1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

laptop infected with url redirect virus

Discussion in 'Virus & Other Malware Removal' started by aravindk, Jun 6, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. aravindk

    aravindk Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    14
    Hello,

    My laptop is infected with url redirect virus. Below is hijackthis log. Can someone pl. help?

    Thanks


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:50:45 AM, on 6/6/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\WLTRYSVC.EXE
    C:\WINNT\System32\bcmwltry.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\SafeBoot\SbClientManager.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\DLP\Agent\fcags.exe
    C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\mfevtps.exe
    C:\Program Files\AIGRAS\netcfgsvr.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\TNGSD\BIN\SDSERV.EXE
    C:\WINNT\system32\StacSV.exe
    C:\TNGSD\BIN\TRIGGAG.EXE
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\DLP\Agent\fcagswd.exe
    C:\Program Files\McAfee\DLP\Agent\fcag.exe
    C:\Program Files\McAfee\DLP\Agent\FCAGTE.EXE
    C:\WINNT\Explorer.EXE
    C:\tempfile\winfo\info.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\SxpInst\sxplog32.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\WLTRAY.exe
    C:\WINNT\system32\igfxtray.exe
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\system32\igfxpers.exe
    C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
    C:\WINNT\system32\igfxsrvc.exe
    C:\Program Files\CheckPoint\Integrity Client\iclient.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\WINNT\system32\RunDLL32.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINNT\system32\mstsc.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\karavind\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.americangeneral.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Workstation Info] c:\tempfile\winfo\info.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
    O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [SafeBootTrayManager] "C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
    O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AIGRAS\NetSP.exe" -show
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\karavind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - .DEFAULT User Startup: RunFilesatStartup.lnk = C:\Tempfile\RunFilesAtStartup.exe (User 'Default user')
    O4 - Global Startup: AT&T Global Network Client Monitor.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O4 - Global Startup: Update_Policy.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O10 - Unknown file in Winsock LSP: bmnet.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.americangeneral.com
    O15 - Trusted Zone: http://138.12.4.*
    O15 - Trusted Zone: http://172.21.234.68
    O15 - Trusted Zone: http://172.21.234.84
    O15 - Trusted Zone: http://207.24.42.*
    O15 - Trusted Zone: http://clients.afd-inc.com
    O15 - Trusted Zone: *.agfg.com
    O15 - Trusted Zone: domino.aig.com
    O15 - Trusted Zone: dominodev.aig.com
    O15 - Trusted Zone: dominotest.aig.com
    O15 - Trusted Zone: http://epcghome.aig.com
    O15 - Trusted Zone: http://eups.aig.com
    O15 - Trusted Zone: http://eupsmodl.aig.com
    O15 - Trusted Zone: http://legalaudit.aig.com
    O15 - Trusted Zone: http://livdsapps8.aig.com
    O15 - Trusted Zone: http://livdsweb2.aig.com
    O15 - Trusted Zone: *.aig.com
    O15 - Trusted Zone: *.aig.net
    O15 - Trusted Zone: *.aigag.com
    O15 - Trusted Zone: *.aigcorpebus.com
    O15 - Trusted Zone: *.aiginvestments.com
    O15 - Trusted Zone: *.aiginvestments.net
    O15 - Trusted Zone: *.aigretirementgold.com
    O15 - Trusted Zone: *.aigrs.net
    O15 - Trusted Zone: *.aigvalic.com
    O15 - Trusted Zone: *.aigwc.com
    O15 - Trusted Zone: *.aiuholdings.com
    O15 - Trusted Zone: *.chartisinsurance.com
    O15 - Trusted Zone: http://www.intellirisknetsource.com
    O15 - Trusted IP range: http://172.21.234.84
    O15 - Trusted IP range: http://172.21.234.68
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://whiteglove.on.intercall.com/confmgr/installs/ICWMInstall.cab
    O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://na.connect.aig.com/llclient/Neoteris/winxp/,DanaInfo=10.249.14.102+AXXPEE.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236666346865
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://na.connect.aig.com/dana-cached/setup/JuniperSetupSP1.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://na.connect.aig.com/dana-cached/sc/JuniperSetupClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = r1-core.r1.aig.net
    O17 - HKLM\Software\..\Telephony: DomainName = r1-core.r1.aig.net
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: FCAGWL - fcagwl.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee DLP Agent Service (McAfeeDLPAgentService) - McAfee Inc. - C:\Program Files\McAfee\DLP\Agent\fcags.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe
    O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\Program Files\AIGRAS\netcfgsvr.exe
    O23 - Service: Neevia docuPrinter helper service (NVDPservice) - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: PictureTaker - LANovation - C:\WINNT\system32\PCTKRNT.SYS
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: SafeBoot Client Manager (SafeBootClientManager) - SafeBoot International - C:\Program Files\SafeBoot\SbClientManager.exe
    O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\TNGSD\BIN\SDSERV.EXE
    O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINNT\system32\StacSV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 15500 bytes
     
  2. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download TDSSKiller and save it to your Desktop.

    • Extract the file and run it.
    • Once completed it will create a log in your C:\ drive
    • Please post the contents of that log
     
  3. aravindk

    aravindk Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    14
    Here it is:


    10:10:02:468 4228 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
    10:10:02:468 4228 ================================================================================
    10:10:02:468 4228 SystemInfo:

    10:10:02:468 4228 OS Version: 5.1.2600 ServicePack: 2.0
    10:10:02:468 4228 Product type: Workstation
    10:10:02:468 4228 ComputerName: 1WPW1F1-SEC
    10:10:02:468 4228 UserName: KAravind
    10:10:02:468 4228 Windows directory: C:\WINNT
    10:10:02:468 4228 Processor architecture: Intel x86
    10:10:02:468 4228 Number of processors: 2
    10:10:02:468 4228 Page size: 0x1000
    10:10:02:468 4228 Boot type: Normal boot
    10:10:02:468 4228 ================================================================================
    10:10:02:781 4228 Initialize success
    10:10:02:781 4228
    10:10:02:781 4228 Scanning Services ...
    10:10:03:359 4228 Raw services enum returned 400 services
    10:10:03:375 4228
    10:10:03:375 4228 Scanning Drivers ...
    10:10:03:890 4228
    10:10:03:890 4228 Completed
    10:10:03:890 4228
    10:10:03:890 4228 Results:
    10:10:03:890 4228 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    10:10:03:890 4228 File objects infected / cured / cured on reboot: 0 / 0 / 0
    10:10:03:890 4228
    10:10:03:906 4228 KLMD(ARK) unloaded successfully
     
  4. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download ComboFix here :

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

      Click me

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
     
  5. aravindk

    aravindk Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    14
    Done. Here is the log:


    ComboFix 10-06-06.01 - KAravind 06/06/2010 19:34:09.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1087 [GMT -4:00]
    Running from: c:\documents and settings\karavind\Desktop\ComboFix.exe
    AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    FW: Integrity Agent Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\karavind\GoToAssistDownloadHelper.exe
    c:\program files\INSTALL.LOG
    c:\winnt\system32\aquaCommServer3.dll
    c:\winnt\system32\drivers\etc\lmhosts
    c:\winnt\system32\st325602.dll

    ----- BITS: Possible infected sites -----

    hxxp://10.175.32.57
    .
    ((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
    .

    2010-06-04 02:53 . 2010-06-04 02:53 -------- d-----w- c:\program files\Common Files\xing shared
    2010-06-04 02:52 . 2010-06-04 02:53 -------- d-----w- c:\program files\Real
    2010-06-04 02:52 . 2010-06-04 02:54 -------- d-----w- c:\program files\Common Files\Real
    2010-06-03 00:56 . 2010-06-03 00:56 -------- d-----w- c:\program files\RealVNC
    2010-05-26 00:36 . 2010-05-26 00:36 -------- d-----w- c:\documents and settings\karavind\Local Settings\Application Data\Citrix
    2010-05-23 11:38 . 2010-05-23 11:38 -------- d-----w- c:\documents and settings\karavind\Application Data\Verizon Wireless
    2010-05-23 11:38 . 2010-05-23 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WEngineLite
    2010-05-23 11:38 . 2010-05-23 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless
    2010-05-23 11:38 . 2010-05-23 11:38 -------- d-----w- c:\program files\Verizon Wireless
    2010-05-23 11:36 . 2010-05-23 11:36 -------- d-----w- c:\documents and settings\karavind\Application Data\InstallShield
    2010-05-21 01:37 . 2010-05-21 01:37 -------- d-----w- c:\documents and settings\karavind\McAfee DLP Quarantined Files
    2010-05-20 01:22 . 2009-09-02 22:02 48488 ----a-w- c:\winnt\system32\drivers\mfesmfk.sys
    2010-05-20 01:21 . 2010-05-20 01:21 -------- d-----w- c:\winnt\system32\config\systemprofile\Application Data\McAfee

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-07 00:41 . 2010-03-31 02:15 256 ----a-w- c:\winnt\system32\pool.bin
    2010-06-06 11:49 . 2010-03-20 14:30 -------- d-----w- c:\documents and settings\karavind\Application Data\Skype
    2010-06-04 10:14 . 2009-11-15 13:08 17190356 ----a-w- c:\winnt\Internet Logs\tvDebug.zip
    2010-06-04 02:54 . 2010-06-04 02:54 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-06-04 02:54 . 2010-06-04 02:54 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-06-04 02:54 . 2010-06-04 02:54 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-06-04 02:54 . 2010-06-04 02:54 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-06-04 02:54 . 2010-06-04 02:54 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-06-04 02:54 . 2010-06-04 02:54 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-06-04 02:54 . 2010-06-04 02:54 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-06-04 02:54 . 2010-06-04 02:54 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-06-04 02:54 . 2010-06-04 02:54 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-06-03 10:35 . 2010-03-14 13:33 -------- d-----w- c:\documents and settings\karavind\Application Data\vlc
    2010-06-02 10:45 . 2010-04-06 23:44 -------- d-----w- c:\program files\WinMerge
    2010-05-31 21:27 . 2010-05-31 21:27 666112 ----a-w- c:\documents and settings\karavind\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv306hw-1004220-0-main.dll
    2010-05-31 21:26 . 2010-05-31 21:26 319488 ----a-w- c:\documents and settings\karavind\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    2010-05-29 22:49 . 2010-05-30 07:13 1925120 ----a-w- c:\winnt\Internet Logs\xDB9.tmp
    2010-05-28 22:26 . 2009-11-14 00:14 -------- d-----w- c:\documents and settings\karavind\Application Data\FileZilla
    2010-05-23 11:29 . 2010-04-24 01:19 256 ----a-w- c:\documents and settings\karavind\pool.bin
    2010-05-22 13:50 . 2010-05-22 20:08 1867264 ----a-w- c:\winnt\Internet Logs\xDB8.tmp
    2010-05-22 10:26 . 2010-05-22 10:26 503808 ----a-w- c:\documents and settings\karavind\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4db867a1-n\msvcp71.dll
    2010-05-22 10:26 . 2010-05-22 10:26 348160 ----a-w- c:\documents and settings\karavind\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4db867a1-n\msvcr71.dll
    2010-05-22 10:26 . 2010-05-22 10:26 499712 ----a-w- c:\documents and settings\karavind\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4db867a1-n\jmc.dll
    2010-05-20 17:37 . 2010-05-20 23:03 1888256 ----a-w- c:\winnt\Internet Logs\xDB7.tmp
    2010-05-20 01:19 . 2010-05-20 01:19 2723264 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\DATALOSS2000\Install\0409\vcredist_x86.exe
    2010-05-20 01:19 . 2009-11-12 01:43 443336 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\DATALOSS2000\Install\0409\DLPAgentInstall.exe
    2010-04-24 01:36 . 2010-04-24 01:36 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-04-24 01:25 . 2010-04-24 01:25 -------- d-----w- c:\documents and settings\karavind\Application Data\SanDisk
    2010-04-14 20:08 . 2010-04-14 20:08 239992 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\SUPERDAT1000\SuperDAT\0000\Setup.exe
    2010-04-10 17:51 . 2010-04-10 18:54 1738240 ----a-w- c:\winnt\Internet Logs\xDB6.tmp
    2010-04-09 02:12 . 2010-04-09 10:52 1733120 ----a-w- c:\winnt\Internet Logs\xDB5.tmp
    2010-03-20 14:42 . 2010-03-20 14:42 56 ---ha-w- c:\winnt\system32\ezsidmv.dat
    2010-03-16 01:34 . 2010-01-16 22:46 38344 ----a-w- c:\winnt\system32\drivers\CO_Mon.sys
    2010-03-16 01:34 . 2010-01-16 22:45 36939 ----a-w- c:\documents and settings\karavind\Application Data\Juniper Networks\Setup\uninstall.exe
    2010-03-10 08:02 . 1980-01-01 00:00 417792 ----a-w- c:\winnt\system32\vbscript.dll
    2009-09-01 01:07 . 2010-02-19 07:51 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NetSP - restore settings on power failure"="c:\program files\AIGRAS\NetSP.exe" [2007-06-27 42264]
    "Google Update"="c:\documents and settings\karavind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-11 135664]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Workstation Info"="c:\tempfile\winfo\info.exe" [2006-03-22 126121]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]
    "Sxplog"="c:\sxpinst\sxpstub.exe" [2003-10-29 20480]
    "Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2004-08-04 143360]
    "Broadcom Wireless Manager UI"="c:\winnt\system32\WLTRAY.exe" [2007-03-16 1392640]
    "IgfxTray"="c:\winnt\system32\igfxtray.exe" [2009-06-23 141336]
    "HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2009-06-23 173592]
    "Persistence"="c:\winnt\system32\igfxpers.exe" [2009-06-23 142360]
    "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-05 20531]
    "SafeBootTrayManager"="c:\program files\SafeBoot Tray Manager\SbTrayManager.exe" [2008-06-02 69632]
    "Zone Labs Client"="c:\program files\CheckPoint\Integrity Client\iclient.exe" [2007-04-13 784144]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-09-25 75008]
    "RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-09-25 316672]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-09-01 124240]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-22 136512]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "VF0070 STISvc"="V0070Pin.dll" [2004-11-16 36864]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-04 202256]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    AT&T Global Network Client Monitor.lnk - c:\winnt\Installer\{2B324B71-A7F9-477F-9693-E8974DDA1EC6}\NetGM_1B536450052A4C0BA1B8FC31F1D473F7.exe [2009-11-11 69632]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2009-2-9 831488]
    SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-3-14 5517312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FCAGWL]
    2010-01-14 17:50 308544 ----a-w- c:\winnt\system32\fcagwl.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ SbNp scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeDlpAgentService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

    R0 SafeBoot;SafeBoot;c:\winnt\system32\drivers\SafeBoot.sys [11/20/2008 12:08 PM 103424]
    R0 SBAlg;SBAlg;c:\winnt\system32\drivers\SbAlg.sys [8/13/2008 2:51 PM 44976]
    R0 SbFsLock;SbFsLock;c:\winnt\system32\drivers\SbFsLock.sys [9/12/2008 5:11 AM 13152]
    R1 fcdrv1;fcdrv1;c:\winnt\system32\drivers\fcdrv1.sys [1/14/2010 1:50 PM 67016]
    R1 fcdrv5;fcdrv5;c:\winnt\system32\drivers\fcdrv5.sys [1/14/2010 1:50 PM 95176]
    R1 RsvLock;RsvLock;c:\winnt\system32\drivers\RsvLock.sys [9/12/2008 5:11 AM 33264]
    R1 SbFlop;SbFlop;c:\winnt\system32\drivers\SbFlop.sys [9/12/2008 5:11 AM 34416]
    R1 SbPrcCtl;SbPrcCtl;c:\winnt\system32\drivers\SbPrcCtl.sys [9/12/2008 5:12 AM 15184]
    R2 McAfeeDLPAgentService;McAfee DLP Agent Service;c:\program files\McAfee\DLP\Agent\fcags.exe [1/14/2010 1:50 PM 4224320]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [8/31/2009 9:07 PM 21256]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\winnt\system32\mfevtps.exe [2/19/2010 3:51 AM 70728]
    R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\SafeBoot\SbClientManager.exe [11/17/2008 6:53 AM 372796]
    R2 SDService;Unicenter Software Delivery;c:\tngsd\BIN\SDServ.exe [11/19/2003 11:29 AM 32768]
    R3 fcdrv2;fcdrv2;c:\winnt\system32\drivers\fcdrv2.sys [1/14/2010 1:50 PM 114632]
    R3 fcdrv3;fcdrv3;c:\winnt\system32\drivers\fcdrv3.sys [1/14/2010 1:50 PM 96072]
    R3 fcdrv4;fcdrv4;c:\winnt\system32\drivers\fcdrv4.sys [11/11/2009 9:43 PM 22856]
    R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
    S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [2/19/2010 3:51 AM 65448]
    S3 NVDPservice;Neevia docuPrinter helper service;c:\program files\neevia.com\docuPrinterLT\neeviaDP6.lib [11/11/2009 11:50 AM 2372448]
    S3 vsinstdv;vsinstdv;\??\c:\docume~1\karavind\LOCALS~1\Temp\{3A218A30-0AEC-4805-A352-CE30D520EAF5}\vsinstdv.sys --> c:\docume~1\karavind\LOCALS~1\Temp\{3A218A30-0AEC-4805-A352-CE30D520EAF5}\vsinstdv.sys [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMD23
    *NewlyCreated* - NVDPSERVICE
    *Deregistered* - klmd23
    *Deregistered* - mfesmfk01
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-05 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054Core.job
    - c:\documents and settings\karavind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-11 23:15]

    2010-06-06 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054UA.job
    - c:\documents and settings\karavind\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-11 23:15]

    2010-06-06 c:\winnt\Tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-04 c:\winnt\Tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://aigtoday.aig.com/
    mStart Page = hxxp://aigtoday.aig.com
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    LSP: bmnet.dll
    Trusted Zone: 12.4.*\138
    Trusted Zone: 21.234.68\172
    Trusted Zone: 21.234.84\172
    Trusted Zone: 24.42.*\207
    Trusted Zone: afd-inc.com\clients
    Trusted Zone: agfg.com
    Trusted Zone: aig.com
    Trusted Zone: aig.com\aiuclaims
    Trusted Zone: aig.com\domino
    Trusted Zone: aig.com\dominodev
    Trusted Zone: aig.com\dominotest
    Trusted Zone: aig.com\epcghome
    Trusted Zone: aig.com\eups
    Trusted Zone: aig.com\eupsmodl
    Trusted Zone: aig.com\intellirisknetsourceebs
    Trusted Zone: aig.com\legalaudit
    Trusted Zone: aig.com\livdsapps8
    Trusted Zone: aig.com\livdsweb2
    Trusted Zone: aig.net
    Trusted Zone: aigag.com
    Trusted Zone: aigcorpebus.com
    Trusted Zone: aiginvestments.com
    Trusted Zone: aiginvestments.net
    Trusted Zone: aigretirementgold.com
    Trusted Zone: aigrs.net
    Trusted Zone: aigvalic.com
    Trusted Zone: aigwc.com
    Trusted Zone: aiuholdings.com
    Trusted Zone: attwireless.com\www
    Trusted Zone: attws.com\www
    Trusted Zone: chartisinsurance.com
    Trusted Zone: eprocurelink.com\www1
    Trusted Zone: fleet.com\demo-webconnect
    Trusted Zone: fleet.com\webconnect
    Trusted Zone: intellirisknetsource.com\www
    Trusted Zone: salesforce.com
    Trusted Zone: stapleslink.com\bci
    Trusted Zone: yourensync.com\mccoy
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} - hxxps://whiteglove.on.intercall.com/confmgr/installs/ICWMInstall.cab
    DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://na.connect.aig.com/llclient/Neoteris/winxp/,DanaInfo=10.249.14.102+AXXPEE.dll
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://na.connect.aig.com/dana-cached/sc/JuniperSetupClient.cab
    FF - ProfilePath - c:\documents and settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\karavind\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKLM-Run-SDJobCheck - triggusr.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-06 22:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NVDPservice]
    "ImagePath"="c:\program files\neevia.com\docuPrinterLT\neeviaDP6.lib"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-825750147-1553096506-3895987836-9054\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1776)
    c:\winnt\system32\NetGina.dll
    c:\program files\AIGRAS\NetClient.dll
    c:\winnt\system32\fcagwl.dll
    c:\winnt\system32\igfxdev.dll

    - - - - - - - > 'lsass.exe'(1832)
    c:\winnt\system32\SbNp.dll
    c:\winnt\system32\bmnet.dll
    .
    Completion time: 2010-06-06 22:23:55
    ComboFix-quarantined-files.txt 2010-06-07 02:23

    Pre-Run: 55,248,314,368 bytes free
    Post-Run: 55,479,218,176 bytes free

    - - End Of File - - F813ECDA4AE39C0C090345B5CD921E05
     
  6. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\user32.dll /md5
      %systemroot%\system32\ws2_32.dll /md5
      CREATERESTOREPOINT
      %PROGRAMFILES%\*.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
     
  7. aravindk

    aravindk Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    14
    Extras.txt:

    Code:
    OTL Extras logfile created on: 6/8/2010 6:37:38 AM - Run 1
    OTL by OldTimer - Version 3.2.5.3     Folder = C:\Documents and Settings\karavind\My Documents\Downloads
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 51.61 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: 1WPW1F1-SEC
    Current User Name: KAravind
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan
     
    [color=#E56717]========== Extra Registry (SafeList) ==========[/color]
     
     
    [color=#E56717]========== File Associations ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
     
    [color=#E56717]========== Shell Spawning ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [color=#E56717]========== Security Center Settings ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
     
    [color=#E56717]========== Authorized Applications List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
     
     
    [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}" = SnagIt 8
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{106FB85A-9567-42FC-85CC-E4DA450F4C7B}" = Sprint SmartView
    "{14630437-9D8B-4CE9-BBB1-66CE69391E48}" = Clean Disk
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
    "{2B324B71-A7F9-477F-9693-E8974DDA1EC6}" = AIG Remote Access Managed VPN Premium Edition
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{3A218A30-0AEC-4805-A352-CE30D520EAF5}" = Integrity Agent
    "{3F50ED93-A7C7-44E3-AC70-AEDDF9C81C21}" = Exigen Workflow Web DMS Viewer
    "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{595F83A1-EF0B-42EB-B386-8344A5BA759F}" = WinZip 9.0 SR1
    "{5D6EC6F7-9B38-4a02-B063-97C2048B56A2}" = 7200_Help
    "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{829AC692-C6F1-4FC2-849B-F7DD74C1E3E2}" = McAfee DLP Agent
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
    "{94F9723E-900A-43C5-8F4E-AD2D2ED09273}" = Microsoft Visio Viewer 2002
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A7391302-FADF-4314-80DC-C757DAE45178}" = 7200
    "{A7CA6CC5-465B-41F8-96B5-F66BDF4482C7}" = VZAccess Manager
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{AC966B90-53CA-4710-8EEE-57ED25387872}" = 7200Trb
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CB2B2B63-58AB-48F3-AAD5-7E93AFE4268B}" = Quest Software Toad for MySQL Freeware 4.5
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
    "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D3EC6A3A-2322-49A5-9E29-6C213876EEE2}" = DRC
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
    "{E37E645E-4A0C-4D9E-B30A-7B19E797E743}" = BlackBerry USB Drivers
    "{F4071D69-E3F4-4538-8FE2-8FDE7CE0272B}" = Shockwave and Flash Player
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CANONBJ_Deinstall_CNMCP56.DLL" = Canon i860
    "CA-SD" = CA Unicenter Software Delivery
    "Chartis" = Chartis Screen Saver
    "ClientAccessExpress" = IBM iSeries Access for Windows
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Creative VF0070" = Creative WebCam Notebook Ultra Driver (1.00.05.0127)
    "FileZilla Client" = FileZilla Client 3.3.0
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Photo & Imaging" = HP Image Zone 4.7
    "IrfanView" = IrfanView (remove only)
    "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Neevia docuPrinter LT_is1" = docuPrinter LT v6.0
    "PHP Editor_is1" = PHP Editor 2.22
    "PX: {07ADBCA7-90D2-4FC7-90DD-1734C98D81FA}" = Turn Off Microsoft Customer Survey
    "PX: {106DF6B4-6B96-4361-A630-0771F4CE3FB1}" = DocuPrint LT
    "PX: {D1A9C4DF-0EB9-4A6F-8106-2EB72278C38C}" = Java Heap Setting 256MB
    "PX: {F98169E6-8BD2-4BEA-AB70-56E0D06A70BF}" = DDAU
    "RealPlayer 12.0" = RealPlayer
    "RealVNC_is1" = VNC Free Edition 4.1.3
    "ST6UNST #1" = AquaNotes 3.5
    "VLC media player" = VLC media player 1.0.5
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
     
    [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Confidence Online EE" = Confidence Online(tm) for Web Applications
    "Google Chrome" = Google Chrome
    "Juniper_Networks_Cache_Cleaner 6.1.0" = Juniper Networks Cache Cleaner 6.1.0
    "Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Juniper_Term_Services" = Juniper Terminal Services Client
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
     
    [color=#E56717]========== Last 10 Event Log Errors ==========[/color]
     
    [ Application Events ]
    Error - 6/7/2010 6:59:46 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
     network. (A socket operation was attempted to an unreachable host. ). Group Policy
     processing aborted. 
     
    Error - 6/7/2010 6:06:46 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
     network. (A socket operation was attempted to an unreachable host. ). Group Policy
     processing aborted. 
     
    Error - 6/7/2010 6:06:52 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
     network. (A socket operation was attempted to an unreachable host. ). Group Policy
     processing aborted. 
     
    Error - 6/7/2010 6:06:55 PM | Computer Name = 1WPW1F1-SEC | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
     the active directory (0x8007054b).  The specified domain either does not exist 
    or could not be contacted.    Enrollment will not be performed.
     
    Error - 6/7/2010 6:07:04 PM | Computer Name = 1WPW1F1-SEC | Source = Google Update | ID = 20
    Description = 
     
    Error - 6/7/2010 8:45:09 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
     network. (A socket operation was attempted to an unreachable host. ). Group Policy
     processing aborted. 
     
    Error - 6/7/2010 8:45:22 PM | Computer Name = 1WPW1F1-SEC | Source = Google Update | ID = 20
    Description = 
     
    Error - 6/8/2010 5:40:05 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
     network. (A socket operation was attempted to an unreachable host. ). Group Policy
     processing aborted. 
     
    Error - 6/8/2010 5:40:06 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
     network. (A socket operation was attempted to an unreachable host. ). Group Policy
     processing aborted. 
     
    Error - 6/8/2010 5:40:09 AM | Computer Name = 1WPW1F1-SEC | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
     the active directory (0x8007054b).  The specified domain either does not exist 
    or could not be contacted.    Enrollment will not be performed.
     
    [ System Events ]
    Error - 6/7/2010 10:30:57 PM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
     or more  time sources, however none of the sources are currently accessible.   No attempt
     to contact a source will be made for 120 minutes.  NtpClient has no source of accurate
     time. 
     
    Error - 6/7/2010 10:41:10 PM | Computer Name = 1WPW1F1-SEC | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain R1-CORE due to the following:
       %%1311.    Make sure that the computer is connected to the network and try  again. If
     the problem persists, please contact your domain administrator.
     
    Error - 6/8/2010 5:40:06 AM | Computer Name = 1WPW1F1-SEC | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain R1-CORE due to the following:
       %%1311.    Make sure that the computer is connected to the network and try  again. If
     the problem persists, please contact your domain administrator.
     
    Error - 6/8/2010 5:40:12 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
     or more  time sources, however none of the sources are currently accessible.   No attempt
     to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
     time. 
     
    Error - 6/8/2010 5:40:18 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
     or more  time sources, however none of the sources are currently accessible.   No attempt
     to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
     time. 
     
    Error - 6/8/2010 5:40:22 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
     or more  time sources, however none of the sources are currently accessible.   No attempt
     to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
     time. 
     
    Error - 6/8/2010 5:55:25 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
     or more  time sources, however none of the sources are currently accessible.   No attempt
     to contact a source will be made for 29 minutes.  NtpClient has no source of accurate
     time. 
     
    Error - 6/8/2010 6:25:25 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
     or more  time sources, however none of the sources are currently accessible.   No attempt
     to contact a source will be made for 59 minutes.  NtpClient has no source of accurate
     time. 
     
    Error - 6/8/2010 6:40:37 AM | Computer Name = 1WPW1F1-SEC | Source = Service Control Manager | ID = 7023
    Description = The Automatic Updates service terminated with the following error:
       %%126
     
    Error - 6/8/2010 6:41:06 AM | Computer Name = 1WPW1F1-SEC | Source = DCOM | ID = 10010
    Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
     with DCOM within the required timeout.
     
     
    < End of report >
    

    OTL.TXT:
    Code:
    OTL logfile created on: 6/8/2010 6:37:38 AM - Run 1
    OTL by OldTimer - Version 3.2.5.3     Folder = C:\Documents and Settings\karavind\My Documents\Downloads
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 51.61 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: 1WPW1F1-SEC
    Current User Name: KAravind
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan
     
    [color=#E56717]========== Processes (SafeList) ==========[/color]
     
    PRC - [2010/06/08 06:35:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\karavind\My Documents\Downloads\OTL.exe
    PRC - [2010/06/03 22:52:58 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2010/03/10 22:32:08 | 001,819,992 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    PRC - [2010/03/10 17:32:34 | 001,598,808 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe
    PRC - [2010/01/27 11:34:24 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
    PRC - [2010/01/14 13:50:44 | 003,913,024 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagte.exe
    PRC - [2010/01/14 13:50:08 | 004,224,320 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcags.exe
    PRC - [2010/01/14 13:49:42 | 000,263,488 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagswd.exe
    PRC - [2010/01/14 13:49:28 | 008,422,720 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcag.exe
    PRC - [2010/01/10 00:13:20 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
    PRC - [2009/09/25 10:04:34 | 000,316,672 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    PRC - [2009/09/22 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2009/09/22 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    PRC - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2009/09/22 17:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
    PRC - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINNT\system32\mfevtps.exe
    PRC - [2009/08/31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    PRC - [2009/08/31 21:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2009/08/31 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    PRC - [2009/08/31 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2009/08/31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    PRC - [2009/02/09 01:48:39 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2008/11/17 06:53:47 | 000,372,796 | ---- | M] (SafeBoot International) -- C:\Program Files\SafeBoot\SbClientManager.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/06/02 10:18:24 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
    PRC - [2008/02/22 16:29:24 | 002,572,288 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    PRC - [2008/02/22 11:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    PRC - [2008/01/22 21:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    PRC - [2008/01/09 11:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    PRC - [2007/10/29 15:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    PRC - [2007/10/04 19:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    PRC - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    PRC - [2007/08/23 12:55:06 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
    PRC - [2007/06/27 13:49:52 | 000,472,344 | ---- | M] (AT&T) -- C:\Program Files\AIGRAS\netcfgsvr.exe
    PRC - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINNT\system32\stacsv.exe
    PRC - [2007/05/10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
    PRC - [2007/04/13 20:08:14 | 001,849,096 | ---- | M] (Zone Labs, LLC) -- C:\WINNT\system32\ZoneLabs\vsmon.exe
    PRC - [2007/04/13 19:48:40 | 000,784,144 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\CheckPoint\Integrity Client\iclient.exe
    PRC - [2006/10/18 21:46:20 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
    PRC - [2006/03/22 09:20:14 | 000,126,121 | ---- | M] () -- C:\TEMPFILE\WINFO\info.exe
    PRC - [2006/03/14 09:01:00 | 005,517,312 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    PRC - [2006/03/14 09:01:00 | 000,026,112 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
    PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
    PRC - [2003/11/19 11:29:28 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) -- C:\TNGSD\BIN\SDServ.exe
    PRC - [2003/11/15 12:12:42 | 000,077,824 | ---- | M] (Computer Associates International, Inc.) -- C:\TNGSD\BIN\TRIGGAG.exe
    PRC - [2003/10/28 20:15:04 | 000,241,664 | ---- | M] (Computer Associates International, Inc.) -- C:\SxpInst\sxplog32.exe
     
     
    [color=#E56717]========== Modules (SafeList) ==========[/color]
     
    MOD - [2010/06/08 06:35:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\karavind\My Documents\Downloads\OTL.exe
    MOD - [2009/06/12 18:13:04 | 000,130,048 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\igfxdo.dll
    MOD - [2006/08/25 10:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    MOD - [2004/08/04 03:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
     
     
    [color=#E56717]========== Win32 Services (SafeList) ==========[/color]
     
    SRV - [2010/01/14 13:50:08 | 004,224,320 | ---- | M] (McAfee Inc.) [Unknown | Running] -- C:\Program Files\McAfee\DLP\Agent\fcags.exe -- (McAfeeDLPAgentService)
    SRV - [2009/11/11 11:34:28 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINNT\system32\PCTKRNT.SYS -- (PictureTaker)
    SRV - [2009/09/25 10:04:34 | 000,120,064 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
    SRV - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINNT\system32\mfevtps.exe -- (mfevtp)
    SRV - [2009/08/31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
    SRV - [2009/08/31 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
    SRV - [2009/08/31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
    SRV - [2009/02/09 01:48:39 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2008/11/17 06:53:47 | 000,372,796 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\SafeBoot\SbClientManager.exe -- (SafeBootClientManager)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/10/07 16:48:20 | 002,372,448 | ---- | M] (Neevia Technology) [On_Demand | Stopped] -- C:\Program Files\neevia.com\docuPrinterLT\neeviaDP6.lib -- (NVDPservice)
    SRV - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/06/27 13:49:52 | 000,472,344 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AIGRAS\netcfgsvr.exe -- (netcfgsvr)
    SRV - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINNT\system32\stacsv.exe -- (STacSV)
    SRV - [2007/04/13 20:08:14 | 001,849,096 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINNT\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2003/11/19 11:29:28 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\TNGSD\BIN\SDSERV.EXE -- (SDService)
     
     
    [color=#E56717]========== Driver Services (SafeList) ==========[/color]
     
    DRV - [2010/03/15 21:34:48 | 000,038,344 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CO_Mon.sys -- (CO_Mon)
    DRV - [2010/01/14 13:49:54 | 000,095,176 | ---- | M] (McAfee Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\fcdrv5.sys -- (fcdrv5)
    DRV - [2010/01/14 13:49:52 | 000,022,856 | ---- | M] (McAfee Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv4.sys -- (fcdrv4)
    DRV - [2010/01/14 13:49:50 | 000,096,072 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv3.sys -- (fcdrv3)
    DRV - [2010/01/14 13:49:48 | 000,114,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv2.sys -- (fcdrv2)
    DRV - [2010/01/14 13:49:48 | 000,067,016 | ---- | M] (McAfee Inc.) [File_System | System | Running] -- C:\WINNT\system32\drivers\fcdrv1.sys -- (fcdrv1)
    DRV - [2009/09/25 10:04:42 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2009/09/25 10:04:42 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2009/09/25 10:04:42 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tcpipBM.sys -- (tcpipBM)
    DRV - [2009/09/25 10:04:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2009/09/25 10:04:36 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV - [2009/09/25 10:04:36 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
    DRV - [2009/09/25 10:04:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2009/09/02 18:02:46 | 000,048,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/02 18:01:36 | 000,343,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/08/31 21:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/08/31 21:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2009/08/31 21:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2009/08/31 21:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2009/08/31 21:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/06/12 18:52:48 | 006,278,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
    DRV - [2008/11/20 12:08:08 | 000,103,424 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2008/09/12 15:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\iaStor.sys -- (iastor)
    DRV - [2008/09/12 05:12:25 | 000,015,184 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbPrcCtl.sys -- (SbPrcCtl)
    DRV - [2008/09/12 05:11:31 | 000,013,152 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2008/09/12 05:11:20 | 000,033,264 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\RsvLock.sys -- (RsvLock)
    DRV - [2008/09/12 05:11:07 | 000,034,416 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbFlop.sys -- (SbFlop)
    DRV - [2008/08/13 14:51:42 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SbAlg.sys -- (SBAlg)
    DRV - [2008/05/12 09:04:00 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/02/15 16:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2008/01/31 16:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2008/01/22 21:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2007/10/18 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (tosrfusb)
    DRV - [2007/10/02 12:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2007/09/04 12:50:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\csrbcxp.sys -- (CSRBC)
    DRV - [2007/08/02 20:35:12 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/08/02 20:34:30 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/08/02 20:34:26 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/06/18 12:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/04/13 20:08:02 | 000,383,056 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINNT\system32\vsdatant.sys -- (vsdatant)
    DRV - [2007/03/20 16:36:06 | 000,011,264 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\avpnnic.sys -- (avpnnic)
    DRV - [2007/03/16 19:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2007/03/07 18:31:50 | 000,218,368 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\agnfilt.sys -- (agnfilt)
    DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2006/06/14 13:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2005/02/18 14:24:44 | 000,196,657 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\V0070Vid.sys -- (V0070VID)
    DRV - [2005/01/07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2004/08/12 10:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2004/04/29 18:19:18 | 000,019,328 | ---- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\agnwifi.sys -- (agnwifi)
     
     
    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
     
     
    [color=#E56717]========== Internet Explorer ==========[/color]
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    [color=#E56717]========== FireFox ==========[/color]
     
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.4
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..network.proxy.type: 4
     
     
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/03 22:54:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 22:54:33 | 000,000,000 | ---D | M]
     
    [2009/11/11 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Mozilla\Extensions
    [2010/06/07 00:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions
    [2010/05/17 06:43:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/17 07:11:39 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
    [2010/06/07 00:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/03/20 10:30:38 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2009/08/31 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
     
    O1 HOSTS File: ([2010/06/06 22:12:19 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
    O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
    O4 - HKLM..\Run: [SDJobCheck] C:\TNGSD\BIN\triggusr.exe (Computer Associates International, Inc.)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
    O4 - HKLM..\Run: [Sxplog] C:\SxpInst\sxpstub.exe (Computer Associates International, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VF0070 STISvc] C:\WINNT\System32\V0070Pin.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [Workstation Info] c:\TEMPFILE\WINFO\info.exe ()
    O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\CheckPoint\Integrity Client\iclient.exe (Zone Labs, LLC)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AIGRAS\NetSP.exe (AT&T)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk = C:\WINNT\Installer\{2B324B71-A7F9-477F-9693-E8974DDA1EC6}\NetGM_1B536450052A4C0BA1B8FC31F1D473F7.exe (Macrovision Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Update_Policy.lnk = C:\WINNT\System32\refresh_policy.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
    O15 - HKCU\..Trusted Domains: 12.4.* ([138] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: 21.234.68 ([172] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: 21.234.84 ([172] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: 24.42.* ([207] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: accessaig.com ([tankguard] https in Local intranet)
    O15 - HKCU\..Trusted Domains: accessaig.com ([tankguardmodl] https in Local intranet)
    O15 - HKCU\..Trusted Domains: afd-inc.com ([clients] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: afd-inc.com ([clients] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: agfg.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([ahr] http in Local intranet)
    O15 - HKCU\..Trusted Domains: aig.com ([ahrmodel] http in Local intranet)
    O15 - HKCU\..Trusted Domains: aig.com ([aiuclaims] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([domino] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([dominodev] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([dominotest] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([epcghome] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([eups] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([eupsmodl] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([intellirisknetsourceebs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([legalaudit] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([livdsapps8] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([livdsweb2] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([livpsweb8] http in Local intranet)
    O15 - HKCU\..Trusted Domains: aig.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigag.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigcorpebus.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aiginvestments.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aiginvestments.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigretirementgold.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigrs.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigvalic.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigwc.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aiuholdings.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: attwireless.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: attws.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: chartisinsurance.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: chartisinsurance.net ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: eprocurelink.com ([www1] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: fleet.com ([demo-webconnect] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: fleet.com ([webconnect] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: intellirisknetsource.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: intellirisknetsource.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: livpwaapps3 ([]file in Local intranet)
    O15 - HKCU\..Trusted Domains: salesforce.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: stapleslink.com ([bci] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: yourensync.com ([mccoy] https in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
    O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} https://whiteglove.on.intercall.com/confmgr/installs/ICWMInstall.cab (ICWMInstallObj Class)
    O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} https://na.connect.aig.com/llclient/Neoteris/winxp/,DanaInfo=10.249.14.102+AXXPEE.dll (Confidence Online for Web Applications)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236666346865 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://na.connect.aig.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://na.connect.aig.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.5 213.109.72.21
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = r1-core.r1.aig.net
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (NetGina.dll) - C:\WINNT\System32\NetGINA.dll (AT&T)
    O20 - Winlogon\Notify\FCAGWL: DllName - fcagwl.dll - C:\WINNT\System32\fcagwl.dll (McAfee Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINNT\Chartiswall.bmp
    O24 - Desktop BackupWallPaper: C:\WINNT\Chartiswall.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/02/08 21:30:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    NetSvcs: 6to4 -  File not found
    NetSvcs: Ias - C:\WINNT\system32\ias [2009/02/08 21:30:18 | 000,000,000 | ---D | M]
    NetSvcs: Iprip -  File not found
    NetSvcs: Irmon -  File not found
    NetSvcs: NWCWorkstation -  File not found
    NetSvcs: Nwsapagent -  File not found
    NetSvcs: WmdmPmSp -  File not found
     
     
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: McAfeeDlpAgentService - C:\Program Files\McAfee\DLP\Agent\fcags.exe (McAfee Inc.)
    SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
     
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: McAfeeDlpAgentService - C:\Program Files\McAfee\DLP\Agent\fcags.exe (McAfee Inc.)
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
     
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
     
    Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54338225421942784)
     
    [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]
     
    [2010/06/06 16:03:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/06/06 15:59:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
    [2010/06/06 15:59:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
    [2010/06/06 15:59:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
    [2010/06/06 15:59:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
    [2010/06/06 15:59:03 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
    [2010/06/06 15:58:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/06/03 22:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/06/03 22:53:01 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINNT\System32\pncrt.dll
    [2010/06/03 22:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Real
    [2010/06/03 22:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
    [2010/06/03 22:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
    [2010/06/03 22:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Real
    [2010/06/02 22:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\My Documents\New Folder
    [2010/06/02 20:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
    [2010/05/25 20:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Local Settings\Application Data\Citrix
    [2010/05/23 07:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Verizon Wireless
    [2010/05/23 07:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
    [2010/05/23 07:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
    [2010/05/23 07:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
    [2010/05/23 07:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\InstallShield
    [2010/05/20 21:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\McAfee DLP Quarantined Files
    [2010/05/19 21:22:16 | 000,048,488 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\mfesmfk.sys
    [2010/05/03 07:23:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\karavind\Recent
    [2010/04/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2010/04/23 21:33:28 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\UMDF
    [2010/04/23 21:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\SanDisk
    [2010/04/10 19:43:16 | 000,000,000 | ---D | C] -- C:\found.000
    [2010/04/10 18:07:19 | 000,271,696 | ---- | C] (RealVNC Ltd.) -- C:\Documents and Settings\karavind\Desktop\vnc-4_1_3-x86_win32_viewer.exe
    [2010/04/09 07:00:36 | 000,000,000 | -H-D | C] -- C:\BJPrinter
    [2010/04/06 19:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Scooter Software
    [2010/04/06 19:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
    [2010/04/01 15:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Local Settings\Application Data\ApplicationHistory
    [2010/04/01 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\ePCGHelpRequest
    [2010/03/30 22:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Research In Motion
    [2010/03/30 22:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/03/30 22:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
    [2010/03/30 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
    [2010/03/20 10:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\skypePM
    [2010/03/20 10:36:17 | 000,000,000 | ---D | C] -- C:\WebCam
    [2010/03/20 10:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Skype
    [2010/03/20 10:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/03/20 10:30:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2010/03/20 10:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
    [2010/03/14 09:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\vlc
    [2010/03/14 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [1996/11/18 02:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINNT\System32\IMPLODE.DLL
    [4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
     
    [color=#E56717]========== Files - Modified Within 90 Days ==========[/color]
     
    [2010/06/08 06:46:58 | 000,000,638 | ---- | M] () -- C:\WINNT\win.ini
    [2010/06/08 06:31:16 | 000,000,990 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054UA.job
    [2010/06/06 22:34:59 | 000,525,770 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
    [2010/06/06 22:34:59 | 000,444,596 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
    [2010/06/06 22:34:59 | 000,072,306 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
    [2010/06/06 22:33:51 | 000,000,256 | ---- | M] () -- C:\WINNT\System32\pool.bin
    [2010/06/06 22:32:36 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk
    [2010/06/06 22:31:29 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    [2010/06/06 22:31:22 | 000,005,209 | ---- | M] () -- C:\WINNT\System32\vsconfig.xml
    [2010/06/06 22:30:42 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
    [2010/06/06 22:30:40 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
    [2010/06/06 22:28:51 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\karavind\ntuser.dat
    [2010/06/06 22:28:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\karavind\ntuser.ini
    [2010/06/06 22:27:50 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\fish tank temperature.xls
    [2010/06/06 22:13:29 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
    [2010/06/06 22:12:49 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\karavind\My Documents\Default.rdp
    [2010/06/06 22:12:19 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
    [2010/06/06 16:03:48 | 000,000,277 | RHS- | M] () -- C:\boot.ini
    [2010/06/06 15:56:57 | 003,703,394 | R--- | M] () -- C:\Documents and Settings\karavind\Desktop\ComboFix.exe
    [2010/06/06 00:05:46 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
    [2010/06/06 00:03:01 | 004,271,986 | -H-- | M] () -- C:\Documents and Settings\karavind\Local Settings\Application Data\IconCache.db
    [2010/06/05 07:31:01 | 000,000,938 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054Core.job
    [2010/06/04 06:16:22 | 000,005,209 | ---- | M] () -- C:\WINNT\System32\vsconfig.bak
    [2010/06/03 22:58:23 | 000,000,292 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    [2010/06/03 22:53:01 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINNT\System32\pncrt.dll
    [2010/06/02 11:20:17 | 000,000,207 | ---- | M] () -- C:\Boot.bak
    [2010/05/30 01:01:22 | 377,913,344 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_02_1.VOB
    [2010/05/30 00:16:56 | 539,262,976 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_1.VOB
    [2010/05/29 23:00:28 | 250,937,344 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_2.VOB
    [2010/05/27 19:32:37 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Google Chrome.lnk
    [2010/05/27 07:25:58 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\karavind\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/23 19:36:41 | 000,401,408 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Worksheet in Chartis_Homeowners_Renewal_Phase1_Scoring_Reports_APR2010.xls
    [2010/05/23 07:38:22 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
    [2010/05/23 07:29:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\karavind\pool.bin
    [2010/05/13 17:27:17 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2010/05/13 17:15:27 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\karavind\ntuser.pol
    [2010/05/12 11:32:12 | 000,781,312 | ---- | M] () -- C:\POC_Teradata 2.0.ppt
    [2010/05/12 07:05:46 | 001,643,520 | ---- | M] () -- C:\POC_Teradata.ppt
    [2010/05/12 06:40:01 | 000,000,000 | ---- | M] () -- C:\teradata.ppt
    [2010/05/09 21:39:11 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\fish tank parameters.xls
    [2010/05/05 21:21:41 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Microsoft Office Access 2003.lnk
    [2010/05/04 20:50:02 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\db3.mdb
    [2010/05/04 20:42:46 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\db2.mdb
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINNT\PEV.exe
    [2010/04/26 07:02:21 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
    [2010/04/23 21:50:23 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Windows Media Player.lnk
    [2010/04/23 21:49:50 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/04/23 21:46:15 | 000,023,392 | ---- | M] () -- C:\WINNT\System32\nscompat.tlb
    [2010/04/23 21:46:15 | 000,016,832 | ---- | M] () -- C:\WINNT\System32\amcompat.tlb
    [2010/04/23 21:34:49 | 000,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx
    [2010/04/23 21:33:35 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/04/22 21:29:27 | 000,017,478 | ---- | M] () -- C:\WINNT\System32\SiteList.xml
    [2010/04/22 10:13:27 | 000,075,322 | ---- | M] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
    [2010/04/15 21:31:56 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/04/10 18:07:20 | 000,271,696 | ---- | M] (RealVNC Ltd.) -- C:\Documents and Settings\karavind\Desktop\vnc-4_1_3-x86_win32_viewer.exe
    [2010/04/05 18:31:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Menu.doc
    [2010/03/30 22:31:22 | 000,003,712 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\cognos_mobile.jad
    [2010/03/30 22:00:52 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2010/03/30 22:00:52 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
    [2010/03/28 11:40:37 | 000,637,440 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\reports.xls
    [2010/03/20 10:42:10 | 000,000,056 | -H-- | M] () -- C:\WINNT\System32\ezsidmv.dat
    [2010/03/20 10:30:18 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/03/15 21:34:48 | 000,038,344 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\CO_Mon.sys
    [2010/03/14 09:30:16 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/03/10 22:32:03 | 000,377,078 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Clipboard09.bmp
    [4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
     
    [color=#E56717]========== Files Created - No Company Name ==========[/color]
     
    [2010/06/06 16:03:48 | 000,000,207 | ---- | C] () -- C:\Boot.bak
    [2010/06/06 16:03:44 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/06/06 15:59:24 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
    [2010/06/06 15:59:21 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
    [2010/06/06 15:59:21 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
    [2010/06/06 15:59:21 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
    [2010/06/06 15:59:21 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
    [2010/06/06 15:56:52 | 003,703,394 | R--- | C] () -- C:\Documents and Settings\karavind\Desktop\ComboFix.exe
    [2010/06/04 20:53:49 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\fish tank temperature.xls
    [2010/06/03 22:54:26 | 000,000,284 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    [2010/06/03 22:54:25 | 000,000,292 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    [2010/06/02 22:33:46 | 377,913,344 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_02_1.VOB
    [2010/06/02 22:31:32 | 539,262,976 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_1.VOB
    [2010/06/02 22:30:23 | 250,937,344 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_2.VOB
    [2010/06/02 11:20:17 | 000,000,207 | ---- | C] () -- C:\boot.ini.org
    [2010/05/23 19:36:39 | 000,401,408 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Worksheet in Chartis_Homeowners_Renewal_Phase1_Scoring_Reports_APR2010.xls
    [2010/05/23 07:38:22 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
    [2010/05/12 07:06:46 | 000,781,312 | ---- | C] () -- C:\POC_Teradata 2.0.ppt
    [2010/05/12 07:05:37 | 001,643,520 | ---- | C] () -- C:\POC_Teradata.ppt
    [2010/05/12 06:40:00 | 000,000,000 | ---- | C] () -- C:\teradata.ppt
    [2010/05/04 20:45:51 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\db3.mdb
    [2010/05/04 20:42:11 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\db2.mdb
    [2010/04/23 21:49:50 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/04/23 21:33:35 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/04/23 21:19:46 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\karavind\pool.bin
    [2010/04/22 10:13:25 | 000,075,322 | ---- | C] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
    [2010/04/16 07:03:46 | 000,017,478 | ---- | C] () -- C:\WINNT\System32\SiteList.xml
    [2010/04/09 07:00:42 | 000,006,656 | ---- | C] () -- C:\WINNT\System32\CNMVS56.DLL
    [2010/04/05 18:31:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Menu.doc
    [2010/03/30 22:31:49 | 000,003,712 | ---- | C] () -- C:\Documents and Settings\karavind\Desktop\cognos_mobile.jad
    [2010/03/30 22:15:09 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\pool.bin
    [2010/03/30 22:00:51 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2010/03/30 22:00:51 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
    [2010/03/28 11:40:36 | 000,637,440 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\reports.xls
    [2010/03/20 10:42:10 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
    [2010/03/20 10:36:18 | 000,005,225 | ---- | C] () -- C:\WINNT\VF0070.uns
    [2010/03/20 10:30:18 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/03/14 09:30:16 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/03/10 22:32:03 | 000,377,078 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Clipboard09.bmp
    [2010/03/04 17:29:32 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\jcom.dll
    [2010/02/15 22:11:35 | 000,000,120 | ---- | C] () -- C:\WINNT\QUICKEN.INI
    [2010/02/02 23:23:59 | 000,000,000 | ---- | C] () -- C:\WINNT\tosOBEX.INI
    [2010/01/14 13:50:50 | 000,096,072 | ---- | C] () -- C:\WINNT\System32\drivers\fcdrv3.sys
    [2010/01/14 13:50:48 | 000,114,632 | ---- | C] () -- C:\WINNT\System32\drivers\fcdrv2.sys
    [2009/11/28 20:48:16 | 000,000,147 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
    [2009/11/28 20:48:15 | 000,003,399 | R--- | C] () -- C:\WINNT\System32\hptcpmon.ini
    [2009/11/16 07:55:06 | 000,000,605 | ---- | C] () -- C:\WINNT\hpntwksetup.ini
    [2009/11/11 14:13:52 | 000,172,032 | ---- | C] () -- C:\WINNT\System32\cwbrw.dll
    [2009/11/11 14:13:52 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\cwbsv.dll
    [2009/11/11 14:13:52 | 000,020,529 | ---- | C] () -- C:\WINNT\System32\cwbwiz.dll
    [2009/11/11 14:13:52 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbsy.dll
    [2009/11/11 14:13:52 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbnl.dll
    [2009/11/11 14:13:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\cwbnldlg.dll
    [2009/11/11 14:13:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\cwbad.dll
    [2009/11/11 14:13:51 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbco.dll
    [2009/11/11 14:08:02 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\preflib.dll
    [2009/11/11 14:08:00 | 000,757,760 | ---- | C] () -- C:\WINNT\System32\bcm1xsup.dll
    [2009/11/11 11:50:42 | 000,041,456 | ---- | C] () -- C:\WINNT\System32\NWIPXSPX.DLL
    [2009/11/11 11:50:10 | 000,073,216 | ---- | C] () -- C:\WINNT\System32\neeviaprtntwt.dll
    [2009/11/11 11:49:56 | 000,000,250 | ---- | C] () -- C:\WINNT\Exigen.INI
    [2009/09/25 10:04:42 | 000,026,888 | ---- | C] () -- C:\WINNT\System32\drivers\swmsflt.sys
    [2009/03/16 18:05:04 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
    [2009/03/10 00:37:30 | 000,000,152 | ---- | C] () -- C:\WINNT\wwwbatch.ini
    [2009/03/02 21:43:58 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4926.dll
    [2009/03/02 21:43:58 | 000,104,636 | ---- | C] () -- C:\WINNT\System32\igmedcompkrn.dll
    [2009/03/02 21:43:57 | 001,843,784 | ---- | C] () -- C:\WINNT\System32\igklg400.dll
    [2009/03/02 21:43:57 | 001,399,880 | ---- | C] () -- C:\WINNT\System32\igklg450.dll
    [2009/02/09 02:26:27 | 000,000,280 | ---- | C] () -- C:\WINNT\System32\epoPGPsdk.dll.sig
    [2009/02/09 01:10:59 | 000,000,505 | ---- | C] () -- C:\WINNT\ODBC.INI
    [2009/02/08 23:39:59 | 000,000,415 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
    [2008/11/20 12:08:08 | 000,103,424 | ---- | C] () -- C:\WINNT\System32\drivers\SafeBoot.sys
    [2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL
    [2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\TosBtAcc.dll
    [2007/04/13 19:48:56 | 000,796,336 | ---- | C] () -- C:\WINNT\System32\libeay32_0.9.6l.dll
    [2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\TosCommAPI.dll
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
    [1999/06/15 12:41:02 | 000,027,136 | ---- | C] () -- C:\WINNT\System32\drcmhook.dll
     
    [color=#E56717]========== LOP Check ==========[/color]
     
    [2009/11/11 14:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
    [2010/03/15 21:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2009/11/11 11:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
    [2009/02/09 01:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
    [2009/12/18 10:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
    [2010/03/30 22:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2009/11/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Safeboot CSIP
    [2009/11/11 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2010/02/06 13:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simese
    [2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
    [2009/11/11 11:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2010/05/23 07:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
    [2009/12/25 23:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Bytemobile
    [2010/05/28 18:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\FileZilla
    [2010/03/15 21:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Juniper Networks
    [2009/03/12 02:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\OfficeUpdate12
    [2009/12/18 10:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Quest Software
    [2010/03/30 22:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Research In Motion
    [2010/04/23 21:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\SanDisk
    [2010/04/06 19:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Scooter Software
    [2009/12/25 23:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Sprint
    [2010/01/16 18:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\WholeSecurity
    [2009/02/09 01:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\WinBatch
     
    [color=#E56717]========== Purity Check ==========[/color]
     
     
     
    [color=#E56717]========== Custom Scans ==========[/color]
     
     
    [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
    [2010/03/04 17:07:35 | 000,206,088 | ---- | M] () -- C:\AcroRdUpdt93.log
    [2010/03/24 09:20:50 | 000,196,224 | ---- | M] () -- C:\AcroUpS931.log
    [2009/02/08 21:30:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/06/02 11:20:17 | 000,000,207 | ---- | M] () -- C:\Boot.bak
    [2010/06/06 16:03:48 | 000,000,277 | RHS- | M] () -- C:\boot.ini
    [2009/11/11 08:58:54 | 000,000,207 | ---- | M] () -- C:\boot.ini.org
    [2009/02/02 05:07:26 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.PRV
    [2009/02/02 05:17:56 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.TXT
    [2009/02/02 05:19:00 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/06/06 22:23:59 | 000,020,615 | ---- | M] () -- C:\ComboFix.txt
    [1999/04/23 18:22:00 | 000,093,890 | -HS- | M] () -- C:\COMMAND.COM
    [2009/02/08 21:30:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/02/28 16:42:57 | 000,000,000 | ---- | M] () -- C:\Data Warehouse Architecture - Proposed.ppt
    [2009/11/11 11:54:57 | 000,005,784 | ---- | M] () -- C:\Developer.log
    [2009/02/25 16:10:34 | 000,001,390 | ---- | M] () -- C:\docuPrinter.log
    [2010/03/04 17:30:40 | 000,005,298 | ---- | M] () -- C:\Exigen.log
    [2009/11/11 12:54:00 | 000,000,616 | ---- | M] () -- C:\GPoff.log
    [2009/11/11 12:54:02 | 000,000,616 | ---- | M] () -- C:\GPon.log
    [2010/04/22 10:13:27 | 000,075,322 | ---- | M] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
    [1999/04/23 18:22:00 | 000,222,390 | RHS- | M] () -- C:\IO.SYS
    [2009/11/11 12:54:20 | 000,006,603 | ---- | M] () -- C:\LAPTOP.tag
    [1999/04/23 18:22:00 | 000,000,009 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/11/11 11:45:30 | 000,022,729 | ---- | M] () -- C:\newfile.enc
    [2009/11/11 11:45:30 | 000,022,729 | ---- | M] () -- C:\newkey
    [2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/04 03:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/06/06 22:30:36 | 2136,887,296 | -HS- | M] () -- C:\pagefile.sys
    [2010/05/12 11:32:12 | 000,781,312 | ---- | M] () -- C:\POC_Teradata 2.0.ppt
    [2010/05/12 07:05:46 | 001,643,520 | ---- | M] () -- C:\POC_Teradata.ppt
    [2009/12/03 17:24:42 | 000,020,705 | ---- | M] () -- C:\POLICY_SCORE_100909 (5).pdf
    [2010/02/27 11:33:50 | 000,478,676 | ---- | M] () -- C:\pp.zip
    [2010/03/03 08:42:30 | 000,000,000 | ---- | M] () -- C:\Presentation1.ppt
    [2003/04/18 19:06:14 | 000,079,872 | ---- | M] (Microsoft) -- C:\ROBOCOPY.EXE
    [2009/11/11 15:01:49 | 021,102,592 | RHS- | M] () -- C:\SafeBoot.fs
    [2009/11/11 15:01:43 | 000,655,360 | RHS- | M] () -- C:\SafeBoot.rsv
    [2009/11/11 12:54:11 | 000,000,486 | ---- | M] () -- C:\SifXinst.log
    [2010/06/06 10:10:03 | 000,002,524 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_06.06.2010_10.10.02_log.txt
    [2010/06/06 10:11:27 | 000,002,524 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_06.06.2010_10.11.25_log.txt
    [2010/05/12 06:40:01 | 000,000,000 | ---- | M] () -- C:\teradata.ppt
    [2009/11/11 12:54:20 | 000,000,118 | ---- | M] () -- C:\wmerror.log
     
    [color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
     
    [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
    [2010/02/26 02:05:05 | 000,357,888 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\dxtmsft.dll
    [2010/02/26 02:05:05 | 000,205,312 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\dxtrans.dll
    [4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
     
    [color=#A23BEC]< %systemroot%\system32\*.exe /lockedfiles >[/color]
    [4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
     
    [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
     
    [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
    [2008/11/20 12:08:08 | 000,103,424 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINNT\system32\drivers\SafeBoot.sys
     
    [color=#A23BEC]< %systemroot%\System32\config\*.sav  >[/color]
    [2009/02/08 16:22:02 | 000,094,208 | ---- | M] () -- C:\WINNT\system32\config\default.sav
    [2009/02/08 16:22:02 | 000,659,456 | ---- | M] () -- C:\WINNT\system32\config\software.sav
    [2009/02/08 16:22:02 | 000,929,792 | ---- | M] () -- C:\WINNT\system32\config\system.sav
     
    [color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
    [2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINNT\system32\user32.dll
    [4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
     
    [color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
    [2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINNT\system32\ws2_32.dll
    [4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
     
    [color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
    [2009/11/11 14:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2009/11/11 16:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\AIGRAS
    [2009/12/12 23:32:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2009/11/14 09:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\AquaNotes
    [2009/11/11 11:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\AR System
    [2009/11/11 11:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\CA
    [2009/11/11 14:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
    [2010/06/06 21:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2009/02/08 21:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
    [2009/11/11 09:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
    [2009/11/11 14:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
    [2010/04/01 15:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\ePCGHelpRequest
    [2010/03/04 17:30:05 | 000,000,000 | ---D | M] -- C:\Program Files\Exigen
    [2009/11/13 20:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
    [2009/11/28 20:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
    [2009/11/28 20:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\HP
    [2009/11/11 14:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\IBM
    [2010/02/15 22:13:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/04/16 06:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010/01/18 18:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
    [2010/03/04 17:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2009/11/11 21:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
    [2009/02/09 01:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
    [2009/03/15 22:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
    [2009/03/10 00:27:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2009/02/08 21:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
    [2009/12/29 08:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2010/02/11 21:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2009/02/09 01:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
    [2010/01/18 20:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2009/03/15 22:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2010/04/16 06:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2010/04/05 08:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2009/12/18 09:45:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2009/12/29 08:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
    [2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\msn gaming zone
    [2009/02/09 01:51:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2009/02/09 01:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
    [2009/12/29 21:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\MySQL
    [2009/11/11 11:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\neevia.com
    [2009/02/08 21:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
    [2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
    [2009/02/08 21:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
    [2009/11/11 13:17:57 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
    [2009/12/18 12:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\PHP Editor
    [2009/12/18 10:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Quest Software
    [2010/02/15 22:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
    [2009/12/12 23:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2010/06/03 22:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\Real
    [2010/06/02 20:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\RealVNC
    [2009/12/18 09:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2010/03/30 22:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
    [2009/11/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\SafeBoot
    [2009/11/11 14:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\SafeBoot Tray Manager
    [2009/11/11 13:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\Screen Manager
    [2009/12/25 23:46:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless
    [2010/03/05 10:03:11 | 000,000,000 | ---D | M] -- C:\Program Files\SIFXINST
    [2009/11/11 09:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
    [2010/02/06 13:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Simese
    [2010/03/20 10:30:37 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint
    [2009/11/11 11:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
    [2010/02/02 20:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
    [2009/02/08 21:35:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2010/05/23 07:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
    [2010/03/14 09:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2009/11/11 11:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\VViewer
    [2010/04/23 21:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
    [2010/04/23 21:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2009/02/08 21:29:39 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
    [2010/06/02 06:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\WinMerge
    [2009/12/26 08:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2009/11/11 11:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
    [2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
    [2009/12/18 11:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
     
    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >[/color]
    < End of report >
    
     
  8. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    post the logs normally
     
  9. aravindk

    aravindk Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    14
    OTL Extras logfile created on: 6/8/2010 6:37:38 AM - Run 1
    OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\karavind\My Documents\Downloads
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 51.61 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: 1WPW1F1-SEC
    Current User Name: KAravind
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}" = SnagIt 8
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{106FB85A-9567-42FC-85CC-E4DA450F4C7B}" = Sprint SmartView
    "{14630437-9D8B-4CE9-BBB1-66CE69391E48}" = Clean Disk
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
    "{2B324B71-A7F9-477F-9693-E8974DDA1EC6}" = AIG Remote Access Managed VPN Premium Edition
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{3A218A30-0AEC-4805-A352-CE30D520EAF5}" = Integrity Agent
    "{3F50ED93-A7C7-44E3-AC70-AEDDF9C81C21}" = Exigen Workflow Web DMS Viewer
    "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{595F83A1-EF0B-42EB-B386-8344A5BA759F}" = WinZip 9.0 SR1
    "{5D6EC6F7-9B38-4a02-B063-97C2048B56A2}" = 7200_Help
    "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{829AC692-C6F1-4FC2-849B-F7DD74C1E3E2}" = McAfee DLP Agent
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
    "{94F9723E-900A-43C5-8F4E-AD2D2ED09273}" = Microsoft Visio Viewer 2002
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A7391302-FADF-4314-80DC-C757DAE45178}" = 7200
    "{A7CA6CC5-465B-41F8-96B5-F66BDF4482C7}" = VZAccess Manager
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{AC966B90-53CA-4710-8EEE-57ED25387872}" = 7200Trb
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CB2B2B63-58AB-48F3-AAD5-7E93AFE4268B}" = Quest Software Toad for MySQL Freeware 4.5
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
    "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D3EC6A3A-2322-49A5-9E29-6C213876EEE2}" = DRC
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
    "{E37E645E-4A0C-4D9E-B30A-7B19E797E743}" = BlackBerry USB Drivers
    "{F4071D69-E3F4-4538-8FE2-8FDE7CE0272B}" = Shockwave and Flash Player
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CANONBJ_Deinstall_CNMCP56.DLL" = Canon i860
    "CA-SD" = CA Unicenter Software Delivery
    "Chartis" = Chartis Screen Saver
    "ClientAccessExpress" = IBM iSeries Access for Windows
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "Creative VF0070" = Creative WebCam Notebook Ultra Driver (1.00.05.0127)
    "FileZilla Client" = FileZilla Client 3.3.0
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Photo & Imaging" = HP Image Zone 4.7
    "IrfanView" = IrfanView (remove only)
    "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Neevia docuPrinter LT_is1" = docuPrinter LT v6.0
    "PHP Editor_is1" = PHP Editor 2.22
    "PX: {07ADBCA7-90D2-4FC7-90DD-1734C98D81FA}" = Turn Off Microsoft Customer Survey
    "PX: {106DF6B4-6B96-4361-A630-0771F4CE3FB1}" = DocuPrint LT
    "PX: {D1A9C4DF-0EB9-4A6F-8106-2EB72278C38C}" = Java Heap Setting 256MB
    "PX: {F98169E6-8BD2-4BEA-AB70-56E0D06A70BF}" = DDAU
    "RealPlayer 12.0" = RealPlayer
    "RealVNC_is1" = VNC Free Edition 4.1.3
    "ST6UNST #1" = AquaNotes 3.5
    "VLC media player" = VLC media player 1.0.5
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Confidence Online EE" = Confidence Online(tm) for Web Applications
    "Google Chrome" = Google Chrome
    "Juniper_Networks_Cache_Cleaner 6.1.0" = Juniper Networks Cache Cleaner 6.1.0
    "Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Juniper_Term_Services" = Juniper Terminal Services Client
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/7/2010 6:59:46 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (A socket operation was attempted to an unreachable host. ). Group Policy
    processing aborted.

    Error - 6/7/2010 6:06:46 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (A socket operation was attempted to an unreachable host. ). Group Policy
    processing aborted.

    Error - 6/7/2010 6:06:52 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (A socket operation was attempted to an unreachable host. ). Group Policy
    processing aborted.

    Error - 6/7/2010 6:06:55 PM | Computer Name = 1WPW1F1-SEC | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    Error - 6/7/2010 6:07:04 PM | Computer Name = 1WPW1F1-SEC | Source = Google Update | ID = 20
    Description =

    Error - 6/7/2010 8:45:09 PM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (A socket operation was attempted to an unreachable host. ). Group Policy
    processing aborted.

    Error - 6/7/2010 8:45:22 PM | Computer Name = 1WPW1F1-SEC | Source = Google Update | ID = 20
    Description =

    Error - 6/8/2010 5:40:05 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (A socket operation was attempted to an unreachable host. ). Group Policy
    processing aborted.

    Error - 6/8/2010 5:40:06 AM | Computer Name = 1WPW1F1-SEC | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (A socket operation was attempted to an unreachable host. ). Group Policy
    processing aborted.

    Error - 6/8/2010 5:40:09 AM | Computer Name = 1WPW1F1-SEC | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for local system failed to contact
    the active directory (0x8007054b). The specified domain either does not exist
    or could not be contacted. Enrollment will not be performed.

    [ System Events ]
    Error - 6/7/2010 10:30:57 PM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 120 minutes. NtpClient has no source of accurate
    time.

    Error - 6/7/2010 10:41:10 PM | Computer Name = 1WPW1F1-SEC | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain R1-CORE due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 6/8/2010 5:40:06 AM | Computer Name = 1WPW1F1-SEC | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain R1-CORE due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 6/8/2010 5:40:12 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 15 minutes. NtpClient has no source of accurate
    time.

    Error - 6/8/2010 5:40:18 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 15 minutes. NtpClient has no source of accurate
    time.

    Error - 6/8/2010 5:40:22 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 15 minutes. NtpClient has no source of accurate
    time.

    Error - 6/8/2010 5:55:25 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 29 minutes. NtpClient has no source of accurate
    time.

    Error - 6/8/2010 6:25:25 AM | Computer Name = 1WPW1F1-SEC | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 59 minutes. NtpClient has no source of accurate
    time.

    Error - 6/8/2010 6:40:37 AM | Computer Name = 1WPW1F1-SEC | Source = Service Control Manager | ID = 7023
    Description = The Automatic Updates service terminated with the following error:
    %%126

    Error - 6/8/2010 6:41:06 AM | Computer Name = 1WPW1F1-SEC | Source = DCOM | ID = 10010
    Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
    with DCOM within the required timeout.


    < End of report >
     
  10. aravindk

    aravindk Thread Starter

    Joined:
    Jun 21, 2008
    Messages:
    14
    OTL logfile created on: 6/8/2010 6:37:38 AM - Run 1
    OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\karavind\My Documents\Downloads
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 51.61 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: 1WPW1F1-SEC
    Current User Name: KAravind
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/08 06:35:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\karavind\My Documents\Downloads\OTL.exe
    PRC - [2010/06/03 22:52:58 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2010/03/10 22:32:08 | 001,819,992 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    PRC - [2010/03/10 17:32:34 | 001,598,808 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe
    PRC - [2010/01/27 11:34:24 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
    PRC - [2010/01/14 13:50:44 | 003,913,024 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagte.exe
    PRC - [2010/01/14 13:50:08 | 004,224,320 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcags.exe
    PRC - [2010/01/14 13:49:42 | 000,263,488 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagswd.exe
    PRC - [2010/01/14 13:49:28 | 008,422,720 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcag.exe
    PRC - [2010/01/10 00:13:20 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
    PRC - [2009/09/25 10:04:34 | 000,316,672 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    PRC - [2009/09/22 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2009/09/22 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    PRC - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2009/09/22 17:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
    PRC - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINNT\system32\mfevtps.exe
    PRC - [2009/08/31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    PRC - [2009/08/31 21:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2009/08/31 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    PRC - [2009/08/31 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2009/08/31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    PRC - [2009/02/09 01:48:39 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2008/11/17 06:53:47 | 000,372,796 | ---- | M] (SafeBoot International) -- C:\Program Files\SafeBoot\SbClientManager.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/06/02 10:18:24 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
    PRC - [2008/02/22 16:29:24 | 002,572,288 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    PRC - [2008/02/22 11:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    PRC - [2008/01/22 21:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    PRC - [2008/01/09 11:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    PRC - [2007/10/29 15:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    PRC - [2007/10/04 19:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    PRC - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    PRC - [2007/08/23 12:55:06 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
    PRC - [2007/06/27 13:49:52 | 000,472,344 | ---- | M] (AT&T) -- C:\Program Files\AIGRAS\netcfgsvr.exe
    PRC - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINNT\system32\stacsv.exe
    PRC - [2007/05/10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
    PRC - [2007/04/13 20:08:14 | 001,849,096 | ---- | M] (Zone Labs, LLC) -- C:\WINNT\system32\ZoneLabs\vsmon.exe
    PRC - [2007/04/13 19:48:40 | 000,784,144 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\CheckPoint\Integrity Client\iclient.exe
    PRC - [2006/10/18 21:46:20 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
    PRC - [2006/03/22 09:20:14 | 000,126,121 | ---- | M] () -- C:\TEMPFILE\WINFO\info.exe
    PRC - [2006/03/14 09:01:00 | 005,517,312 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    PRC - [2006/03/14 09:01:00 | 000,026,112 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
    PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
    PRC - [2003/11/19 11:29:28 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) -- C:\TNGSD\BIN\SDServ.exe
    PRC - [2003/11/15 12:12:42 | 000,077,824 | ---- | M] (Computer Associates International, Inc.) -- C:\TNGSD\BIN\TRIGGAG.exe
    PRC - [2003/10/28 20:15:04 | 000,241,664 | ---- | M] (Computer Associates International, Inc.) -- C:\SxpInst\sxplog32.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/08 06:35:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\karavind\My Documents\Downloads\OTL.exe
    MOD - [2009/06/12 18:13:04 | 000,130,048 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\igfxdo.dll
    MOD - [2006/08/25 10:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    MOD - [2004/08/04 03:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/01/14 13:50:08 | 004,224,320 | ---- | M] (McAfee Inc.) [Unknown | Running] -- C:\Program Files\McAfee\DLP\Agent\fcags.exe -- (McAfeeDLPAgentService)
    SRV - [2009/11/11 11:34:28 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINNT\system32\PCTKRNT.SYS -- (PictureTaker)
    SRV - [2009/09/25 10:04:34 | 000,120,064 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
    SRV - [2009/09/22 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINNT\system32\mfevtps.exe -- (mfevtp)
    SRV - [2009/08/31 21:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
    SRV - [2009/08/31 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
    SRV - [2009/08/31 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
    SRV - [2009/02/09 01:48:39 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2008/11/17 06:53:47 | 000,372,796 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\SafeBoot\SbClientManager.exe -- (SafeBootClientManager)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/10/07 16:48:20 | 002,372,448 | ---- | M] (Neevia Technology) [On_Demand | Stopped] -- C:\Program Files\neevia.com\docuPrinterLT\neeviaDP6.lib -- (NVDPservice)
    SRV - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/06/27 13:49:52 | 000,472,344 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AIGRAS\netcfgsvr.exe -- (netcfgsvr)
    SRV - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINNT\system32\stacsv.exe -- (STacSV)
    SRV - [2007/04/13 20:08:14 | 001,849,096 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINNT\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2003/11/19 11:29:28 | 000,032,768 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\TNGSD\BIN\SDSERV.EXE -- (SDService)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/03/15 21:34:48 | 000,038,344 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CO_Mon.sys -- (CO_Mon)
    DRV - [2010/01/14 13:49:54 | 000,095,176 | ---- | M] (McAfee Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\fcdrv5.sys -- (fcdrv5)
    DRV - [2010/01/14 13:49:52 | 000,022,856 | ---- | M] (McAfee Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv4.sys -- (fcdrv4)
    DRV - [2010/01/14 13:49:50 | 000,096,072 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv3.sys -- (fcdrv3)
    DRV - [2010/01/14 13:49:48 | 000,114,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\fcdrv2.sys -- (fcdrv2)
    DRV - [2010/01/14 13:49:48 | 000,067,016 | ---- | M] (McAfee Inc.) [File_System | System | Running] -- C:\WINNT\system32\drivers\fcdrv1.sys -- (fcdrv1)
    DRV - [2009/09/25 10:04:42 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2009/09/25 10:04:42 | 000,026,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2009/09/25 10:04:42 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tcpipBM.sys -- (tcpipBM)
    DRV - [2009/09/25 10:04:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2009/09/25 10:04:36 | 000,171,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV - [2009/09/25 10:04:36 | 000,149,512 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\swmx00.sys -- (swmx00) Sierra Wireless USB MUX Driver (#00)
    DRV - [2009/09/25 10:04:28 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2009/09/02 18:02:46 | 000,048,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/02 18:01:36 | 000,343,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/08/31 21:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/08/31 21:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2009/08/31 21:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2009/08/31 21:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2009/08/31 21:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/06/12 18:52:48 | 006,278,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
    DRV - [2008/11/20 12:08:08 | 000,103,424 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2008/09/12 15:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\iaStor.sys -- (iastor)
    DRV - [2008/09/12 05:12:25 | 000,015,184 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbPrcCtl.sys -- (SbPrcCtl)
    DRV - [2008/09/12 05:11:31 | 000,013,152 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2008/09/12 05:11:20 | 000,033,264 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\RsvLock.sys -- (RsvLock)
    DRV - [2008/09/12 05:11:07 | 000,034,416 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SbFlop.sys -- (SbFlop)
    DRV - [2008/08/13 14:51:42 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\SbAlg.sys -- (SBAlg)
    DRV - [2008/05/12 09:04:00 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/02/15 16:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2008/01/31 16:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2008/01/22 21:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2007/10/18 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (tosrfusb)
    DRV - [2007/10/02 12:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2007/09/04 12:50:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\csrbcxp.sys -- (CSRBC)
    DRV - [2007/08/02 20:35:12 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/08/02 20:34:30 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/08/02 20:34:26 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/06/18 12:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/04/13 20:08:02 | 000,383,056 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINNT\system32\vsdatant.sys -- (vsdatant)
    DRV - [2007/03/20 16:36:06 | 000,011,264 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\avpnnic.sys -- (avpnnic)
    DRV - [2007/03/16 19:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2007/03/07 18:31:50 | 000,218,368 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\agnfilt.sys -- (agnfilt)
    DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2006/06/14 13:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2005/02/18 14:24:44 | 000,196,657 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\V0070Vid.sys -- (V0070VID)
    DRV - [2005/01/07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2004/08/12 10:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2004/04/29 18:19:18 | 000,019,328 | ---- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\agnwifi.sys -- (agnwifi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aigtoday.aig.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.4
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/03 22:54:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 22:54:33 | 000,000,000 | ---D | M]

    [2009/11/11 19:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Mozilla\Extensions
    [2010/06/07 00:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions
    [2010/05/17 06:43:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/03/17 07:11:39 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Documents and Settings\karavind\Application Data\Mozilla\Firefox\Profiles\jhmtwmn8.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
    [2010/06/07 00:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/03/20 10:30:38 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2009/08/31 21:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

    O1 HOSTS File: ([2010/06/06 22:12:19 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
    O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
    O4 - HKLM..\Run: [SDJobCheck] C:\TNGSD\BIN\triggusr.exe (Computer Associates International, Inc.)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
    O4 - HKLM..\Run: [Sxplog] C:\SxpInst\sxpstub.exe (Computer Associates International, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VF0070 STISvc] C:\WINNT\System32\V0070Pin.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [Workstation Info] c:\TEMPFILE\WINFO\info.exe ()
    O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\CheckPoint\Integrity Client\iclient.exe (Zone Labs, LLC)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AIGRAS\NetSP.exe (AT&T)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk = C:\WINNT\Installer\{2B324B71-A7F9-477F-9693-E8974DDA1EC6}\NetGM_1B536450052A4C0BA1B8FC31F1D473F7.exe (Macrovision Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE (New Boundary Technologies, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Update_Policy.lnk = C:\WINNT\System32\refresh_policy.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O15 - HKCU\..Trusted Domains: 12.4.* ([138] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: 21.234.68 ([172] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: 21.234.84 ([172] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: 24.42.* ([207] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: accessaig.com ([tankguard] https in Local intranet)
    O15 - HKCU\..Trusted Domains: accessaig.com ([tankguardmodl] https in Local intranet)
    O15 - HKCU\..Trusted Domains: afd-inc.com ([clients] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: afd-inc.com ([clients] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: agfg.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([ahr] http in Local intranet)
    O15 - HKCU\..Trusted Domains: aig.com ([ahrmodel] http in Local intranet)
    O15 - HKCU\..Trusted Domains: aig.com ([aiuclaims] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([domino] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([dominodev] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([dominotest] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([epcghome] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([eups] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([eupsmodl] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([intellirisknetsourceebs] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([legalaudit] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([livdsapps8] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([livdsweb2] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: aig.com ([livpsweb8] http in Local intranet)
    O15 - HKCU\..Trusted Domains: aig.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigag.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigcorpebus.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aiginvestments.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aiginvestments.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigretirementgold.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigrs.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigvalic.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aigwc.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: aiuholdings.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: attwireless.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: attws.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: chartisinsurance.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: chartisinsurance.net ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: eprocurelink.com ([www1] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: fleet.com ([demo-webconnect] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: fleet.com ([webconnect] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: intellirisknetsource.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: intellirisknetsource.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: livpwaapps3 ([]file in Local intranet)
    O15 - HKCU\..Trusted Domains: salesforce.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: stapleslink.com ([bci] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: yourensync.com ([mccoy] https in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
    O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} https://whiteglove.on.intercall.com/confmgr/installs/ICWMInstall.cab (ICWMInstallObj Class)
    O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} https://na.connect.aig.com/llclient/Neoteris/winxp/,DanaInfo=10.249.14.102+AXXPEE.dll (Confidence Online for Web Applications)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236666346865 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://na.connect.aig.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://na.connect.aig.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.5 213.109.72.21
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = r1-core.r1.aig.net
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (NetGina.dll) - C:\WINNT\System32\NetGINA.dll (AT&T)
    O20 - Winlogon\Notify\FCAGWL: DllName - fcagwl.dll - C:\WINNT\System32\fcagwl.dll (McAfee Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINNT\Chartiswall.bmp
    O24 - Desktop BackupWallPaper: C:\WINNT\Chartiswall.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/02/08 21:30:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINNT\system32\ias [2009/02/08 21:30:18 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found


    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: McAfeeDlpAgentService - C:\Program Files\McAfee\DLP\Agent\fcags.exe (McAfee Inc.)
    SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: McAfeeDlpAgentService - C:\Program Files\McAfee\DLP\Agent\fcags.exe (McAfee Inc.)
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54338225421942784)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/06 16:03:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/06/06 15:59:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
    [2010/06/06 15:59:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
    [2010/06/06 15:59:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
    [2010/06/06 15:59:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
    [2010/06/06 15:59:03 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
    [2010/06/06 15:58:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/06/03 22:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/06/03 22:53:01 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINNT\System32\pncrt.dll
    [2010/06/03 22:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Real
    [2010/06/03 22:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
    [2010/06/03 22:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
    [2010/06/03 22:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Real
    [2010/06/02 22:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\My Documents\New Folder
    [2010/06/02 20:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
    [2010/05/25 20:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Local Settings\Application Data\Citrix
    [2010/05/23 07:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Verizon Wireless
    [2010/05/23 07:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
    [2010/05/23 07:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
    [2010/05/23 07:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
    [2010/05/23 07:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\InstallShield
    [2010/05/20 21:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\McAfee DLP Quarantined Files
    [2010/05/19 21:22:16 | 000,048,488 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\drivers\mfesmfk.sys
    [2010/05/03 07:23:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\karavind\Recent
    [2010/04/23 21:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2010/04/23 21:33:28 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\UMDF
    [2010/04/23 21:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\SanDisk
    [2010/04/10 19:43:16 | 000,000,000 | ---D | C] -- C:\found.000
    [2010/04/10 18:07:19 | 000,271,696 | ---- | C] (RealVNC Ltd.) -- C:\Documents and Settings\karavind\Desktop\vnc-4_1_3-x86_win32_viewer.exe
    [2010/04/09 07:00:36 | 000,000,000 | -H-D | C] -- C:\BJPrinter
    [2010/04/06 19:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Scooter Software
    [2010/04/06 19:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
    [2010/04/01 15:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Local Settings\Application Data\ApplicationHistory
    [2010/04/01 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\ePCGHelpRequest
    [2010/03/30 22:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Research In Motion
    [2010/03/30 22:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/03/30 22:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
    [2010/03/30 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
    [2010/03/20 10:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\skypePM
    [2010/03/20 10:36:17 | 000,000,000 | ---D | C] -- C:\WebCam
    [2010/03/20 10:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\Skype
    [2010/03/20 10:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/03/20 10:30:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2010/03/20 10:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
    [2010/03/14 09:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\karavind\Application Data\vlc
    [2010/03/14 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [1996/11/18 02:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINNT\System32\IMPLODE.DLL
    [4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/06/08 06:46:58 | 000,000,638 | ---- | M] () -- C:\WINNT\win.ini
    [2010/06/08 06:31:16 | 000,000,990 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054UA.job
    [2010/06/06 22:34:59 | 000,525,770 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
    [2010/06/06 22:34:59 | 000,444,596 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
    [2010/06/06 22:34:59 | 000,072,306 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
    [2010/06/06 22:33:51 | 000,000,256 | ---- | M] () -- C:\WINNT\System32\pool.bin
    [2010/06/06 22:32:36 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk
    [2010/06/06 22:31:29 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    [2010/06/06 22:31:22 | 000,005,209 | ---- | M] () -- C:\WINNT\System32\vsconfig.xml
    [2010/06/06 22:30:42 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
    [2010/06/06 22:30:40 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
    [2010/06/06 22:28:51 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\karavind\ntuser.dat
    [2010/06/06 22:28:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\karavind\ntuser.ini
    [2010/06/06 22:27:50 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\fish tank temperature.xls
    [2010/06/06 22:13:29 | 000,000,227 | ---- | M] () -- C:\WINNT\system.ini
    [2010/06/06 22:12:49 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\karavind\My Documents\Default.rdp
    [2010/06/06 22:12:19 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
    [2010/06/06 16:03:48 | 000,000,277 | RHS- | M] () -- C:\boot.ini
    [2010/06/06 15:56:57 | 003,703,394 | R--- | M] () -- C:\Documents and Settings\karavind\Desktop\ComboFix.exe
    [2010/06/06 00:05:46 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
    [2010/06/06 00:03:01 | 004,271,986 | -H-- | M] () -- C:\Documents and Settings\karavind\Local Settings\Application Data\IconCache.db
    [2010/06/05 07:31:01 | 000,000,938 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-825750147-1553096506-3895987836-9054Core.job
    [2010/06/04 06:16:22 | 000,005,209 | ---- | M] () -- C:\WINNT\System32\vsconfig.bak
    [2010/06/03 22:58:23 | 000,000,292 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    [2010/06/03 22:53:01 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINNT\System32\pncrt.dll
    [2010/06/02 11:20:17 | 000,000,207 | ---- | M] () -- C:\Boot.bak
    [2010/05/30 01:01:22 | 377,913,344 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_02_1.VOB
    [2010/05/30 00:16:56 | 539,262,976 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_1.VOB
    [2010/05/29 23:00:28 | 250,937,344 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_2.VOB
    [2010/05/27 19:32:37 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Google Chrome.lnk
    [2010/05/27 07:25:58 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\karavind\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/23 19:36:41 | 000,401,408 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Worksheet in Chartis_Homeowners_Renewal_Phase1_Scoring_Reports_APR2010.xls
    [2010/05/23 07:38:22 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
    [2010/05/23 07:29:22 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\karavind\pool.bin
    [2010/05/13 17:27:17 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2010/05/13 17:15:27 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\karavind\ntuser.pol
    [2010/05/12 11:32:12 | 000,781,312 | ---- | M] () -- C:\POC_Teradata 2.0.ppt
    [2010/05/12 07:05:46 | 001,643,520 | ---- | M] () -- C:\POC_Teradata.ppt
    [2010/05/12 06:40:01 | 000,000,000 | ---- | M] () -- C:\teradata.ppt
    [2010/05/09 21:39:11 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\fish tank parameters.xls
    [2010/05/05 21:21:41 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Microsoft Office Access 2003.lnk
    [2010/05/04 20:50:02 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\db3.mdb
    [2010/05/04 20:42:46 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\db2.mdb
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINNT\PEV.exe
    [2010/04/26 07:02:21 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
    [2010/04/23 21:50:23 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\Windows Media Player.lnk
    [2010/04/23 21:49:50 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/04/23 21:46:15 | 000,023,392 | ---- | M] () -- C:\WINNT\System32\nscompat.tlb
    [2010/04/23 21:46:15 | 000,016,832 | ---- | M] () -- C:\WINNT\System32\amcompat.tlb
    [2010/04/23 21:34:49 | 000,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx
    [2010/04/23 21:33:35 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/04/22 21:29:27 | 000,017,478 | ---- | M] () -- C:\WINNT\System32\SiteList.xml
    [2010/04/22 10:13:27 | 000,075,322 | ---- | M] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
    [2010/04/15 21:31:56 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/04/10 18:07:20 | 000,271,696 | ---- | M] (RealVNC Ltd.) -- C:\Documents and Settings\karavind\Desktop\vnc-4_1_3-x86_win32_viewer.exe
    [2010/04/05 18:31:03 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Menu.doc
    [2010/03/30 22:31:22 | 000,003,712 | ---- | M] () -- C:\Documents and Settings\karavind\Desktop\cognos_mobile.jad
    [2010/03/30 22:00:52 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2010/03/30 22:00:52 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
    [2010/03/28 11:40:37 | 000,637,440 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\reports.xls
    [2010/03/20 10:42:10 | 000,000,056 | -H-- | M] () -- C:\WINNT\System32\ezsidmv.dat
    [2010/03/20 10:30:18 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/03/15 21:34:48 | 000,038,344 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\CO_Mon.sys
    [2010/03/14 09:30:16 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/03/10 22:32:03 | 000,377,078 | ---- | M] () -- C:\Documents and Settings\karavind\My Documents\Clipboard09.bmp
    [4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/06/06 16:03:48 | 000,000,207 | ---- | C] () -- C:\Boot.bak
    [2010/06/06 16:03:44 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/06/06 15:59:24 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
    [2010/06/06 15:59:21 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
    [2010/06/06 15:59:21 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
    [2010/06/06 15:59:21 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
    [2010/06/06 15:59:21 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
    [2010/06/06 15:56:52 | 003,703,394 | R--- | C] () -- C:\Documents and Settings\karavind\Desktop\ComboFix.exe
    [2010/06/04 20:53:49 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\fish tank temperature.xls
    [2010/06/03 22:54:26 | 000,000,284 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    [2010/06/03 22:54:25 | 000,000,292 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-825750147-1553096506-3895987836-9054.job
    [2010/06/02 22:33:46 | 377,913,344 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_02_1.VOB
    [2010/06/02 22:31:32 | 539,262,976 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_1.VOB
    [2010/06/02 22:30:23 | 250,937,344 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\VTS_01_2.VOB
    [2010/06/02 11:20:17 | 000,000,207 | ---- | C] () -- C:\boot.ini.org
    [2010/05/23 19:36:39 | 000,401,408 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Worksheet in Chartis_Homeowners_Renewal_Phase1_Scoring_Reports_APR2010.xls
    [2010/05/23 07:38:22 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
    [2010/05/12 07:06:46 | 000,781,312 | ---- | C] () -- C:\POC_Teradata 2.0.ppt
    [2010/05/12 07:05:37 | 001,643,520 | ---- | C] () -- C:\POC_Teradata.ppt
    [2010/05/12 06:40:00 | 000,000,000 | ---- | C] () -- C:\teradata.ppt
    [2010/05/04 20:45:51 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\db3.mdb
    [2010/05/04 20:42:11 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\db2.mdb
    [2010/04/23 21:49:50 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/04/23 21:33:35 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/04/23 21:19:46 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\karavind\pool.bin
    [2010/04/22 10:13:25 | 000,075,322 | ---- | C] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
    [2010/04/16 07:03:46 | 000,017,478 | ---- | C] () -- C:\WINNT\System32\SiteList.xml
    [2010/04/09 07:00:42 | 000,006,656 | ---- | C] () -- C:\WINNT\System32\CNMVS56.DLL
    [2010/04/05 18:31:02 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Menu.doc
    [2010/03/30 22:31:49 | 000,003,712 | ---- | C] () -- C:\Documents and Settings\karavind\Desktop\cognos_mobile.jad
    [2010/03/30 22:15:09 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\pool.bin
    [2010/03/30 22:00:51 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
    [2010/03/30 22:00:51 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
    [2010/03/28 11:40:36 | 000,637,440 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\reports.xls
    [2010/03/20 10:42:10 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
    [2010/03/20 10:36:18 | 000,005,225 | ---- | C] () -- C:\WINNT\VF0070.uns
    [2010/03/20 10:30:18 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/03/14 09:30:16 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/03/10 22:32:03 | 000,377,078 | ---- | C] () -- C:\Documents and Settings\karavind\My Documents\Clipboard09.bmp
    [2010/03/04 17:29:32 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\jcom.dll
    [2010/02/15 22:11:35 | 000,000,120 | ---- | C] () -- C:\WINNT\QUICKEN.INI
    [2010/02/02 23:23:59 | 000,000,000 | ---- | C] () -- C:\WINNT\tosOBEX.INI
    [2010/01/14 13:50:50 | 000,096,072 | ---- | C] () -- C:\WINNT\System32\drivers\fcdrv3.sys
    [2010/01/14 13:50:48 | 000,114,632 | ---- | C] () -- C:\WINNT\System32\drivers\fcdrv2.sys
    [2009/11/28 20:48:16 | 000,000,147 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
    [2009/11/28 20:48:15 | 000,003,399 | R--- | C] () -- C:\WINNT\System32\hptcpmon.ini
    [2009/11/16 07:55:06 | 000,000,605 | ---- | C] () -- C:\WINNT\hpntwksetup.ini
    [2009/11/11 14:13:52 | 000,172,032 | ---- | C] () -- C:\WINNT\System32\cwbrw.dll
    [2009/11/11 14:13:52 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\cwbsv.dll
    [2009/11/11 14:13:52 | 000,020,529 | ---- | C] () -- C:\WINNT\System32\cwbwiz.dll
    [2009/11/11 14:13:52 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbsy.dll
    [2009/11/11 14:13:52 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbnl.dll
    [2009/11/11 14:13:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\cwbnldlg.dll
    [2009/11/11 14:13:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\cwbad.dll
    [2009/11/11 14:13:51 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\cwbco.dll
    [2009/11/11 14:08:02 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\preflib.dll
    [2009/11/11 14:08:00 | 000,757,760 | ---- | C] () -- C:\WINNT\System32\bcm1xsup.dll
    [2009/11/11 11:50:42 | 000,041,456 | ---- | C] () -- C:\WINNT\System32\NWIPXSPX.DLL
    [2009/11/11 11:50:10 | 000,073,216 | ---- | C] () -- C:\WINNT\System32\neeviaprtntwt.dll
    [2009/11/11 11:49:56 | 000,000,250 | ---- | C] () -- C:\WINNT\Exigen.INI
    [2009/09/25 10:04:42 | 000,026,888 | ---- | C] () -- C:\WINNT\System32\drivers\swmsflt.sys
    [2009/03/16 18:05:04 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
    [2009/03/10 00:37:30 | 000,000,152 | ---- | C] () -- C:\WINNT\wwwbatch.ini
    [2009/03/02 21:43:58 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4926.dll
    [2009/03/02 21:43:58 | 000,104,636 | ---- | C] () -- C:\WINNT\System32\igmedcompkrn.dll
    [2009/03/02 21:43:57 | 001,843,784 | ---- | C] () -- C:\WINNT\System32\igklg400.dll
    [2009/03/02 21:43:57 | 001,399,880 | ---- | C] () -- C:\WINNT\System32\igklg450.dll
    [2009/02/09 02:26:27 | 000,000,280 | ---- | C] () -- C:\WINNT\System32\epoPGPsdk.dll.sig
    [2009/02/09 01:10:59 | 000,000,505 | ---- | C] () -- C:\WINNT\ODBC.INI
    [2009/02/08 23:39:59 | 000,000,415 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
    [2008/11/20 12:08:08 | 000,103,424 | ---- | C] () -- C:\WINNT\System32\drivers\SafeBoot.sys
    [2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL
    [2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\TosBtAcc.dll
    [2007/04/13 19:48:56 | 000,796,336 | ---- | C] () -- C:\WINNT\System32\libeay32_0.9.6l.dll
    [2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\TosCommAPI.dll
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
    [1999/06/15 12:41:02 | 000,027,136 | ---- | C] () -- C:\WINNT\System32\drcmhook.dll

    ========== LOP Check ==========

    [2009/11/11 14:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
    [2010/03/15 21:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2009/11/11 11:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
    [2009/02/09 01:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
    [2009/12/18 10:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
    [2010/03/30 22:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2009/11/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Safeboot CSIP
    [2009/11/11 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
    [2010/02/06 13:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simese
    [2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
    [2009/11/11 11:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2010/05/23 07:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
    [2009/12/25 23:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Bytemobile
    [2010/05/28 18:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\FileZilla
    [2010/03/15 21:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Juniper Networks
    [2009/03/12 02:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\OfficeUpdate12
    [2009/12/18 10:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Quest Software
    [2010/03/30 22:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Research In Motion
    [2010/04/23 21:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\SanDisk
    [2010/04/06 19:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Scooter Software
    [2009/12/25 23:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\Sprint
    [2010/01/16 18:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\WholeSecurity
    [2009/02/09 01:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\karavind\Application Data\WinBatch

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/03/04 17:07:35 | 000,206,088 | ---- | M] () -- C:\AcroRdUpdt93.log
    [2010/03/24 09:20:50 | 000,196,224 | ---- | M] () -- C:\AcroUpS931.log
    [2009/02/08 21:30:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/06/02 11:20:17 | 000,000,207 | ---- | M] () -- C:\Boot.bak
    [2010/06/06 16:03:48 | 000,000,277 | RHS- | M] () -- C:\boot.ini
    [2009/11/11 08:58:54 | 000,000,207 | ---- | M] () -- C:\boot.ini.org
    [2009/02/02 05:07:26 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.PRV
    [2009/02/02 05:17:56 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.TXT
    [2009/02/02 05:19:00 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/06/06 22:23:59 | 000,020,615 | ---- | M] () -- C:\ComboFix.txt
    [1999/04/23 18:22:00 | 000,093,890 | -HS- | M] () -- C:\COMMAND.COM
    [2009/02/08 21:30:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/02/28 16:42:57 | 000,000,000 | ---- | M] () -- C:\Data Warehouse Architecture - Proposed.ppt
    [2009/11/11 11:54:57 | 000,005,784 | ---- | M] () -- C:\Developer.log
    [2009/02/25 16:10:34 | 000,001,390 | ---- | M] () -- C:\docuPrinter.log
    [2010/03/04 17:30:40 | 000,005,298 | ---- | M] () -- C:\Exigen.log
    [2009/11/11 12:54:00 | 000,000,616 | ---- | M] () -- C:\GPoff.log
    [2009/11/11 12:54:02 | 000,000,616 | ---- | M] () -- C:\GPon.log
    [2010/04/22 10:13:27 | 000,075,322 | ---- | M] () -- C:\http_livdsadspcg01_cognos8_cgi-bin_cognos.pdf
    [1999/04/23 18:22:00 | 000,222,390 | RHS- | M] () -- C:\IO.SYS
    [2009/11/11 12:54:20 | 000,006,603 | ---- | M] () -- C:\LAPTOP.tag
    [1999/04/23 18:22:00 | 000,000,009 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/11/11 11:45:30 | 000,022,729 | ---- | M] () -- C:\newfile.enc
    [2009/11/11 11:45:30 | 000,022,729 | ---- | M] () -- C:\newkey
    [2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/04 03:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/06/06 22:30:36 | 2136,887,296 | -HS- | M] () -- C:\pagefile.sys
    [2010/05/12 11:32:12 | 000,781,312 | ---- | M] () -- C:\POC_Teradata 2.0.ppt
    [2010/05/12 07:05:46 | 001,643,520 | ---- | M] () -- C:\POC_Teradata.ppt
    [2009/12/03 17:24:42 | 000,020,705 | ---- | M] () -- C:\POLICY_SCORE_100909 (5).pdf
    [2010/02/27 11:33:50 | 000,478,676 | ---- | M] () -- C:\pp.zip
    [2010/03/03 08:42:30 | 000,000,000 | ---- | M] () -- C:\Presentation1.ppt
    [2003/04/18 19:06:14 | 000,079,872 | ---- | M] (Microsoft) -- C:\ROBOCOPY.EXE
    [2009/11/11 15:01:49 | 021,102,592 | RHS- | M] () -- C:\SafeBoot.fs
    [2009/11/11 15:01:43 | 000,655,360 | RHS- | M] () -- C:\SafeBoot.rsv
    [2009/11/11 12:54:11 | 000,000,486 | ---- | M] () -- C:\SifXinst.log
    [2010/06/06 10:10:03 | 000,002,524 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_06.06.2010_10.10.02_log.txt
    [2010/06/06 10:11:27 | 000,002,524 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_06.06.2010_10.11.25_log.txt
    [2010/05/12 06:40:01 | 000,000,000 | ---- | M] () -- C:\teradata.ppt
    [2009/11/11 12:54:20 | 000,000,118 | ---- | M] () -- C:\wmerror.log

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2010/02/26 02:05:05 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtmsft.dll
    [2010/02/26 02:05:05 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtrans.dll
    [4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

    < %systemroot%\system32\*.exe /lockedfiles >
    [4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2008/11/20 12:08:08 | 000,103,424 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\system32\drivers\SafeBoot.sys

    < %systemroot%\System32\config\*.sav >
    [2009/02/08 16:22:02 | 000,094,208 | ---- | M] () -- C:\WINNT\system32\config\default.sav
    [2009/02/08 16:22:02 | 000,659,456 | ---- | M] () -- C:\WINNT\system32\config\software.sav
    [2009/02/08 16:22:02 | 000,929,792 | ---- | M] () -- C:\WINNT\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINNT\system32\user32.dll
    [4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2004/08/04 03:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINNT\system32\ws2_32.dll
    [4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

    < %PROGRAMFILES%\*. >
    [2009/11/11 14:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2009/11/11 16:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\AIGRAS
    [2009/12/12 23:32:20 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2009/11/14 09:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\AquaNotes
    [2009/11/11 11:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\AR System
    [2009/11/11 11:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\CA
    [2009/11/11 14:57:57 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
    [2010/06/06 21:14:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2009/02/08 21:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
    [2009/11/11 09:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
    [2009/11/11 14:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
    [2010/04/01 15:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\ePCGHelpRequest
    [2010/03/04 17:30:05 | 000,000,000 | ---D | M] -- C:\Program Files\Exigen
    [2009/11/13 20:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
    [2009/11/28 20:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
    [2009/11/28 20:52:00 | 000,000,000 | ---D | M] -- C:\Program Files\HP
    [2009/11/11 14:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\IBM
    [2010/02/15 22:13:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/04/16 06:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010/01/18 18:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
    [2010/03/04 17:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2009/11/11 21:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
    [2009/02/09 01:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
    [2009/03/15 22:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
    [2009/03/10 00:27:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2009/02/08 21:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
    [2009/12/29 08:12:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2010/02/11 21:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2009/02/09 01:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
    [2010/01/18 20:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2009/03/15 22:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2010/04/16 06:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2010/04/05 08:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2009/12/18 09:45:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2009/12/29 08:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
    [2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\msn gaming zone
    [2009/02/09 01:51:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2009/02/09 01:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
    [2009/12/29 21:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\MySQL
    [2009/11/11 11:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\neevia.com
    [2009/02/08 21:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
    [2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
    [2009/02/08 21:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
    [2009/11/11 13:17:57 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
    [2009/12/18 12:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\PHP Editor
    [2009/12/18 10:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Quest Software
    [2010/02/15 22:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
    [2009/12/12 23:33:30 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2010/06/03 22:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\Real
    [2010/06/02 20:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\RealVNC
    [2009/12/18 09:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2010/03/30 22:03:55 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
    [2009/11/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Program Files\SafeBoot
    [2009/11/11 14:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\SafeBoot Tray Manager
    [2009/11/11 13:59:07 | 000,000,000 | ---D | M] -- C:\Program Files\Screen Manager
    [2009/12/25 23:46:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless
    [2010/03/05 10:03:11 | 000,000,000 | ---D | M] -- C:\Program Files\SIFXINST
    [2009/11/11 09:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
    [2010/02/06 13:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Simese
    [2010/03/20 10:30:37 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2009/12/25 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sprint
    [2009/11/11 11:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
    [2010/02/02 20:53:20 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
    [2009/02/08 21:35:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2010/05/23 07:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
    [2010/03/14 09:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2009/11/11 11:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\VViewer
    [2010/04/23 21:36:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
    [2010/04/23 21:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2009/02/08 21:29:39 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
    [2010/06/02 06:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\WinMerge
    [2009/12/26 08:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2009/11/11 11:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
    [2009/02/08 21:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
    [2009/12/18 11:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >
     
  11. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Please run the MGA Diagnostic Tool and post back the report it shall produce:
    1. Download MGADiag to your desktop.
    2. Double-click on MGADiag.exe to launch the program
    3. Click "Continue"
    4. Ensure that the "Windows" tab is selected (it should be by default).
    5. Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    6. Paste the MGA Diagnostic Report back here in your next reply.


    • Please download WVCheck by Artellos from one of the mirrors below;
    • After the download, run WVCheck.exe
    • As indicated by the prompt, This program can take a while depending on your hard drive space.
    • Once the program is done, copy the contents of the notepad file as a reply.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/927473