Jump to content

Recommended Posts

Hi,

following is output of OTL. Please advise on next steps.

Regards,

Suyog

OTL Extras logfile created on: 5/28/2011 11:15:11 AM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Aditi-Suyog\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 86.52% Memory free

4.80 Gb Paging File | 4.29 Gb Available in Paging File | 89.37% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.99 Gb Total Space | 126.84 Gb Free Space | 85.14% Space Free | Partition Type: NTFS

Computer Name: ADITI | User Name: Aditi-Suyog | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"67:UDP" = 67:UDP:*:Enabled:DHCP Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility

"FileZilla Client" = FileZilla Client 3.5.0

"HandBrake" = HandBrake 0.9.5

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 5.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)

"MSC" = McAfee AntiVirus Plus

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/26/2011 10:00:32 PM | Computer Name = ADITI | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 5/26/2011 10:00:32 PM | Computer Name = ADITI | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 5/26/2011 10:00:32 PM | Computer Name = ADITI | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 5/26/2011 10:00:32 PM | Computer Name = ADITI | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 5/26/2011 10:00:32 PM | Computer Name = ADITI | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 5/26/2011 10:00:32 PM | Computer Name = ADITI | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 5/26/2011 10:00:32 PM | Computer Name = ADITI | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 5/26/2011 10:00:32 PM | Computer Name = ADITI | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 5/26/2011 10:00:32 PM | Computer Name = ADITI | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 5/27/2011 9:09:18 PM | Computer Name = ADITI | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 5/26/2011 4:03:55 PM | Computer Name = ADITI | Source = Service Control Manager | ID = 7000

Description = The IMAPI CD-Burning COM Service service failed to start due to the

following error: %%1053

Error - 5/26/2011 4:04:25 PM | Computer Name = ADITI | Source = DCOM | ID = 10005

Description = DCOM got error "%1053" attempting to start the service iPod Service

with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 5/26/2011 4:04:25 PM | Computer Name = ADITI | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the iPod Service service

to connect.

Error - 5/26/2011 4:04:25 PM | Computer Name = ADITI | Source = Service Control Manager | ID = 7000

Description = The iPod Service service failed to start due to the following error:

%%1053

Error - 5/26/2011 9:33:21 PM | Computer Name = ADITI | Source = Service Control Manager | ID = 7034

Description = The Intel CPU service terminated unexpectedly. It has done this 1

time(s).

Error - 5/27/2011 8:55:10 AM | Computer Name = ADITI | Source = Service Control Manager | ID = 7023

Description = The Intel CPU service terminated with the following error: %%126

Error - 5/27/2011 8:55:28 AM | Computer Name = ADITI | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.2.103 for the Network Card with network

address 002556220CA7 has been denied by the DHCP server 192.168.2.1 (The DHCP Server

sent a DHCPNACK message).

Error - 5/27/2011 8:58:09 AM | Computer Name = ADITI | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 5/27/2011 10:18:32 AM | Computer Name = ADITI | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Search service

to connect.

Error - 5/27/2011 1:33:18 PM | Computer Name = ADITI | Source = Service Control Manager | ID = 7023

Description = The Intel CPU service terminated with the following error: %%126

< End of report >

Link to post
Share on other sites

OTL logfile created on: 5/28/2011 11:15:11 AM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Aditi-Suyog\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 86.52% Memory free

4.80 Gb Paging File | 4.29 Gb Available in Paging File | 89.37% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.99 Gb Total Space | 126.84 Gb Free Space | 85.14% Space Free | Partition Type: NTFS

Computer Name: ADITI | User Name: Aditi-Suyog | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Aditi-Suyog\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)

PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - c:\drivers\audio\R211990\stacsv.exe (IDT, Inc.)

PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)

PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Aditi-Suyog\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (itlperf) -- File not found

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)

SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\rpcnet.exe (Absolute Software Corp.)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (STacSV) -- c:\drivers\audio\R211990\stacsv.exe (IDT, Inc.)

SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)

DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)

DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )

DRV - (O2MDGRDR) -- C:\WINDOWS\system32\drivers\o2mdg.sys (O2Micro )

DRV - (O2SDGRDR) -- C:\WINDOWS\system32\drivers\o2sdg.sys (O2Micro )

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 15:17:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{C0705141-E6DA-464C-AFB2-83908BF2301A}: C:\Documents and Settings\Friend\Local Settings\Application Data\{C0705141-E6DA-464C-AFB2-83908BF2301A} [2011/05/25 15:12:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{EDFFCA53-8BD4-40AB-859B-6DFCD021ACA9}: C:\Documents and Settings\Aditi-Suyog\Local Settings\Application Data\{EDFFCA53-8BD4-40AB-859B-6DFCD021ACA9} [2011/05/25 16:48:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 14:00:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 20:15:12 | 000,000,000 | ---D | M]

[2011/03/13 20:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aditi-Suyog\Application Data\Mozilla\Extensions

[2011/03/23 20:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aditi-Suyog\Application Data\Mozilla\Firefox\Profiles\2mjmaivs.default\extensions

[2011/03/23 20:12:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aditi-Suyog\Application Data\Mozilla\Firefox\Profiles\2mjmaivs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/23 20:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) --

[2011/05/25 16:48:33 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADITI-SUYOG\LOCAL SETTINGS\APPLICATION DATA\{EDFFCA53-8BD4-40AB-859B-6DFCD021ACA9}

[2011/05/25 15:12:42 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\FRIEND\LOCAL SETTINGS\APPLICATION DATA\{C0705141-E6DA-464C-AFB2-83908BF2301A}

[2010/12/15 14:19:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/05/24 15:17:41 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2011/04/30 09:40:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2011/03/27 13:06:21 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

Hosts file not found

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110519140058.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - File not found

O24 - Desktop WallPaper: C:\Documents and Settings\Aditi-Suyog\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aditi-Suyog\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 10:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[2011/05/27 19:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aditi-Suyog\Application Data\FileZilla

[2011/05/27 19:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client

[2011/05/27 19:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

[2011/05/27 13:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp

[2011/05/27 13:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/05/27 10:23:29 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2011/05/27 10:23:29 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2011/05/27 10:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint

[2011/05/27 10:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office

[2011/05/27 10:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services

[2011/05/27 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2011/05/27 10:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2011/05/27 10:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework

[2011/05/27 10:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2011/05/27 10:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft

[2011/05/27 10:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2011/05/27 10:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services

[2011/05/27 10:09:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW

[2011/05/27 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aditi-Suyog\Local Settings\Application Data\Microsoft Help

[2011/05/27 10:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2011/05/27 10:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2011/05/27 10:08:38 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2011/05/27 10:05:46 | 681,867,016 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Aditi-Suyog\Desktop\X16-32250.exe

[2011/05/26 22:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aditi-Suyog\Application Data\Malwarebytes

[2011/05/26 22:12:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/05/26 22:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/26 22:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/05/26 22:12:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/05/26 22:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/26 21:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2011/05/25 21:33:36 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2011/05/25 19:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2011/05/25 19:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP

[2011/05/25 19:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP

[2011/05/25 19:33:37 | 000,037,376 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l3xu.dll

[2011/05/25 19:32:43 | 000,278,584 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll

[2011/05/25 19:32:43 | 000,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll

[2011/05/25 19:32:43 | 000,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll

[2011/05/25 19:32:43 | 000,069,632 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe

[2011/05/25 19:32:43 | 000,061,440 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe

[2011/05/25 19:32:43 | 000,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll

[2011/05/25 19:32:42 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe

[2011/05/25 19:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2011/05/25 19:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aditi-Suyog\Application Data\HP

[2011/05/25 19:30:39 | 000,274,432 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll

[2011/05/25 19:26:06 | 054,343,251 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\Aditi-Suyog\Desktop\5900_enu_win2k_xp.exe

[2011/05/25 19:19:53 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

[2011/05/25 16:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aditi-Suyog\Local Settings\Application Data\{EDFFCA53-8BD4-40AB-859B-6DFCD021ACA9}

[2011/05/25 15:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google

[2011/05/25 15:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/05/25 15:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/05/06 20:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/05/06 20:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/05/06 20:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/05/06 20:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/05/06 20:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aditi-Suyog\My Documents\MP3

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/28 10:58:07 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk

[2011/05/28 10:57:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/28 10:57:17 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe

[2011/05/28 10:57:16 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/28 10:57:14 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll

[2011/05/28 10:57:10 | 000,000,332 | -HS- | M] () -- C:\WINDOWS\tasks\CLKTDZPILV.job

[2011/05/28 10:57:05 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Qfkpg.job

[2011/05/28 10:56:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/28 10:56:47 | 3180,281,856 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/28 10:21:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/27 15:45:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/05/27 13:29:51 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/05/26 22:12:35 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/26 15:56:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ebodoxebuxeyaki.bin

[2011/05/25 19:35:33 | 000,079,401 | ---- | M] () -- C:\WINDOWS\hpfins05.dat

[2011/05/25 19:35:04 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2011/05/25 19:34:51 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk

[2011/05/25 19:29:02 | 054,343,251 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Aditi-Suyog\Desktop\5900_enu_win2k_xp.exe

[2011/05/25 15:12:43 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Unexofoseqova.dat

[2011/05/25 15:11:09 | 000,102,912 | RHS- | M] () -- C:\WINDOWS\System32\kbdbhco.dll

[2011/05/24 12:14:39 | 681,867,016 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Aditi-Suyog\Desktop\X16-32250.exe

[2011/05/06 20:53:31 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/05/05 18:21:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/26 22:12:35 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/25 19:35:04 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2011/05/25 19:34:51 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk

[2011/05/25 19:31:03 | 000,079,401 | ---- | C] () -- C:\WINDOWS\hpfins05.dat

[2011/05/25 19:31:03 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat

[2011/05/25 19:30:39 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll

[2011/05/25 19:30:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2011/05/25 15:12:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Unexofoseqova.dat

[2011/05/25 15:12:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ebodoxebuxeyaki.bin

[2011/05/25 15:11:10 | 000,000,332 | -HS- | C] () -- C:\WINDOWS\tasks\CLKTDZPILV.job

[2011/05/25 15:11:10 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\Qfkpg.job

[2011/05/25 15:11:09 | 000,102,912 | RHS- | C] () -- C:\WINDOWS\System32\kbdbhco.dll

[2011/05/07 19:05:03 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk

[2011/05/06 20:53:31 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/03/13 20:30:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/01/23 15:38:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/01/22 23:22:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/01/22 23:22:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/12/15 20:05:07 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll

[2010/12/15 20:04:37 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe

[2010/12/15 14:23:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/12/15 14:19:51 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2010/12/15 14:19:50 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2010/12/15 14:19:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2010/11/24 09:20:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe

[2010/11/24 09:20:11 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin

[2010/11/24 09:20:11 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin

[2010/11/24 09:20:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll

[2010/11/24 09:18:56 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/25 12:16:22 | 000,464,526 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/25 12:16:22 | 000,079,636 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/04/25 05:21:52 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2011/05/27 19:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aditi-Suyog\Application Data\FileZilla

[2011/02/13 17:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aditi-Suyog\Application Data\HandBrake

[2010/12/15 14:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aditi-Suyog\Application Data\Windows Desktop Search

[2011/03/11 15:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aditi-Suyog\Application Data\Windows Search

[2011/03/20 16:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/05/28 10:57:10 | 000,000,332 | -HS- | M] () -- C:\WINDOWS\Tasks\CLKTDZPILV.job

[2011/05/28 10:57:05 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\Qfkpg.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • Staff

Hi,

In the future, please post all logs directly into your reply instead of attaching them.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.