
[2009/09/25 10:04:42 | 000,026,888 | ---- | C] () -- C:\WINNT\System32\drivers\swmsflt.sys
[2009/03/16 18:05:04 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2009/03/10 00:37:30 | 000,000,152 | ---- | C] () -- C:\WINNT\wwwbatch.ini
[2009/03/02 21:43:58 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4926.dll
[2009/03/02 21:43:58 | 000,104,636 | ---- | C] () -- C:\WINNT\System32\igmedcompkrn.dll
[2009/03/02 21:43:57 | 001,843,784 | ---- | C] () -- C:\WINNT\System32\igklg400.dll
[2009/03/02 21:43:57 | 001,399,880 | ---- | C] () -- C:\WINNT\System32\igklg450.dll
[2009/02/09 02:26:27 | 000,000,280 | ---- | C] () -- C:\WINNT\System32\epoPGPsdk.dll.sig
[2009/02/09 01:10:59 | 000,000,505 | ---- | C] () -- C:\WINNT\ODBC.INI
[2009/02/08 23:39:59 | 000,000,415 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2008/11/20 12:08:08 | 000,103,424 | ---- | C] () -- C:\WINNT\System32\drivers\SafeBoot.sys
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\TosBtAcc.dll
[2007/04/13 19:48:56 | 000,796,336 | ---- | C] () -- C:\WINNT\System32\libeay32_0.9.6l.dll
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\TosCommAPI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[1999/06/15 12:41:02 | 000,027,136 | ---- | C] () -- C:\WINNT\System32\drcmhook.dll
 
========== LOP Check ==========
 
[2009/11/11 14:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2010/03/15 21:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/11/11 11:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2009/02/09 01:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
[2009/12/18 10:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2010/03/30 22:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/11/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Safeboot CSIP
[2009/11/11 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2010/02/06 13:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simese
[2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009/11/11 11:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/23 07:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2009/12/25 23:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Bytemobile
[2010/05/28 18:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\FileZilla
[2010/03/15 21:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Juniper Networks
[2009/03/12 02:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\OfficeUpdate12
[2009/12/18 10:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Quest Software
[2010/03/30 22:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Research In Motion
[2010/04/23 21:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\SanDisk
[2010/04/06 19:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Scooter Software
[2009/12/25 23:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Sprint
[2010/01/16 18:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\WholeSecurity
[2009/02/09 01:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010/03/04 17:07:35 | 000,206,088 | ---- | M] () -- C:\AcroRdUpdt93.log
[2010/03/24 09:20:50 | 000,196,224 | ---- | M] () -- C:\AcroUpS931.log
[2009/02/08 21:30:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/02 11:20:17 | 000,000,207 | ---- | M] () -- C:\Boot.bak
[2010/06/06 16:03:48 | 000,000,277 | RHS- | M] () -- C:\boot.ini
[2009/11/11 08:58:54 | 000,000,207 | ---- | M] () -- C:\boot.ini.org
[2009/02/02 05:07:26 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.PRV
[2009/02/02 05:17:56 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.TXT
[2009/02/02 05:19:00 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/06 22:23:59 | 000,020,615 | ---- | M] () -- C:\ComboFix.txt
[1999/04/23 18:22:00 | 000,093,890 | -HS- | M] () -- C:\COMMAND.COM
[2009/02/08 21:30:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/28 16:42:57 | 000,000,000 | ---- | M] () -- C:\Data Warehouse Architecture - Proposed.ppt
[2009/11/11 11:54:57 | 000,005,784 | ---- | M] () -- C:\Developer.log
[2009/02/25 16:10:34 | 000,001,390 | ---- | M] () -- C:\docuPrinter.log
[2010/03/04 17:30:40 | 000,005,298 | ---- | M] () -- C:\Exigen.log
[2009/11/11 12:54:00 | 000,000,616 | ---- | M] () -- C:\GPoff.log
[2009/11/11 12:54:02 | 000,000,616 | ---- | M] () -- C:\GPon.log
[2010/04/22 10:13:27 | 000,075,322 | ---- | M] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
[1999/04/23 18:22:00 | 000,222,390 | RHS- | M] () -- C:\IO.SYS
[2009/11/11 12:54:20 | 000,006,603 | ---- | M] () -- C:\LAPTOP.tag
[1999/04/23 18:22:00 | 000,000,009 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/11 11:45:30 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2009/11/11 11:45:30 | 000,022,729 | ---- | M] () -- C:\newkey
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 03:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/06 22:30:36 | 2136,887,296 | -HS- | M] () -- C:\pagefile.sys
[2010/05/12 11:32:12 | 000,781,312 | ---- | M] () -- C:\POC_Teradata 2.0.ppt
[2010/05/12 07:05:46 | 001,643,520 | ---- | M] () -- C:\POC_Teradata.ppt
[2009/12/03 17:24:42 | 000,020,705 | ---- | M] () -- C:\POLICY_SCORE_100909 (5).pdf
[2010/02/27 11:33:50 | 000,478,676 | ---- | M] () -- C:\pp.zip
[2010/03/03 08:42:30 | 000,000,000 | ---- | M] () -- C:\Presentation1.ppt
[2003/04/18 19:06:14 | 000,079,872 | ---- | M] (Microsoft) -- C:\ROBOCOPY.EXE
[2009/11/11 15:01:49 | 021,102,592 | RHS- | M] () -- C:\SafeBoot.fs
[2009/11/11 15:01:43 | 000,655,360 | RHS- | M] () -- C:\SafeBoot.rsv
[2009/11/11 12:54:11 | 000,000,486 | ---- | M] () -- C:\SifXinst.log
[2010/06/06 10:10:03 | 000,002,524 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_06.06.2010_10.10.02_log.txt
[2010/06/06 10:11:27 | 000,002,524 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_06.06.2010_10.11.25_log.txt
[2010/05/12 06:40:01 | 000,000,000 | ---- | M] () -- C:\teradata.ppt
[2009/11/11 12:54:20 | 000,000,118 | ---- | M] () -- C:\wmerror.log
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/26 02:05:05 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtmsft.dll
[2010/02/26 02:05:05 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtrans.dll
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
 
< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/11/20 12:08:08 | 000,103,424 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\system32\drivers\SafeBoot.sys
 
< %systemroot%\System32\config\*.sav  >
[2009/02/08 16:22:02 | 000,094,208 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2009/02/08 16:22:02 | 000,659,456 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2009/02/08 16:22:02 | 000,929,792 | ---- | M] () -- C:\WINNT\system32\config\system.sav
 
< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINNT\system32\user32.dll
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINNT\system32\ws2_32.dll
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
 
< %PROGRAMFILES%\*. >
[2009/11/11 14:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/11 16:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\AIGRAS
[2009/12/12 23:32:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/11/14 09:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\AquaNotes
[2009/11/11 11:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\AR System
[2009/11/11 11:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2009/11/11 14:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2010/06/06 21:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/02/08 21:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/11/11 09:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/11/11 14:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/04/01 15:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\ePCGHelpRequest
[2010/03/04 17:30:05 | 000,000,000 | ---D | M] -- C:\Program Files\Exigen
[2009/11/13 20:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/11/28 20:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/11/28 20:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/11/11 14:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\IBM
[2010/02/15 22:13:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/04/16 06:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/18 18:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/03/04 17:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/11 21:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/02/09 01:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/15 22:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/10 00:27:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/08 21:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/12/29 08:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/11 21:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/02/09 01:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/01/18 20:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/15 22:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/04/16 06:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/05 08:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/12/18 09:45:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/29 08:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\msn gaming zone
[2009/02/09 01:51:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/02/09 01:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/12/29 21:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\MySQL
[2009/11/11 11:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\neevia.com
[2009/02/08 21:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2009/02/08 21:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/11/11 13:17:57 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/12/18 12:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\PHP Editor
[2009/12/18 10:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Quest Software
[2010/02/15 22:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2009/12/12 23:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/06/03 22:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/06/02 20:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\RealVNC
[2009/12/18 09:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/30 22:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2009/11/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\SafeBoot
[2009/11/11 14:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\SafeBoot Tray Manager
[2009/11/11 13:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\Screen Manager
[2009/12/25 23:46:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless
[2010/03/05 10:03:11 | 000,000,000 | ---D | M] -- C:\Program Files\SIFXINST
[2009/11/11 09:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2010/02/06 13:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Simese
[2010/03/20 10:30:37 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint
[2009/11/11 11:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2010/02/02 20:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2009/02/08 21:35:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/05/23 07:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2010/03/14 09:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/11/11 11:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\VViewer
[2010/04/23 21:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/04/23 21:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/02/08 21:29:39 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/06/02 06:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\WinMerge
[2009/12/26 08:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/11/11 11:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/18 11:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Rorschach112 · 08-Jun-2010, 10:30 AM #8

post the logs normally

aravindk · 08-Jun-2010, 10:34 AM #9

OTL Extras logfile created on: 6/8/2010 6:37:38 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\karavind\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 51.61 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1WPW1F1-SEC
Current User Name: KAravind
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}" = SnagIt 8
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{106FB85A-9567-42FC-85CC-E4DA450F4C7B}" = Sprint SmartView
"{14630437-9D8B-4CE9-BBB1-66CE69391E48}" = Clean Disk
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2B324B71-A7F9-477F-9693-E8974DDA1EC6}" = AIG Remote Access Managed VPN Premium Edition
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3A218A30-0AEC-4805-A352-CE30D520EAF5}" = Integrity Agent
"{3F50ED93-A7C7-44E3-AC70-AEDDF9C81C21}" = Exigen Workflow Web DMS Viewer
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{595F83A1-EF0B-42EB-B386-8344A5BA759F}" = WinZip 9.0 SR1
"{5D6EC6F7-9B38-4a02-B063-97C2048B56A2}" = 7200_Help
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{829AC692-C6F1-4FC2-849B-F7DD74C1E3E2}" = McAfee DLP Agent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{94F9723E-900A-43C5-8F4E-AD2D2ED09273}" = Microsoft Visio Viewer 2002
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7391302-FADF-4314-80DC-C757DAE45178}" = 7200
"{A7CA6CC5-465B-41F8-96B5-F66BDF4482C7}" = VZAccess Manager
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC966B90-53CA-4710-8EEE-57ED25387872}" = 7200Trb
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2B2B63-58AB-48F3-AAD5-7E93AFE4268B}" = Quest Software Toad for MySQL Freeware 4.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3EC6A3A-2322-49A5-9E29-6C213876EEE2}" = DRC
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
"{E37E645E-4A0C-4D9E-B30A-7B19E797E743}" = BlackBerry USB Drivers
"{F4071D69-E3F4-4538-8FE2-8FDE7CE0272B}" = Shockwave and Flash Player
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CANONBJ_Deinstall_CNMCP56.DLL" = Canon i860
"CA-SD" = CA Unicenter Software Delivery
"Chartis" = Chartis Screen Saver
"ClientAccessExpress" = IBM iSeries Access for Windows
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative VF0070" = Creative WebCam Notebook Ultra Driver (1.00.05.0127)
"FileZilla Client" = FileZilla Client 3.3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo & Imaging" = HP Image Zone 4.7
"IrfanView" = IrfanView (remove only)
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neevia docuPrinter LT_is1" = docuPrinter LT v6.0
"PHP Editor_is1" = PHP Editor 2.22
"PX: {07ADBCA7-90D2-4FC7-90DD-1734C98D81FA}" = Turn Off Microsoft Customer Survey
"PX: {106DF6B4-6B96-4361-A630-0771F4CE3FB1}" = DocuPrint LT
"PX: {D1A9C4DF-0EB9-4A6F-8106-2EB72278C38C}" = Java Heap Setting 256MB
"PX: {F98169E6-8BD2-4BEA-AB70-56E0D06A70BF}" = DDAU
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"ST6UNST #1" = AquaNotes 3.5
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Confidence Online EE" = Confidence Online(tm) for Web Applications
"Google Chrome" = Google Chrome
"Juniper_Networks_Cache_Cleaner 6.1.0" = Juniper Networks Cache Cleaner 6.1.0
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2010 6:59:46 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 6/7/2010 6:06:46 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 6/7/2010 6:06:52 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 6/7/2010 6:06:55 PM | Computer Name = 1WPW1F1-SEC | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/7/2010 6:07:04 PM | Computer Name = 1WPW1F1-SEC | Source = Google Update | ID = 20
Description =

Error - 6/7/2010 8:45:09 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 6/7/2010 8:45:22 PM | Computer Name = 1WPW1F1-SEC | Source = Google Update | ID = 20
Description =

Error - 6/8/2010 5:40:05 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 6/8/2010 5:40:06 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 6/8/2010 5:40:09 AM | Computer Name = 1WPW1F1-SEC | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 6/7/2010 10:30:57 PM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 120 minutes. NtpClient has no source of accurate
time.

Error - 6/7/2010 10:41:10 PM | Computer Name = 1WPW1F1-SEC | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain R1-CORE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/8/2010 5:40:06 AM | Computer Name = 1WPW1F1-SEC | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain R1-CORE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/8/2010 5:40:12 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/8/2010 5:40:18 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/8/2010 5:40:22 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/8/2010 5:55:25 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 6/8/2010 6:25:25 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 6/8/2010 6:40:37 AM | Computer Name = 1WPW1F1-SEC | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 6/8/2010 6:41:06 AM | Computer Name = 1WPW1F1-SEC | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

< End of report >

aravindk · 08-Jun-2010, 11:05 AM **#10**

OTL logfile created on: 6/8/2010 6:37:38 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\karavind\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 51.61 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1WPW1F1-SEC
Current User Name: KAravind
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/08 06:35:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\karavind\My Documents\Downloads\OTL.exe
PRC - [2010/06/03 22:52:58 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/03/10 22:32:08 | 001,819,992 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
PRC - [2010/03/10 17:32:34 | 001,598,808 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2010/01/27 11:34:24 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
PRC - [2010/01/14 13:50:44 | 003,913,024 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagte.exe
PRC - [2010/01/14 13:50:08 | 004,224,320 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcags.exe
PRC - [2010/01/14 13:49:42 | 000,263,488 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagswd.exe
PRC - [2010/01/14 13:49:28 | 008,422,720 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcag.exe
PRC - [2010/01/10 00:13:20 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/09/25 10:04:34 | 000,316,672 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/09/22 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/22 17:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINNT\system32\mfevtps.exe
PRC - [2009/08/31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2009/08/31 21:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/08/31 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/08/31 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/08/31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2009/02/09 01:48:39 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/11/17 06:53:47 | 000,372,796 | ---- | M] (SafeBoot International) -- C:\Program Files\SafeBoot\SbClientManager.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/02 10:18:24 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2008/02/22 16:29:24 | 002,572,288 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2008/02/22 11:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/22 21:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/09 11:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/10/29 15:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/04 19:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/08/23 12:55:06 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2007/06/27 13:49:52 | 000,472,344 | ---- | M] (AT&T) -- C:\Program Files\AIGRAS\netcfgsvr.exe
PRC - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINNT\system32\stacsv.exe
PRC - [2007/05/10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/04/13 20:08:14 | 001,849,096 | ---- | M] (Zone Labs, LLC) -- C:\WINNT\system32\ZoneLabs\vsmon.exe
PRC - [2007/04/13 19:48:40 | 000,784,144 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\CheckPoint\Integrity Client\iclient.exe
PRC - [2006/10/18 21:46:20 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2006/03/22 09:20:14 | 000,126,121 | ---- | M] () -- C:\TEMPFILE\WINFO\info.exe
PRC - [2006/03/14 09:01:00 | 005,517,312 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
PRC - [2006/03/14 09:01:00 | 000,026,112 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/11/19 11:29:28 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) -- C:\TNGSD\BIN\SDServ.exe
PRC - [2003/11/15 12:12:42 | 000,077,824 | ---- | M] (Computer Associates International, Inc.) -- C:\TNGSD\BIN\TRIGGAG.exe
PRC - [2003/10/28 20:15:04 | 000,241,664 | ---- | M] (Computer Associates International, Inc.) -- C:\SxpInst\sxplog32.exe

========== Modules (SafeList) ==========

MOD - [2010/06/08 06:35:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\karavind\My Documents\Downloads\OTL.exe
MOD - [2009/06/12 18:13:04 | 000,130,048 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\igfxdo.dll
MOD - [2006/08/25 10:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 03:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/01/14 13:50:08 | 004,224,320 | ---- | M] (McAfee Inc.) [Unknown | Running] -- C:\Program Files\McAfee\DLP\Agent\fcags.exe -- (McAfeeDLPAgentService)
SRV - [2009/11/11 11:34:28 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINNT\system32\PCTKRNT.SYS -- (PictureTaker)
SRV - [2009/09/25 10:04:34 | 000,120,064 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINNT\system32\mfevtps.exe -- (mfevtp)
SRV - [2009/08/31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2009/08/31 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2009/08/31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2009/02/09 01:48:39 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/17 06:53:47 | 000,372,796 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\SafeBoot\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/07 16:48:20 | 002,372,448 | ---- | M] (Neevia Technology) [On_Demand | Stopped] -- C:\Program Files\neevia.com\docuPrinterLT\neeviaDP6.lib -- (NVDPservice)
SRV - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/06/27 13:49:52 | 000,472,344 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AIGRAS\netcfgsvr.exe -- (netcfgsvr)
SRV - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINNT\system32\stacsv.exe -- (STacSV)
SRV - [2007/04/13 20:08:14 | 001,849,096 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINNT\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/11/19 11:29:28 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\TNGSD\BIN\SDSERV.EXE -- (SDService)

========== Driver Services (SafeList) ==========

DRV - [2010/03/15 21:34:48 | 000,038,344 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2010/01/14 13:49:54 | 000,095,176 | ---- | M] (McAfee Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\fcdrv5.sys -- (fcdrv5)
DRV - [2010/01/14 13:49:52 | 000,022,856 | ---- | M] (McAfee Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv4.sys -- (fcdrv4)
DRV - [2010/01/14 13:49:50 | 000,096,072 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv3.sys -- (fcdrv3)
DRV - [2010/01/14 13:49:48 | 000,114,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv2.sys -- (fcdrv2)
DRV - [2010/01/14 13:49:48 | 000,067,016 | ---- | M] (McAfee Inc.) [File_System | System | Running] -- C:\WINNT\system32\drivers\fcdrv1.sys -- (fcdrv1)
DRV - [2009/09/25 10:04:42 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/09/25 10:04:42 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/09/25 10:04:42 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/09/25 10:04:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/09/25 10:04:36 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2009/09/25 10:04:36 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
DRV - [2009/09/25 10:04:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/09/02 18:02:46 | 000,048,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/02 18:01:36 | 000,343,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/08/31 21:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/08/31 21:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/08/31 21:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/08/31 21:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/08/31 21:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/12 18:52:48 | 006,278,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/11/20 12:08:08 | 000,103,424 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/09/12 15:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2008/09/12 05:12:25 | 000,015,184 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbPrcCtl.sys -- (SbPrcCtl)
DRV - [2008/09/12 05:11:31 | 000,013,152 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/09/12 05:11:20 | 000,033,264 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\RsvLock.sys -- (RsvLock)
DRV - [2008/09/12 05:11:07 | 000,034,416 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbFlop.sys -- (SbFlop)
DRV - [2008/08/13 14:51:42 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SbAlg.sys -- (SBAlg)
DRV - [2008/05/12 09:04:00 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/02/15 16:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/01/31 16:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/01/22 21:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/10/18 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/10/02 12:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/09/04 12:50:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2007/08/02 20:35:12 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 20:34:30 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 20:34:26 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/18 12:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/13 20:08:02 | 000,383,056 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINNT\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/03/20 16:36:06 | 000,011,264 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2007/03/16 19:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/03/07 18:31:50 | 000,218,368 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/14 13:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/02/18 14:24:44 | 000,196,657 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\V0070Vid.sys -- (V0070VID)
DRV - [2005/01/07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/08/12 10:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/04/29 18:19:18 | 000,019,328 | ---- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\agnwifi.sys -- (agnwifi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/03 22:54:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 22:54:33 | 000,000,000 | ---D | M]

[2009/11/11 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Mozilla\Extensions
[2010/06/07 00:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions
[2010/05/17 06:43:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/17 07:11:39 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2010/06/07 00:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/20 10:30:38 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/08/31 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

O1 HOSTS File: ([2010/06/06 22:12:19 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [SDJobCheck] C:\TNGSD\BIN\triggusr.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [Sxplog] C:\SxpInst\sxpstub.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VF0070 STISvc] C:\WINNT\System32\V0070Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [Workstation Info] c:\TEMPFILE\WINFO\info.exe ()
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\CheckPoint\Integrity Client\iclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AIGRAS\NetSP.exe (AT&T)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk = C:\WINNT\Installer\{2B324B71-A7F9-477F-9693-E8974DDA1EC6}\NetGM_1B536450052A4C0BA1B8FC31F1D473F7.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Update_Policy.lnk = C:\WINNT\System32\refresh_policy.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: 12.4.* ([138] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 21.234.68 ([172] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 21.234.84 ([172] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 24.42.* ([207] http in Trusted sites)
O15 - HKCU\..Trusted Domains: accessaig.com ([tankguard] https in Local intranet)
O15 - HKCU\..Trusted Domains: accessaig.com ([tankguardmodl] https in Local intranet)
O15 - HKCU\..Trusted Domains: afd-inc.com ([clients] http in Trusted sites)
O15 - HKCU\..Trusted Domains: afd-inc.com ([clients] https in Trusted sites)
O15 - HKCU\..Trusted Domains: agfg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([ahr] http in Local intranet)
O15 - HKCU\..Trusted Domains: aig.com ([ahrmodel] http in Local intranet)
O15 - HKCU\..Trusted Domains: aig.com ([aiuclaims] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([domino] * in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([dominodev] * in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([dominotest] * in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([epcghome] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([eups] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([eupsmodl] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([intellirisknetsourceebs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([legalaudit] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([livdsapps8] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([livdsweb2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aig.com ([livpsweb8] http in Local intranet)
O15 - HKCU\..Trusted Domains: aig.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigag.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigcorpebus.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aiginvestments.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aiginvestments.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigretirementgold.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigrs.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigvalic.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aigwc.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aiuholdings.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: attwireless.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: attws.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: chartisinsurance.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: chartisinsurance.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: eprocurelink.com ([www1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fleet.com ([demo-webconnect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fleet.com ([webconnect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intellirisknetsource.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intellirisknetsource.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: livpwaapps3 ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: salesforce.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: stapleslink.com ([bci] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yourensync.com ([mccoy] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} https://whiteglove.on.intercall.com/...CWMInstall.cab (ICWMInstallObj Class)
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} https://na.connect.aig.com/llclient/...102+AXXPEE.dll (Confidence Online for Web Applications)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1236666346865 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://na.connect.aig.com/dana-cach...erSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://na.connect.aig.com/dana-cach...etupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.5 213.109.72.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = r1-core.r1.aig.net
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NetGina.dll) - C:\WINNT\System32\NetGINA.dll (AT&T)
O20 - Winlogon\Notify\FCAGWL: DllName - fcagwl.dll - C:\WINNT\System32\fcagwl.dll (McAfee Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINNT\Chartiswall.bmp
O24 - Desktop BackupWallPaper: C:\WINNT\Chartiswall.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/08 21:30:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2009/02/08 21:30:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: McAfeeDlpAgentService - C:\Program Files\McAfee\DLP\Agent\fcags.exe (McAfee Inc.)
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McAfeeDlpAgentService - C:\Program Files\McAfee\DLP\Agent\fcags.exe (McAfee Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338225421942784)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/06 16:03:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/06 15:59:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010/06/06 15:59:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010/06/06 15:59:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010/06/06 15:59:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010/06/06 15:59:03 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/06/06 15:58:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/03 22:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/06/03 22:53:01 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINNT\System32\pncrt.dll
[2010/06/03 22:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/06/03 22:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/06/03 22:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/06/03 22:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Real
[2010/06/02 22:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\My Documents\New Folder
[2010/06/02 20:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2010/05/25 20:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Local Settings\Application Data\Citrix
[2010/05/23 07:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Verizon Wireless
[2010/05/23 07:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/05/23 07:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2010/05/23 07:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
[2010/05/23 07:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\InstallShield
[2010/05/20 21:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\McAfee DLP Quarantined Files
[2010/05/19 21:22:16 | 000,048,488 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\mfesmfk.sys
[2010/05/03 07:23:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\karavind\Recent
[2010/04/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/23 21:33:28 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\UMDF
[2010/04/23 21:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\SanDisk
[2010/04/10 19:43:16 | 000,000,000 | ---D | C] -- C:\found.000
[2010/04/10 18:07:19 | 000,271,696 | ---- | C] (RealVNC Ltd.) -- C:\Documents and Settings\karavind\Desktop\vnc-4_1_3-x86_win32_viewer.exe
[2010/04/09 07:00:36 | 000,000,000 | -H-D | C] -- C:\BJPrinter
[2010/04/06 19:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Scooter Software
[2010/04/06 19:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2010/04/01 15:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Local Settings\Application Data\ApplicationHistory
[2010/04/01 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\ePCGHelpRequest
[2010/03/30 22:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Research In Motion
[2010/03/30 22:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/03/30 22:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/03/30 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/03/20 10:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\skypePM
[2010/03/20 10:36:17 | 000,000,000 | ---D | C] -- C:\WebCam
[2010/03/20 10:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Skype
[2010/03/20 10:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/20 10:30:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/03/20 10:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/14 09:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\vlc
[2010/03/14 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[1996/11/18 02:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINNT\System32\IMPLODE.DLL
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/08 06:46:58 | 000,000,638 | ---- | M] () -- C:\WINNT\win.ini
[2010/06/08 06:31:16 | 000,000,990 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054UA.job
[2010/06/06 22:34:59 | 000,525,770 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/06/06 22:34:59 | 000,444,596 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/06/06 22:34:59 | 000,072,306 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/06/06 22:33:51 | 000,000,256 | ---- | M] () -- C:\WINNT\System32\pool.bin
[2010/06/06 22:32:36 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk
[2010/06/06 22:31:29 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
[2010/06/06 22:31:22 | 000,005,209 | ---- | M] () -- C:\WINNT\System32\vsconfig.xml
[2010/06/06 22:30:42 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/06/06 22:30:40 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/06/06 22:28:51 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\karavind\ntuser.dat
[2010/06/06 22:28:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\karavind\ntuser.ini
[2010/06/06 22:27:50 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\fish tank temperature.xls
[2010/06/06 22:13:29 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2010/06/06 22:12:49 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\karavind\My Documents\Default.rdp
[2010/06/06 22:12:19 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/06/06 16:03:48 | 000,000,277 | RHS- | M] () -- C:\boot.ini
[2010/06/06 15:56:57 | 003,703,394 | R--- | M] () -- C:\Documents and Settings\karavind\Desktop\ComboFix.exe
[2010/06/06 00:05:46 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/06/06 00:03:01 | 004,271,986 | -H-- | M] () -- C:\Documents and Settings\karavind\Local Settings\Application Data\IconCache.db
[2010/06/05 07:31:01 | 000,000,938 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054Core.job
[2010/06/04 06:16:22 | 000,005,209 | ---- | M] () -- C:\WINNT\System32\vsconfig.bak
[2010/06/03 22:58:23 | 000,000,292 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
[2010/06/03 22:53:01 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINNT\System32\pncrt.dll
[2010/06/02 11:20:17 | 000,000,207 | ---- | M] () -- C:\Boot.bak
[2010/05/30 01:01:22 | 377,913,344 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_02_1.VOB
[2010/05/30 00:16:56 | 539,262,976 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_1.VOB
[2010/05/29 23:00:28 | 250,937,344 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_2.VOB
[2010/05/27 19:32:37 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Google Chrome.lnk
[2010/05/27 07:25:58 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\karavind\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 19:36:41 | 000,401,408 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Worksheet in Chartis_Homeowners_Renewal_Phase1_Scoring_Reports_APR2010.xls
[2010/05/23 07:38:22 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/05/23 07:29:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\karavind\pool.bin
[2010/05/13 17:27:17 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/05/13 17:15:27 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\karavind\ntuser.pol
[2010/05/12 11:32:12 | 000,781,312 | ---- | M] () -- C:\POC_Teradata 2.0.ppt
[2010/05/12 07:05:46 | 001,643,520 | ---- | M] () -- C:\POC_Teradata.ppt
[2010/05/12 06:40:01 | 000,000,000 | ---- | M] () -- C:\teradata.ppt
[2010/05/09 21:39:11 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\fish tank parameters.xls
[2010/05/05 21:21:41 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Microsoft Office Access 2003.lnk
[2010/05/04 20:50:02 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\db3.mdb
[2010/05/04 20:42:46 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\db2.mdb
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINNT\PEV.exe
[2010/04/26 07:02:21 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/04/23 21:50:23 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Windows Media Player.lnk
[2010/04/23 21:49:50 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/23 21:46:15 | 000,023,392 | ---- | M] () -- C:\WINNT\System32\nscompat.tlb
[2010/04/23 21:46:15 | 000,016,832 | ---- | M] () -- C:\WINNT\System32\amcompat.tlb
[2010/04/23 21:34:49 | 000,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx
[2010/04/23 21:33:35 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/22 21:29:27 | 000,017,478 | ---- | M] () -- C:\WINNT\System32\SiteList.xml
[2010/04/22 10:13:27 | 000,075,322 | ---- | M] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
[2010/04/15 21:31:56 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/10 18:07:20 | 000,271,696 | ---- | M] (RealVNC Ltd.) -- C:\Documents and Settings\karavind\Desktop\vnc-4_1_3-x86_win32_viewer.exe
[2010/04/05 18:31:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Menu.doc
[2010/03/30 22:31:22 | 000,003,712 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\cognos_mobile.jad
[2010/03/30 22:00:52 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/03/30 22:00:52 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/28 11:40:37 | 000,637,440 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\reports.xls
[2010/03/20 10:42:10 | 000,000,056 | -H-- | M] () -- C:\WINNT\System32\ezsidmv.dat
[2010/03/20 10:30:18 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/15 21:34:48 | 000,038,344 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\CO_Mon.sys
[2010/03/14 09:30:16 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/03/10 22:32:03 | 000,377,078 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Clipboard09.bmp
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 16:03:48 | 000,000,207 | ---- | C] () -- C:\Boot.bak
[2010/06/06 16:03:44 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/06 15:59:24 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/06/06 15:59:21 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/06/06 15:59:21 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/06/06 15:59:21 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/06/06 15:59:21 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/06/06 15:56:52 | 003,703,394 | R--- | C] () -- C:\Documents and Settings\karavind\Desktop\ComboFix.exe
[2010/06/04 20:53:49 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\fish tank temperature.xls
[2010/06/03 22:54:26 | 000,000,284 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
[2010/06/03 22:54:25 | 000,000,292 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
[2010/06/02 22:33:46 | 377,913,344 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_02_1.VOB
[2010/06/02 22:31:32 | 539,262,976 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_1.VOB
[2010/06/02 22:30:23 | 250,937,344 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_2.VOB
[2010/06/02 11:20:17 | 000,000,207 | ---- | C] () -- C:\boot.ini.org
[2010/05/23 19:36:39 | 000,401,408 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Worksheet in Chartis_Homeowners_Renewal_Phase1_Scoring_Reports_APR2010.xls
[2010/05/23 07:38:22 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/05/12 07:06:46 | 000,781,312 | ---- | C] () -- C:\POC_Teradata 2.0.ppt
[2010/05/12 07:05:37 | 001,643,520 | ---- | C] () -- C:\POC_Teradata.ppt
[2010/05/12 06:40:00 | 000,000,000 | ---- | C] () -- C:\teradata.ppt
[2010/05/04 20:45:51 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\db3.mdb
[2010/05/04 20:42:11 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\db2.mdb
[2010/04/23 21:49:50 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/23 21:33:35 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/23 21:19:46 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\karavind\pool.bin
[2010/04/22 10:13:25 | 000,075,322 | ---- | C] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
[2010/04/16 07:03:46 | 000,017,478 | ---- | C] () -- C:\WINNT\System32\SiteList.xml
[2010/04/09 07:00:42 | 000,006,656 | ---- | C] () -- C:\WINNT\System32\CNMVS56.DLL
[2010/04/05 18:31:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Menu.doc
[2010/03/30 22:31:49 | 000,003,712 | ---- | C] () -- C:\Documents and Settings\karavind\Desktop\cognos_mobile.jad
[2010/03/30 22:15:09 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\pool.bin
[2010/03/30 22:00:51 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/03/30 22:00:51 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/28 11:40:36 | 000,637,440 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\reports.xls
[2010/03/20 10:42:10 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
[2010/03/20 10:36:18 | 000,005,225 | ---- | C] () -- C:\WINNT\VF0070.uns
[2010/03/20 10:30:18 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/14 09:30:16 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/03/10 22:32:03 | 000,377,078 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Clipboard09.bmp
[2010/03/04 17:29:32 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\jcom.dll
[2010/02/15 22:11:35 | 000,000,120 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2010/02/02 23:23:59 | 000,000,000 | ---- | C] () -- C:\WINNT\tosOBEX.INI
[2010/01/14 13:50:50 | 000,096,072 | ---- | C] () -- C:\WINNT\System32\drivers\fcdrv3.sys
[2010/01/14 13:50:48 | 000,114,632 | ---- | C] () -- C:\WINNT\System32\drivers\fcdrv2.sys
[2009/11/28 20:48:16 | 000,000,147 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2009/11/28 20:48:15 | 000,003,399 | R--- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2009/11/16 07:55:06 | 000,000,605 | ---- | C] () -- C:\WINNT\hpntwksetup.ini
[2009/11/11 14:13:52 | 000,172,032 | ---- | C] () -- C:\WINNT\System32\cwbrw.dll
[2009/11/11 14:13:52 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\cwbsv.dll
[2009/11/11 14:13:52 | 000,020,529 | ---- | C] () -- C:\WINNT\System32\cwbwiz.dll
[2009/11/11 14:13:52 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbsy.dll
[2009/11/11 14:13:52 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbnl.dll
[2009/11/11 14:13:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\cwbnldlg.dll
[2009/11/11 14:13:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\cwbad.dll
[2009/11/11 14:13:51 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbco.dll
[2009/11/11 14:08:02 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\preflib.dll
[2009/11/11 14:08:00 | 000,757,760 | ---- | C] () -- C:\WINNT\System32\bcm1xsup.dll
[2009/11/11 11:50:42 | 000,041,456 | ---- | C] () -- C:\WINNT\System32\NWIPXSPX.DLL
[2009/11/11 11:50:10 | 000,073,216 | ---- | C] () -- C:\WINNT\System32\neeviaprtntwt.dll
[2009/11/11 11:49:56 | 000,000,250 | ---- | C] () -- C:\WINNT\Exigen.INI
[2009/09/25 10:04:42 | 000,026,888 | ---- | C] () -- C:\WINNT\System32\drivers\swmsflt.sys
[2009/03/16 18:05:04 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2009/03/10 00:37:30 | 000,000,152 | ---- | C] () -- C:\WINNT\wwwbatch.ini
[2009/03/02 21:43:58 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4926.dll
[2009/03/02 21:43:58 | 000,104,636 | ---- | C] () -- C:\WINNT\System32\igmedcompkrn.dll
[2009/03/02 21:43:57 | 001,843,784 | ---- | C] () -- C:\WINNT\System32\igklg400.dll
[2009/03/02 21:43:57 | 001,399,880 | ---- | C] () -- C:\WINNT\System32\igklg450.dll
[2009/02/09 02:26:27 | 000,000,280 | ---- | C] () -- C:\WINNT\System32\epoPGPsdk.dll.sig
[2009/02/09 01:10:59 | 000,000,505 | ---- | C] () -- C:\WINNT\ODBC.INI
[2009/02/08 23:39:59 | 000,000,415 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2008/11/20 12:08:08 | 000,103,424 | ---- | C] () -- C:\WINNT\System32\drivers\SafeBoot.sys
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\TosBtAcc.dll
[2007/04/13 19:48:56 | 000,796,336 | ---- | C] () -- C:\WINNT\System32\libeay32_0.9.6l.dll
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\TosCommAPI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[1999/06/15 12:41:02 | 000,027,136 | ---- | C] () -- C:\WINNT\System32\drcmhook.dll

========== LOP Check ==========

[2009/11/11 14:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2010/03/15 21:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/11/11 11:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2009/02/09 01:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
[2009/12/18 10:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2010/03/30 22:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/11/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Safeboot CSIP
[2009/11/11 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2010/02/06 13:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simese
[2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009/11/11 11:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/23 07:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2009/12/25 23:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Bytemobile
[2010/05/28 18:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\FileZilla
[2010/03/15 21:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Juniper Networks
[2009/03/12 02:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\OfficeUpdate12
[2009/12/18 10:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Quest Software
[2010/03/30 22:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Research In Motion
[2010/04/23 21:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\SanDisk
[2010/04/06 19:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Scooter Software
[2009/12/25 23:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Sprint
[2010/01/16 18:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\WholeSecurity
[2009/02/09 01:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\WinBatch

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/03/04 17:07:35 | 000,206,088 | ---- | M] () -- C:\AcroRdUpdt93.log
[2010/03/24 09:20:50 | 000,196,224 | ---- | M] () -- C:\AcroUpS931.log
[2009/02/08 21:30:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/02 11:20:17 | 000,000,207 | ---- | M] () -- C:\Boot.bak
[2010/06/06 16:03:48 | 000,000,277 | RHS- | M] () -- C:\boot.ini
[2009/11/11 08:58:54 | 000,000,207 | ---- | M] () -- C:\boot.ini.org
[2009/02/02 05:07:26 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.PRV
[2009/02/02 05:17:56 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.TXT
[2009/02/02 05:19:00 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/06 22:23:59 | 000,020,615 | ---- | M] () -- C:\ComboFix.txt
[1999/04/23 18:22:00 | 000,093,890 | -HS- | M] () -- C:\COMMAND.COM
[2009/02/08 21:30:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/28 16:42:57 | 000,000,000 | ---- | M] () -- C:\Data Warehouse Architecture - Proposed.ppt
[2009/11/11 11:54:57 | 000,005,784 | ---- | M] () -- C:\Developer.log
[2009/02/25 16:10:34 | 000,001,390 | ---- | M] () -- C:\docuPrinter.log
[2010/03/04 17:30:40 | 000,005,298 | ---- | M] () -- C:\Exigen.log
[2009/11/11 12:54:00 | 000,000,616 | ---- | M] () -- C:\GPoff.log
[2009/11/11 12:54:02 | 000,000,616 | ---- | M] () -- C:\GPon.log
[2010/04/22 10:13:27 | 000,075,322 | ---- | M] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
[1999/04/23 18:22:00 | 000,222,390 | RHS- | M] () -- C:\IO.SYS
[2009/11/11 12:54:20 | 000,006,603 | ---- | M] () -- C:\LAPTOP.tag
[1999/04/23 18:22:00 | 000,000,009 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/11 11:45:30 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2009/11/11 11:45:30 | 000,022,729 | ---- | M] () -- C:\newkey
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 03:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/06 22:30:36 | 2136,887,296 | -HS- | M] () -- C:\pagefile.sys
[2010/05/12 11:32:12 | 000,781,312 | ---- | M] () -- C:\POC_Teradata 2.0.ppt
[2010/05/12 07:05:46 | 001,643,520 | ---- | M] () -- C:\POC_Teradata.ppt
[2009/12/03 17:24:42 | 000,020,705 | ---- | M] () -- C:\POLICY_SCORE_100909 (5).pdf
[2010/02/27 11:33:50 | 000,478,676 | ---- | M] () -- C:\pp.zip
[2010/03/03 08:42:30 | 000,000,000 | ---- | M] () -- C:\Presentation1.ppt
[2003/04/18 19:06:14 | 000,079,872 | ---- | M] (Microsoft) -- C:\ROBOCOPY.EXE
[2009/11/11 15:01:49 | 021,102,592 | RHS- | M] () -- C:\SafeBoot.fs
[2009/11/11 15:01:43 | 000,655,360 | RHS- | M] () -- C:\SafeBoot.rsv
[2009/11/11 12:54:11 | 000,000,486 | ---- | M] () -- C:\SifXinst.log
[2010/06/06 10:10:03 | 000,002,524 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_06.06.2010_10.10.02_log.txt
[2010/06/06 10:11:27 | 000,002,524 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_06.06.2010_10.11.25_log.txt
[2010/05/12 06:40:01 | 000,000,000 | ---- | M] () -- C:\teradata.ppt
[2009/11/11 12:54:20 | 000,000,118 | ---- | M] () -- C:\wmerror.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/26 02:05:05 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtmsft.dll
[2010/02/26 02:05:05 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtrans.dll
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/11/20 12:08:08 | 000,103,424 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\system32\drivers\SafeBoot.sys

< %systemroot%\System32\config\*.sav >
[2009/02/08 16:22:02 | 000,094,208 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2009/02/08 16:22:02 | 000,659,456 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2009/02/08 16:22:02 | 000,929,792 | ---- | M] () -- C:\WINNT\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINNT\system32\user32.dll
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINNT\system32\ws2_32.dll
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2009/11/11 14:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/11 16:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\AIGRAS
[2009/12/12 23:32:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/11/14 09:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\AquaNotes
[2009/11/11 11:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\AR System
[2009/11/11 11:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2009/11/11 14:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2010/06/06 21:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/02/08 21:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/11/11 09:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/11/11 14:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/04/01 15:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\ePCGHelpRequest
[2010/03/04 17:30:05 | 000,000,000 | ---D | M] -- C:\Program Files\Exigen
[2009/11/13 20:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/11/28 20:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/11/28 20:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/11/11 14:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\IBM
[2010/02/15 22:13:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/04/16 06:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/18 18:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/03/04 17:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/11 21:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/02/09 01:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/15 22:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/10 00:27:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/08 21:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/12/29 08:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/11 21:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/02/09 01:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/01/18 20:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/15 22:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/04/16 06:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/05 08:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/12/18 09:45:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/12/29 08:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\msn gaming zone
[2009/02/09 01:51:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/02/09 01:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/12/29 21:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\MySQL
[2009/11/11 11:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\neevia.com
[2009/02/08 21:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2009/02/08 21:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/11/11 13:17:57 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/12/18 12:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\PHP Editor
[2009/12/18 10:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Quest Software
[2010/02/15 22:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2009/12/12 23:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/06/03 22:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/06/02 20:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\RealVNC
[2009/12/18 09:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/30 22:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2009/11/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\SafeBoot
[2009/11/11 14:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\SafeBoot Tray Manager
[2009/11/11 13:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\Screen Manager
[2009/12/25 23:46:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless
[2010/03/05 10:03:11 | 000,000,000 | ---D | M] -- C:\Program Files\SIFXINST
[2009/11/11 09:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2010/02/06 13:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Simese
[2010/03/20 10:30:37 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint
[2009/11/11 11:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2010/02/02 20:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2009/02/08 21:35:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/05/23 07:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2010/03/14 09:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/11/11 11:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\VViewer
[2010/04/23 21:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/04/23 21:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/02/08 21:29:39 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/06/02 06:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\WinMerge
[2009/12/26 08:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/11/11 11:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/18 11:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Rorschach112 · 08-Jun-2010, 12:31 PM **#11**

Please run the MGA Diagnostic Tool and post back the report it shall produce:

Download MGADiag to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

Please download WVCheck by Artellos from one of the mirrors below;
Artellos.com (exe)
Artellos.com (zip)
After the download, run WVCheck.exe
As indicated by the prompt, This program can take a while depending on your hard drive space.
Once the program is done, copy the contents of the notepad file as a reply.

Similar Threads
Title	Thread Starter	Forum	Replies	Last Post
Help with redirect virus please !!!	Xtcmax	Virus & Other Malware Removal	0	25-Feb-2010 01:13 AM
Infected with a Google Redirect	akpa1	Virus & Other Malware Removal	0	07-Dec-2009 12:57 PM
Laptop infected with Trojan virus/worm..Please Help!	debtalvo	Virus & Other Malware Removal	0	06-Aug-2009 10:20 PM
Redirecting virus help	IanFTN	Virus & Other Malware Removal	1	12-Dec-2008 08:35 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

laptop infected with url redirect virus

Find the solution to your computer problem!

Find the solution to your
computer problem!