Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can not open microsoft and other antivirus sites [Solved]

Started by nikux , Mar 20 2009 11:25 AM

This topic is locked

#1
nikux

Posted 20 March 2009 - 11:25 AM

New Member

Member
6 posts

I realized something is going wrong when i was not able to open microsoft site. I tired to go to an antivirus site (avg, kaspersky etc) and i could not even open them. I then installed hijackthis, Malwarebytes and Combofix and ran all three, reading the instructions or similar threads, but I still can not access these sites

... do i need to take drastic steps?

Should I post hijackthis/combofix log? Any help will be deeply appreciated.

#2
Essexboy

Posted 20 March 2009 - 12:05 PM

GeekU Moderator

Retired Staff
69,964 posts

Lets see what you have first

Download Rooter.exe to your desktop

Doubleclick it to start the tool.
A Notepad file containing the report will open, also found at %systemdrive%(usually C:)\Rooter.txt. Copy and paste it with your OTLI log.

THEN

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

#3
nikux

Posted 20 March 2009 - 12:36 PM

New Member

Topic Starter
Member
6 posts

Posting the logs:
==================================================================
Router.txt
==================================================================

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:73171 Mo/Free:2215 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Z:\ [Network] (Total:305242 Mo/Free:1750 Mo)

Fri 03/20/2009|11:47

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Analog Devices\Core\smax4pnp.exe
---------- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
---------- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\Program Files\FlashGet\FlashGet.exe
---------- C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
---------- C:\Program Files\Google\Google Talk\googletalk.exe
---------- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\Program Files\Dell Support\DSAgnt.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
---------- C:\Program Files\WordWeb\wweb32.exe
---------- C:\Program Files\Workrave\lib\Workrave.exe
---------- C:\Program Files\Skype\Plugin Manager\skypePM.exe
---------- C:\Documents and Settings\nikux\Desktop\OTListIt2.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

1 - "C:\Rooter$\Rooter_1.txt" - Fri 03/20/2009|11:28
2 - "C:\Rooter$\Rooter_2.txt" - Fri 03/20/2009|11:47

----------------------\\ Scan completed at 11:47

==================================================================
Otlistlt.txt
==================================================================

OTListIt logfile created on: 3/20/2009 11:45:49 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\nikux\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 164.70 Mb Available Physical Memory | 32.80% Memory free
1.20 Gb Paging File | 0.89 Gb Available in Paging File | 73.92% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 18.16 Gb Free Space | 25.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 298.09 Gb Total Space | 13.71 Gb Free Space | 4.60% Space Free | Partition Type: NTFS

Computer Name: BHABHA
Current User Name: nikux
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
PRC - C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
PRC - C:\Program Files\Workrave\lib\Workrave.exe ()
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Documents and Settings\nikux\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPodService [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe (HP)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DSproct [On_Demand | Running]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.gmail.com"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 5\COMPONENTS [2009/02/23 12:30:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 5\PLUGINS [2009/02/23 12:30:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/11 13:30:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/11 13:30:32 | 00,000,000 | ---D | M]

[2008/05/15 17:45:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Extensions
[2008/05/15 17:45:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/19 15:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions
[2008/10/02 16:11:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/10/02 16:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2008/03/24 14:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008/05/15 17:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\[email protected]
[2008/09/23 21:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\[email protected]
[2006/09/19 15:34:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\temp
[2006/04/25 17:07:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\yjh9mk2a.default\extensions
[2009/02/26 11:34:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/11 13:30:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/11 13:30:25 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/11 13:30:25 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2005/09/15 18:26:00 | 00,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2009/01/07 17:49:25 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/07 17:49:25 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/07 17:49:25 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/07 17:49:25 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/07 17:49:26 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/07 17:49:26 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/07 17:49:26 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [FlashGet] C:\Program Files\FlashGet\FlashGet.exe /min (FlashGet.com)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart (Google)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O4 - Startup: C:\Documents and Settings\nikux\Start Menu\Programs\Startup\Workrave.lnk = C:\Program Files\Workrave\lib\Workrave.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...90/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,23/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = svc-dc.svcl.ucsd.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E594EFDF-3CF6-4C4F-A7AB-19A0091C28FA}\\NameServer = 192.168.65.81,192.168.65.10,132.239.1.52
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\AUTOEXEC.UP () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/20 11:43:44 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nikux\Desktop\OTListIt2.exe
[2009/03/20 11:27:47 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/20 11:27:32 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Rooter.exe
[2009/03/19 23:52:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\plastic
[2009/03/19 18:34:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/19 16:14:54 | 02,106,792 | -H-- | C] () -- C:\Documents and Settings\nikux\Local Settings\Application Data\IconCache.db
[2009/03/19 15:21:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Malwarebytes
[2009/03/19 15:21:42 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/19 15:21:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/19 15:21:40 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/19 15:21:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/19 15:21:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/19 15:11:49 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/19 15:11:48 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/03/19 15:11:47 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/03/19 15:11:47 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/03/19 15:11:43 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/03/19 15:11:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/03/19 15:11:41 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/03/19 15:11:41 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/03/19 15:11:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/03/19 15:11:18 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/03/19 15:11:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/03/19 15:11:16 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/03/19 15:01:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\HijackThis.lnk
[2009/03/19 15:01:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/19 15:01:20 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\nikux\Desktop\HJTInstall.exe
[2009/03/16 17:26:30 | 00,104,448 | R-S- | C] () -- C:\WINDOWS\System32\wwwucfw.dll
[2009/03/13 14:23:00 | 00,230,163 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\h27_18257817.jpg
[2009/03/12 14:07:05 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\nikux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 16:37:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\Adobe
[2009/03/04 16:34:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\spatial_pyramid_code
[2009/03/04 16:34:28 | 00,181,412 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\spatial_pyramid_code.zip
[2009/03/04 15:30:54 | 00,570,871 | ---- | C] () -- C:\ddrive\My Documents\cvpr1985-2009.png
[2009/03/04 11:47:43 | 00,002,387 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/03/02 22:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\Mozilla
[2009/03/02 21:28:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\Google
[2009/03/02 21:27:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\TSVNCache
[2009/03/02 21:27:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\Microsoft
[2009/03/02 21:27:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\nikux\Application Data\DESKTOP.INI
[2009/03/02 21:16:42 | 42,359,290 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Advances in signal transformation.pdf
[2009/03/02 21:16:42 | 19,704,003 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Advances in Nonlinear signal and image processing.pdf
[2009/03/02 21:16:42 | 00,070,877 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\AA27.ps.gz
[2009/03/02 21:16:39 | 15,930,259 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\All_Results.tar.gz
[2009/03/02 21:16:34 | 13,655,788 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Category level object segmentation using BOW and MRF.pdf
[2009/03/02 21:16:33 | 00,010,520 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.dvi
[2009/03/02 21:16:33 | 00,000,009 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.aux
[2009/03/02 21:16:31 | 00,075,027 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.ps
[2009/03/02 21:16:30 | 00,009,153 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.tex
[2009/03/02 21:16:28 | 00,009,153 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.tex~
[2009/03/02 21:16:07 | 09,069,736 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Criminisi_TextonBoost_ijcv2007.pdf
[2009/03/02 21:15:35 | 00,075,264 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\f02102.xls
[2009/03/02 21:15:31 | 08,446,779 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\gvim71.exe
[2009/03/02 21:15:31 | 03,466,920 | ---- | C] (Bolide Software ) -- C:\Documents and Settings\nikux\Desktop\ic_setup.exe
[2009/03/02 21:15:31 | 00,686,292 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\From mere coincidences to meaningful discoveries.pdf
[2009/03/02 21:15:31 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Image Comparer.lnk
[2009/03/02 21:15:30 | 00,388,018 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\implementation details.zip
[2009/03/02 21:15:30 | 00,000,932 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\MyPublisher.lnk
[2009/03/02 21:15:29 | 00,033,310 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\NikhilRasiwasia_Research.pdf
[2009/03/02 21:15:29 | 00,028,033 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\NikhilRasiwasia_CV.pdf
[2009/03/02 21:14:51 | 00,297,003 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\qbse.rar
[2009/03/02 21:10:58 | 00,028,850 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Resume - Nikhil Rasiwasia_MSR.pdf
[2009/03/02 21:10:57 | 00,409,600 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\TEST.ICR
[2009/03/02 21:10:57 | 00,133,120 | -HS- | C] () -- C:\Documents and Settings\nikux\Desktop\Thumbs.db
[2009/03/02 21:10:57 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Shortcut to deskwin.exe.lnk
[2009/03/02 21:10:57 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Shortcut to startxwin.bat.lnk
[2009/03/02 21:10:44 | 00,274,432 | ---- | C] (Constantin Kaplinsky) -- C:\Documents and Settings\nikux\Desktop\vncviewer.exe
[2009/03/02 21:10:23 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\WinSCP.lnk
[2009/03/02 21:10:15 | 00,091,415 | ---- | C] () -- C:\ddrive\My Documents\1.eps
[2009/03/02 21:10:14 | 00,457,181 | ---- | C] () -- C:\ddrive\My Documents\1.pdf
[2009/03/02 21:10:14 | 00,015,416 | ---- | C] () -- C:\ddrive\My Documents\1.png
[2009/03/02 21:10:13 | 02,455,772 | ---- | C] () -- C:\ddrive\My Documents\8_pp_photos.tif
[2009/03/02 21:10:10 | 00,985,326 | ---- | C] () -- C:\ddrive\My Documents\age.TIF
[2009/03/02 21:10:08 | 02,414,990 | ---- | C] () -- C:\ddrive\My Documents\brianRose_othello.pdf
[2009/03/02 21:10:08 | 00,022,528 | ---- | C] () -- C:\ddrive\My Documents\Assignment 4_b.doc
[2009/03/02 21:10:08 | 00,000,006 | ---- | C] () -- C:\ddrive\My Documents\B-plan.doc
[2009/03/02 21:10:04 | 05,007,984 | ---- | C] () -- C:\ddrive\My Documents\D.wav
[2009/03/02 21:10:04 | 00,268,804 | ---- | C] () -- C:\ddrive\My Documents\C__Documents and Settings_nikux_Local Settings_Application Data_Mozilla_Firefox_Profiles_c5kc3ip0.pdf
[2009/03/02 21:10:03 | 00,001,146 | -H-- | C] () -- C:\ddrive\My Documents\Default.rdp
[2009/03/02 21:10:03 | 00,000,076 | -HS- | C] () -- C:\ddrive\My Documents\DESKTOP.INI
[2009/03/02 21:08:41 | 00,015,427 | ---- | C] () -- C:\ddrive\My Documents\Draft2_Eakta_SOP.pdf
[2009/03/02 21:08:40 | 00,019,456 | ---- | C] () -- C:\ddrive\My Documents\eey1.xls
[2009/03/02 21:08:28 | 00,019,940 | ---- | C] () -- C:\ddrive\My Documents\gdb.pdf
[2009/03/02 21:08:18 | 03,582,859 | ---- | C] () -- C:\ddrive\My Documents\geomproc.rar
[2009/03/02 21:08:07 | 04,172,904 | ---- | C] () -- C:\ddrive\My Documents\harshat.mp3
[2009/03/02 21:08:07 | 00,305,586 | ---- | C] () -- C:\ddrive\My Documents\height.png
[2009/03/02 21:08:07 | 00,027,602 | ---- | C] () -- C:\ddrive\My Documents\Graphic1.cdr
[2009/03/02 21:07:55 | 00,327,717 | ---- | C] () -- C:\ddrive\My Documents\holi.jpg
[2009/03/02 21:07:51 | 00,046,841 | ---- | C] () -- C:\ddrive\My Documents\ieee.htm
[2009/03/02 21:07:15 | 00,316,279 | ---- | C] () -- C:\ddrive\My Documents\IMG_0289.JPG
[2009/03/02 21:07:15 | 00,013,828 | ---- | C] () -- C:\ddrive\My Documents\Jan 2006.ods
[2009/03/02 21:01:10 | 04,523,765 | ---- | C] () -- C:\ddrive\My Documents\McGraw Hill - GCC, the Complete Reference - fly.pdf
[2009/03/02 21:01:10 | 03,932,214 | ---- | C] () -- C:\ddrive\My Documents\luftanza.bmp
[2009/03/02 21:01:10 | 00,012,058 | ---- | C] () -- C:\ddrive\My Documents\motiv.jpg
[2009/03/02 21:00:13 | 00,535,552 | ---- | C] () -- C:\ddrive\My Documents\New Microsoft Word Document (2).doc
[2009/03/02 21:00:13 | 00,222,678 | ---- | C] () -- C:\ddrive\My Documents\not-best-friend.JPG
[2009/03/02 21:00:13 | 00,032,080 | ---- | C] () -- C:\ddrive\My Documents\nitin.JPG
[2009/03/02 20:59:19 | 01,183,306 | ---- | C] () -- C:\ddrive\My Documents\phantom.psd
[2009/03/02 20:59:19 | 01,038,812 | ---- | C] () -- C:\ddrive\My Documents\poster_07_new.pdf
[2009/03/02 20:59:19 | 00,025,600 | ---- | C] () -- C:\ddrive\My Documents\photolog.xls
[2009/03/02 20:59:14 | 01,300,992 | ---- | C] () -- C:\ddrive\My Documents\Presentation1.ppt
[2009/03/02 20:58:07 | 01,002,660 | ---- | C] () -- C:\ddrive\My Documents\race.TIF
[2009/03/02 20:56:12 | 25,020,144 | ---- | C] () -- C:\ddrive\My Documents\Random+Process+Old+Exams.zip
[2009/03/02 20:56:11 | 06,949,744 | ---- | C] () -- C:\ddrive\My Documents\saiyaan khade us paar....mp3
[2009/03/02 20:56:09 | 12,975,441 | ---- | C] () -- C:\ddrive\My Documents\saiyaan re-mp3.mp3
[2009/03/02 20:56:08 | 03,828,880 | ---- | C] () -- C:\ddrive\My Documents\sanjay.wav
[2009/03/02 20:56:07 | 00,076,840 | ---- | C] () -- C:\ddrive\My Documents\semanticspace.pptx
[2009/03/02 20:55:46 | 76,322,338 | ---- | C] () -- C:\ddrive\My Documents\Suzuki_GS_500_E__89_a__97_-_Service_Manual_Haynes.pdf
[2009/03/02 20:55:46 | 63,778,364 | ---- | C] () -- C:\ddrive\My Documents\Suzuki_GS_500_E_89_a_99_-_Service_Manual.pdf
[2009/03/02 20:55:46 | 01,550,425 | ---- | C] () -- C:\ddrive\My Documents\Suzuki_GS_500_F_K4__04_-_Service_Manual_Supl.pdf
[2009/03/02 20:55:46 | 01,089,878 | ---- | C] () -- C:\ddrive\My Documents\Suzuki_GS_500_E_Parts.pdf
[2009/03/02 20:55:46 | 00,014,060 | ---- | C] () -- C:\ddrive\My Documents\svcl-icon.cdr
[2009/03/02 20:55:29 | 02,242,885 | ---- | C] () -- C:\ddrive\My Documents\techkriti_brochure_mail.pdf
[2009/03/02 20:55:29 | 00,540,882 | ---- | C] () -- C:\ddrive\My Documents\tax1.pdf
[2009/03/02 20:55:29 | 00,114,749 | ---- | C] () -- C:\ddrive\My Documents\test.jpg
[2009/03/02 20:55:28 | 00,535,552 | ---- | C] () -- C:\ddrive\My Documents\things to do before dying.doc
[2009/03/02 20:55:28 | 00,038,912 | -HS- | C] () -- C:\ddrive\My Documents\Thumbs.db
[2009/03/02 20:55:28 | 00,030,033 | ---- | C] () -- C:\ddrive\My Documents\test.pptx
[2009/03/02 20:55:23 | 00,229,376 | ---- | C] () -- C:\ddrive\My Documents\Travel Worksheet Domestic.doc
[2009/03/02 20:55:22 | 00,029,916 | ---- | C] () -- C:\ddrive\My Documents\Travel Worksheet Domestic.docx
[2009/03/02 20:55:17 | 00,841,138 | ---- | C] () -- C:\ddrive\My Documents\tshirt.psd
[2009/03/02 20:55:13 | 01,885,869 | ---- | C] () -- C:\ddrive\My Documents\tshirt2.psd
[2009/03/02 20:55:08 | 03,850,701 | ---- | C] () -- C:\ddrive\My Documents\vimbook-OPL.pdf
[2009/03/02 20:55:08 | 00,102,637 | ---- | C] () -- C:\ddrive\My Documents\vision list.html
[2009/03/02 20:55:07 | 00,390,233 | ---- | C] () -- C:\ddrive\My Documents\visionart.docx
[2009/03/02 20:55:07 | 00,046,592 | ---- | C] () -- C:\ddrive\My Documents\Vision Professors.doc
[2009/03/02 20:54:52 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\nikux\Start Menu\Programs\Startup\Workrave.lnk
[2009/03/02 20:54:52 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\nikux\Start Menu\Programs\Startup\DESKTOP.INI
[2009/03/02 20:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\AVG7
[2009/03/02 20:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Apple Computer
[2009/03/02 20:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\AdobeUM
[2009/03/02 20:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Adobe
[2009/03/02 20:54:49 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\nikux\Application Data\Gtek
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Identities
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Help
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Free Download Manager
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\FLV Extract
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Corel
[2009/03/02 20:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\McAfee.com Personal Firewall
[2009/03/02 20:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\McAfee.com
[2009/03/02 20:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\MathWorks
[2009/03/02 20:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Macromedia
[2009/03/02 20:54:42 | 00,000,000 | --SD | C] -- C:\Documents and Settings\nikux\Application Data\Microsoft
[2009/03/02 20:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Move Networks
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Real
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Radmin
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\OurPictures
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Obsidium
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Nvu
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Mozilla
[2009/03/02 20:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Subversion
[2009/03/02 20:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\SSH
[2009/03/02 20:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\skypePM
[2009/03/02 20:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Skype
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\whitney
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\Unused Desktop Shortcuts
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\Thesis
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\Research
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\ppts
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\documents
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\CRF
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\calvin
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Workrave
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\vlc
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\uTorrent
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Uniblue
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\TortoiseSVN
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Thunderbird
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Talkback
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Sun
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\lec
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Image5000_104
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\ieee_files
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\IC3
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Google Talk Received Files
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\geomproc
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\frompapa
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\flight
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\finance
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\final
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Downloads
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Corel User Files
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\CCWin
[2009/03/02 20:54:24 | 00,000,000 | R--D | C] -- C:\ddrive\My Documents\Start Menu
[2009/03/02 20:54:24 | 00,000,000 | R--D | C] -- C:\ddrive\My Documents\My Videos
[2009/03/02 20:54:24 | 00,000,000 | R--D | C] -- C:\ddrive\My Documents\My Pictures
[2009/03/02 20:54:24 | 00,000,000 | R--D | C] -- C:\ddrive\My Documents\My Music
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\What To Do
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\vision list_files
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Updater
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\trip
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\to send
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\test
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\tax
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\squash
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\receipts
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Random+Process+Old+Exams
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\publications
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\PresentationCD
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Prelims
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\personal
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\New Folder
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\My Skype Pictures
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\My Skype Content
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\My PSP Files
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\My eBooks
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\linux

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/20 11:43:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/20 11:42:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/20 11:42:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/20 11:42:52 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/20 11:40:55 | 02,106,792 | -H-- | M] () -- C:\Documents and Settings\nikux\Local Settings\Application Data\IconCache.db
[2009/03/20 11:28:36 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nikux\Desktop\OTListIt2.exe
[2009/03/20 11:27:33 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\Rooter.exe
[2009/03/20 10:02:57 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1650842470-4203624185-2766465924-1132.job
[2009/03/19 20:54:12 | 00,000,012 | ---- | M] () -- C:\deskwin.bin
[2009/03/19 20:34:16 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/19 20:34:16 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/19 20:34:15 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/19 20:10:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/19 15:21:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/19 15:11:49 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/19 15:11:41 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/19 15:01:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\HijackThis.lnk
[2009/03/19 15:01:20 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\nikux\Desktop\HJTInstall.exe
[2009/03/16 17:26:30 | 00,104,448 | R-S- | M] () -- C:\WINDOWS\System32\wwwucfw.dll
[2009/03/13 18:30:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (nikux-nikhil).job
[2009/03/13 14:23:03 | 00,230,163 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\h27_18257817.jpg
[2009/03/12 14:07:05 | 00,004,608 | ---- | M] () -- C:\Documents and Settings\nikux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 21:56:56 | 00,297,003 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\qbse.rar
[2009/03/04 16:34:29 | 00,181,412 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\spatial_pyramid_code.zip
[2009/03/04 15:30:58 | 00,570,871 | ---- | M] () -- C:\ddrive\My Documents\cvpr1985-2009.png
[2009/03/04 11:47:43 | 00,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/02/27 00:22:47 | 00,033,310 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\NikhilRasiwasia_Research.pdf
[2009/02/27 00:22:44 | 00,075,027 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.ps
[2009/02/27 00:22:14 | 00,009,153 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.tex
[2009/02/27 00:16:38 | 00,010,520 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.dvi
[2009/02/27 00:16:38 | 00,000,009 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.aux
[2009/02/27 00:15:55 | 00,009,153 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.tex~
[2009/02/26 00:53:47 | 00,028,033 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\NikhilRasiwasia_CV.pdf
[2009/02/23 18:39:19 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/02/23 17:40:38 | 09,069,736 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\Criminisi_TextonBoost_ijcv2007.pdf
[2009/02/23 16:53:50 | 00,028,850 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\Resume - Nikhil Rasiwasia_MSR.pdf

========== LOP Check ==========

[2009/03/19 15:21:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/10/06 15:39:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/03/08 00:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2005/12/05 15:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2006/01/07 22:37:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/01/04 11:36:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/03/15 15:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2005/09/21 04:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/03/19 15:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/19 18:58:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/05/16 13:47:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/06/13 14:14:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2004/08/11 15:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/01/07 19:15:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/03/12 20:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/16 16:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/08/28 14:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/19 16:06:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\nikux\Application Data
[2009/02/19 19:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Adobe
[2009/02/19 16:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\AdobeUM
[2007/10/10 12:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Apple Computer
[2006/04/10 12:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\AVG7
[2006/10/06 14:27:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Corel
[2006/10/27 16:11:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\FLV Extract
[2007/06/13 03:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Free Download Manager
[2005/09/14 12:45:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\nikux\Application Data\Gtek
[2007/01/22 17:02:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Help
[2003/06/27 05:01:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Identities
[2005/09/14 13:52:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Macromedia
[2009/03/19 15:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Malwarebytes
[2006/09/25 23:15:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\MathWorks
[2008/05/04 19:15:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\McAfee.com
[2005/09/28 15:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\McAfee.com Personal Firewall
[2009/02/16 00:08:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\nikux\Application Data\Microsoft
[2008/09/23 21:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Move Networks
[2008/05/15 17:45:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Mozilla
[2007/01/29 15:42:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Nvu
[2009/02/17 14:48:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Obsidium
[2007/01/31 17:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\OurPictures
[2008/03/24 13:21:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Radmin
[2008/03/20 10:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Real
[2009/03/20 11:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Skype
[2009/03/20 11:44:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\skypePM
[2006/09/21 11:28:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\SSH
[2007/10/10 16:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Subversion
[2005/09/14 14:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Sun
[2007/05/31 16:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Talkback
[2006/09/19 16:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Thunderbird
[2008/11/20 00:08:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\TortoiseSVN
[2008/04/02 14:31:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Uniblue
[2008/04/05 15:00:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\uTorrent
[2006/09/25 17:38:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\vlc
[2008/03/11 04:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\Workrave
[2004/08/04 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/20 10:02:57 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1650842470-4203624185-2766465924-1132.job
[2009/03/13 18:30:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (nikux-nikhil).job
[2009/03/20 11:42:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

==================================================================
Extras.txt
==================================================================

OTListIt Extras logfile created on: 3/20/2009 11:45:49 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\nikux\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 164.70 Mb Available Physical Memory | 32.80% Memory free
1.20 Gb Paging File | 0.89 Gb Available in Paging File | 73.92% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 18.16 Gb Free Space | 25.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 298.09 Gb Total Space | 13.71 Gb Free Space | 4.60% Space Free | Partition Type: NTFS

Computer Name: BHABHA
Current User Name: nikux
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\cygwin\bin\rsh.exe:*:Enabled:rsh ()
C:\cygwin\bin\xterm.exe:*:Enabled:xterm ()
C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe:*:Enabled:Dell Picture Studio Home File not found
C:\Documents and Settings\Nikhil.BHABHA\Desktop\startxwin.bat:*:Enabled:startxwin File not found
C:\cygwin\cygwin.ico:*:Enabled:cygwin ()
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1133820150\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1133820150\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Computer, Inc.)
C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program (Microsoft Corporation)
C:\Program Files\GuildFTPd\GuildFTPd.exe:*:Enabled:GuildFTPd FTP Server Deamon ()
C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk (Google)
C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget (FlashGet.com)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06CC03F4-EAB8-4717-A912-F6A3BF01F2A2}" = TexPoint 2.0
"{08D0625D-B247-4C3A-8537-6F6A112DAA3D}" = Subversion
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}" = Cisco Systems VPN Client 4.0.3 (A)
"{49389932-51FA-4D26-8B4F-CE86B24302C2}" = TortoiseSVN 1.5.5.14361 (32 bit)
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6A5AF1E8-5E73-4E8E-9060-7713EC03A528}" = The Regulator 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{84918CAE-2B7D-401E-98E0-557F97BA7857}" = Lightroom
"{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1" = Image Comparer v3.6
"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced GIF Animator_is1" = Advanced GIF Animator 2.23
"AFPL Ghostscript 8.14" = AFPL Ghostscript 8.14
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"avast!" = avast! Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ffdshow_is1" = ffdshow [rev 442] [2006-10-24]
"FlashGet" = FlashGet 1.81
"Flickr Uploadr" = Flickr Uploadr 2.3
"GIF Animator" = Microsoft GIF Animator
"GSview 4.6" = GSview 4.6
"GuildFTPd" = GuildFTPd FTP Deamon
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}" = iTunes
"IrfanView" = IrfanView (remove only)
"JabRef 2.2" = JabRef 2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR14" = MATLAB Family of Products Release 14
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MiKTeX" = MiKTeX
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mozilla Thunderbird (1.0.7)" = Mozilla Thunderbird (1.0.7)
"MyPublisher" = MyPublisher
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nvu_is1" = Nvu 1.0
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Subversion_is1" = Subversion 1.4.5-r25188
"Vim 7.1" = Vim 7.1 (self-installing)
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.0.7
"WordWeb" = WordWeb
"Workrave_is1" = Workrave 1.8.5
"WZebra_is1" = WZebra 4.2.4
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"JabRef" = JabRef

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/19/2009 9:25:26 PM | Computer Name = BHABHA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\wwwucfw.dll failed, 00000005.

Error - 3/19/2009 9:53:43 PM | Computer Name = BHABHA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\wwwucfw.dll failed, 00000005.

Error - 3/19/2009 10:50:11 PM | Computer Name = BHABHA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\wwwucfw.dll failed, 00000005.

Error - 3/19/2009 11:30:01 PM | Computer Name = BHABHA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\wwwucfw.dll failed, 00000005.

Error - 3/20/2009 2:43:06 PM | Computer Name = BHABHA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\windows\system32\wwwucfw.dll failed, 00000005.

[ Application Events ]
Error - 3/19/2009 9:29:12 PM | Computer Name = BHABHA | Source = McLogEvent | ID = 5051
Description =

Error - 3/19/2009 9:53:55 PM | Computer Name = BHABHA | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/19/2009 9:54:28 PM | Computer Name = BHABHA | Source = Userenv | ID = 1521
Description = Windows cannot locate the server copy of your roaming profile and
is attempting to log you on with your local profile. Changes to the profile will
not be copied to the server when you logoff. Possible causes of this error include
network problems or insufficient security rights. If this problem persists, contact
your network administrator. DETAIL - The system detected a possible attempt to
compromise security. Please ensure that you can contact the server that authenticated
you.

Error - 3/19/2009 10:01:13 PM | Computer Name = BHABHA | Source = McLogEvent | ID = 5051
Description =

Error - 3/19/2009 11:30:21 PM | Computer Name = BHABHA | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 3/19/2009 11:30:46 PM | Computer Name = BHABHA | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 3/19/2009 11:31:26 PM | Computer Name = BHABHA | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007003a). The specified server cannot perform the requested
operation. Enrollment will not be performed.

Error - 3/20/2009 2:43:28 PM | Computer Name = BHABHA | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 3/20/2009 2:43:50 PM | Computer Name = BHABHA | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 3/20/2009 2:44:29 PM | Computer Name = BHABHA | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007003a). The specified server cannot perform the requested
operation. Enrollment will not be performed.

[ System Events ]
Error - 3/19/2009 11:30:18 PM | Computer Name = BHABHA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/19/2009 11:30:18 PM | Computer Name = BHABHA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 3/19/2009 11:31:28 PM | Computer Name = BHABHA | Source = Service Control Manager | ID = 7023
Description = The Helper Support service terminated with the following error: %%1114

Error - 3/19/2009 11:35:48 PM | Computer Name = BHABHA | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 3/19/2009 11:38:57 PM | Computer Name = BHABHA | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SVC-DC due to the following:
%%1722. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/20/2009 2:47:44 AM | Computer Name = BHABHA | Source = TermServDevices | ID = 1111
Description = Driver HP Deskjet F4200 series required for printer HP Deskjet F4200
series is unknown. Contact the administrator to install the driver before you log
in again.

Error - 3/20/2009 2:43:23 PM | Computer Name = BHABHA | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SVC-DC due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/20/2009 2:43:23 PM | Computer Name = BHABHA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/20/2009 2:43:25 PM | Computer Name = BHABHA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 3/20/2009 2:44:32 PM | Computer Name = BHABHA | Source = Service Control Manager | ID = 7023
Description = The Helper Support service terminated with the following error: %%1114

< End of report >

#4
Essexboy

Posted 20 March 2009 - 12:56 PM

GeekU Moderator

Retired Staff
69,964 posts

Have you tried a bootscan with Avast yet ? In addition to the OTLI log could you also post the combofix log from the first run

Run OTList2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI

:Services

:Reg

:Files
C:\WINDOWS\System32\wwwucfw.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

#5
nikux

Posted 20 March 2009 - 01:08 PM

New Member

Topic Starter
Member
6 posts

- appending the new OTL2 log
- appending the combofix log. I dont seem to have the first log

. Did run it again, and the log is probably after the third combofix scan.

========================
New OTL2 log after running the fix
========================
OTListIt logfile created on: 3/20/2009 12:19:29 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\nikux\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 114.51 Mb Available Physical Memory | 22.81% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.07% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 18.24 Gb Free Space | 25.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 298.09 Gb Total Space | 13.76 Gb Free Space | 4.61% Space Free | Partition Type: NTFS

Computer Name: BHABHA
Current User Name: nikux
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
PRC - C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
PRC - C:\Program Files\Workrave\lib\Workrave.exe ()
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\nikux\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPodService [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe (HP)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (xmlserv [Auto | Stopped]) -- File not found

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DSproct [On_Demand | Running]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.gmail.com"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 5\COMPONENTS [2009/02/23 12:30:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 5\PLUGINS [2009/02/23 12:30:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/11 13:30:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/11 13:30:32 | 00,000,000 | ---D | M]

[2008/05/15 17:45:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Extensions
[2008/05/15 17:45:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/19 15:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions
[2008/10/02 16:11:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/10/02 16:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2008/03/24 14:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008/05/15 17:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\[email protected]
[2008/09/23 21:23:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\[email protected]
[2006/09/19 15:34:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\c5kc3ip0.default\extensions\temp
[2006/04/25 17:07:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\nikux\Application Data\mozilla\Firefox\Profiles\yjh9mk2a.default\extensions
[2009/02/26 11:34:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/11 13:30:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/11 13:30:25 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/11 13:30:25 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2005/09/15 18:26:00 | 00,044,153 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\inspector.dll
[2009/01/07 17:49:25 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/07 17:49:25 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/07 17:49:25 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/07 17:49:25 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/07 17:49:26 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/07 17:49:26 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/07 17:49:26 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [FlashGet] C:\Program Files\FlashGet\FlashGet.exe /min (FlashGet.com)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart (Google)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O4 - Startup: C:\Documents and Settings\nikux\Start Menu\Programs\Startup\Workrave.lnk = C:\Program Files\Workrave\lib\Workrave.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...90/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,23/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = svc-dc.svcl.ucsd.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E594EFDF-3CF6-4C4F-A7AB-19A0091C28FA}\\NameServer = 192.168.65.81,192.168.65.10,132.239.1.52
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\AUTOEXEC.UP () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/20 12:17:28 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\nikux\Desktop\OTListIt2.exe
[2009/03/20 12:15:07 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/03/20 12:15:00 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/20 11:27:47 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/20 11:27:32 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Rooter.exe
[2009/03/19 23:52:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\plastic
[2009/03/19 18:34:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/19 16:14:54 | 02,106,792 | -H-- | C] () -- C:\Documents and Settings\nikux\Local Settings\Application Data\IconCache.db
[2009/03/19 15:21:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Malwarebytes
[2009/03/19 15:21:42 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/19 15:21:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/19 15:21:40 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/19 15:21:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/19 15:21:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/19 15:11:49 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/19 15:11:48 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/03/19 15:11:47 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/03/19 15:11:47 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/03/19 15:11:43 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/03/19 15:11:41 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/03/19 15:11:41 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/03/19 15:11:41 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/03/19 15:11:41 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/03/19 15:11:18 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/03/19 15:11:18 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/03/19 15:11:16 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/03/19 15:01:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\HijackThis.lnk
[2009/03/19 15:01:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/19 15:01:20 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\nikux\Desktop\HJTInstall.exe
[2009/03/13 14:23:00 | 00,230,163 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\h27_18257817.jpg
[2009/03/12 14:07:05 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\nikux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 16:37:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\Adobe
[2009/03/04 16:34:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\spatial_pyramid_code
[2009/03/04 16:34:28 | 00,181,412 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\spatial_pyramid_code.zip
[2009/03/04 15:30:54 | 00,570,871 | ---- | C] () -- C:\ddrive\My Documents\cvpr1985-2009.png
[2009/03/04 11:47:43 | 00,002,387 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/03/02 22:29:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\Mozilla
[2009/03/02 21:28:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\Google
[2009/03/02 21:27:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\TSVNCache
[2009/03/02 21:27:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Local Settings\Application Data\Microsoft
[2009/03/02 21:27:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\nikux\Application Data\DESKTOP.INI
[2009/03/02 21:16:42 | 42,359,290 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Advances in signal transformation.pdf
[2009/03/02 21:16:42 | 19,704,003 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Advances in Nonlinear signal and image processing.pdf
[2009/03/02 21:16:42 | 00,070,877 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\AA27.ps.gz
[2009/03/02 21:16:39 | 15,930,259 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\All_Results.tar.gz
[2009/03/02 21:16:34 | 13,655,788 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Category level object segmentation using BOW and MRF.pdf
[2009/03/02 21:16:33 | 00,010,520 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.dvi
[2009/03/02 21:16:33 | 00,000,009 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.aux
[2009/03/02 21:16:31 | 00,075,027 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.ps
[2009/03/02 21:16:30 | 00,009,153 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.tex
[2009/03/02 21:16:28 | 00,009,153 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\coverletter.tex~
[2009/03/02 21:16:07 | 09,069,736 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Criminisi_TextonBoost_ijcv2007.pdf
[2009/03/02 21:15:35 | 00,075,264 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\f02102.xls
[2009/03/02 21:15:31 | 08,446,779 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\gvim71.exe
[2009/03/02 21:15:31 | 03,466,920 | ---- | C] (Bolide Software ) -- C:\Documents and Settings\nikux\Desktop\ic_setup.exe
[2009/03/02 21:15:31 | 00,686,292 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\From mere coincidences to meaningful discoveries.pdf
[2009/03/02 21:15:31 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Image Comparer.lnk
[2009/03/02 21:15:30 | 00,388,018 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\implementation details.zip
[2009/03/02 21:15:30 | 00,000,932 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\MyPublisher.lnk
[2009/03/02 21:15:29 | 00,033,310 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\NikhilRasiwasia_Research.pdf
[2009/03/02 21:15:29 | 00,028,033 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\NikhilRasiwasia_CV.pdf
[2009/03/02 21:14:51 | 00,297,003 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\qbse.rar
[2009/03/02 21:10:58 | 00,028,850 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Resume - Nikhil Rasiwasia_MSR.pdf
[2009/03/02 21:10:57 | 00,409,600 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\TEST.ICR
[2009/03/02 21:10:57 | 00,133,120 | -HS- | C] () -- C:\Documents and Settings\nikux\Desktop\Thumbs.db
[2009/03/02 21:10:57 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Shortcut to deskwin.exe.lnk
[2009/03/02 21:10:57 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\Shortcut to startxwin.bat.lnk
[2009/03/02 21:10:44 | 00,274,432 | ---- | C] (Constantin Kaplinsky) -- C:\Documents and Settings\nikux\Desktop\vncviewer.exe
[2009/03/02 21:10:23 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\nikux\Desktop\WinSCP.lnk
[2009/03/02 21:10:15 | 00,091,415 | ---- | C] () -- C:\ddrive\My Documents\1.eps
[2009/03/02 21:10:14 | 00,457,181 | ---- | C] () -- C:\ddrive\My Documents\1.pdf
[2009/03/02 21:10:14 | 00,015,416 | ---- | C] () -- C:\ddrive\My Documents\1.png
[2009/03/02 21:10:13 | 02,455,772 | ---- | C] () -- C:\ddrive\My Documents\8_pp_photos.tif
[2009/03/02 21:10:10 | 00,985,326 | ---- | C] () -- C:\ddrive\My Documents\age.TIF
[2009/03/02 21:10:08 | 02,414,990 | ---- | C] () -- C:\ddrive\My Documents\brianRose_othello.pdf
[2009/03/02 21:10:08 | 00,022,528 | ---- | C] () -- C:\ddrive\My Documents\Assignment 4_b.doc
[2009/03/02 21:10:08 | 00,000,006 | ---- | C] () -- C:\ddrive\My Documents\B-plan.doc
[2009/03/02 21:10:04 | 05,007,984 | ---- | C] () -- C:\ddrive\My Documents\D.wav
[2009/03/02 21:10:04 | 00,268,804 | ---- | C] () -- C:\ddrive\My Documents\C__Documents and Settings_nikux_Local Settings_Application Data_Mozilla_Firefox_Profiles_c5kc3ip0.pdf
[2009/03/02 21:10:03 | 00,001,146 | -H-- | C] () -- C:\ddrive\My Documents\Default.rdp
[2009/03/02 21:10:03 | 00,000,076 | -HS- | C] () -- C:\ddrive\My Documents\DESKTOP.INI
[2009/03/02 21:08:41 | 00,015,427 | ---- | C] () -- C:\ddrive\My Documents\Draft2_Eakta_SOP.pdf
[2009/03/02 21:08:40 | 00,019,456 | ---- | C] () -- C:\ddrive\My Documents\eey1.xls
[2009/03/02 21:08:28 | 00,019,940 | ---- | C] () -- C:\ddrive\My Documents\gdb.pdf
[2009/03/02 21:08:18 | 03,582,859 | ---- | C] () -- C:\ddrive\My Documents\geomproc.rar
[2009/03/02 21:08:07 | 04,172,904 | ---- | C] () -- C:\ddrive\My Documents\harshat.mp3
[2009/03/02 21:08:07 | 00,305,586 | ---- | C] () -- C:\ddrive\My Documents\height.png
[2009/03/02 21:08:07 | 00,027,602 | ---- | C] () -- C:\ddrive\My Documents\Graphic1.cdr
[2009/03/02 21:07:55 | 00,327,717 | ---- | C] () -- C:\ddrive\My Documents\holi.jpg
[2009/03/02 21:07:51 | 00,046,841 | ---- | C] () -- C:\ddrive\My Documents\ieee.htm
[2009/03/02 21:07:15 | 00,316,279 | ---- | C] () -- C:\ddrive\My Documents\IMG_0289.JPG
[2009/03/02 21:07:15 | 00,013,828 | ---- | C] () -- C:\ddrive\My Documents\Jan 2006.ods
[2009/03/02 21:01:10 | 04,523,765 | ---- | C] () -- C:\ddrive\My Documents\McGraw Hill - GCC, the Complete Reference - fly.pdf
[2009/03/02 21:01:10 | 03,932,214 | ---- | C] () -- C:\ddrive\My Documents\luftanza.bmp
[2009/03/02 21:01:10 | 00,012,058 | ---- | C] () -- C:\ddrive\My Documents\motiv.jpg
[2009/03/02 21:00:13 | 00,535,552 | ---- | C] () -- C:\ddrive\My Documents\New Microsoft Word Document (2).doc
[2009/03/02 21:00:13 | 00,222,678 | ---- | C] () -- C:\ddrive\My Documents\not-best-friend.JPG
[2009/03/02 21:00:13 | 00,032,080 | ---- | C] () -- C:\ddrive\My Documents\nitin.JPG
[2009/03/02 20:59:19 | 01,183,306 | ---- | C] () -- C:\ddrive\My Documents\phantom.psd
[2009/03/02 20:59:19 | 01,038,812 | ---- | C] () -- C:\ddrive\My Documents\poster_07_new.pdf
[2009/03/02 20:59:19 | 00,025,600 | ---- | C] () -- C:\ddrive\My Documents\photolog.xls
[2009/03/02 20:59:14 | 01,300,992 | ---- | C] () -- C:\ddrive\My Documents\Presentation1.ppt
[2009/03/02 20:58:07 | 01,002,660 | ---- | C] () -- C:\ddrive\My Documents\race.TIF
[2009/03/02 20:56:12 | 25,020,144 | ---- | C] () -- C:\ddrive\My Documents\Random+Process+Old+Exams.zip
[2009/03/02 20:56:11 | 06,949,744 | ---- | C] () -- C:\ddrive\My Documents\saiyaan khade us paar....mp3
[2009/03/02 20:56:09 | 12,975,441 | ---- | C] () -- C:\ddrive\My Documents\saiyaan re-mp3.mp3
[2009/03/02 20:56:08 | 03,828,880 | ---- | C] () -- C:\ddrive\My Documents\sanjay.wav
[2009/03/02 20:56:07 | 00,076,840 | ---- | C] () -- C:\ddrive\My Documents\semanticspace.pptx
[2009/03/02 20:55:46 | 76,322,338 | ---- | C] () -- C:\ddrive\My Documents\Suzuki_GS_500_E__89_a__97_-_Service_Manual_Haynes.pdf
[2009/03/02 20:55:46 | 63,778,364 | ---- | C] () -- C:\ddrive\My Documents\Suzuki_GS_500_E_89_a_99_-_Service_Manual.pdf
[2009/03/02 20:55:46 | 01,550,425 | ---- | C] () -- C:\ddrive\My Documents\Suzuki_GS_500_F_K4__04_-_Service_Manual_Supl.pdf
[2009/03/02 20:55:46 | 01,089,878 | ---- | C] () -- C:\ddrive\My Documents\Suzuki_GS_500_E_Parts.pdf
[2009/03/02 20:55:46 | 00,014,060 | ---- | C] () -- C:\ddrive\My Documents\svcl-icon.cdr
[2009/03/02 20:55:29 | 02,242,885 | ---- | C] () -- C:\ddrive\My Documents\techkriti_brochure_mail.pdf
[2009/03/02 20:55:29 | 00,540,882 | ---- | C] () -- C:\ddrive\My Documents\tax1.pdf
[2009/03/02 20:55:29 | 00,114,749 | ---- | C] () -- C:\ddrive\My Documents\test.jpg
[2009/03/02 20:55:28 | 00,535,552 | ---- | C] () -- C:\ddrive\My Documents\things to do before dying.doc
[2009/03/02 20:55:28 | 00,038,912 | -HS- | C] () -- C:\ddrive\My Documents\Thumbs.db
[2009/03/02 20:55:28 | 00,030,033 | ---- | C] () -- C:\ddrive\My Documents\test.pptx
[2009/03/02 20:55:23 | 00,229,376 | ---- | C] () -- C:\ddrive\My Documents\Travel Worksheet Domestic.doc
[2009/03/02 20:55:22 | 00,029,916 | ---- | C] () -- C:\ddrive\My Documents\Travel Worksheet Domestic.docx
[2009/03/02 20:55:17 | 00,841,138 | ---- | C] () -- C:\ddrive\My Documents\tshirt.psd
[2009/03/02 20:55:13 | 01,885,869 | ---- | C] () -- C:\ddrive\My Documents\tshirt2.psd
[2009/03/02 20:55:08 | 03,850,701 | ---- | C] () -- C:\ddrive\My Documents\vimbook-OPL.pdf
[2009/03/02 20:55:08 | 00,102,637 | ---- | C] () -- C:\ddrive\My Documents\vision list.html
[2009/03/02 20:55:07 | 00,390,233 | ---- | C] () -- C:\ddrive\My Documents\visionart.docx
[2009/03/02 20:55:07 | 00,046,592 | ---- | C] () -- C:\ddrive\My Documents\Vision Professors.doc
[2009/03/02 20:54:52 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\nikux\Start Menu\Programs\Startup\Workrave.lnk
[2009/03/02 20:54:52 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\nikux\Start Menu\Programs\Startup\DESKTOP.INI
[2009/03/02 20:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\AVG7
[2009/03/02 20:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Apple Computer
[2009/03/02 20:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\AdobeUM
[2009/03/02 20:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Adobe
[2009/03/02 20:54:49 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\nikux\Application Data\Gtek
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Identities
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Help
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Free Download Manager
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\FLV Extract
[2009/03/02 20:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Corel
[2009/03/02 20:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\McAfee.com Personal Firewall
[2009/03/02 20:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\McAfee.com
[2009/03/02 20:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\MathWorks
[2009/03/02 20:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Macromedia
[2009/03/02 20:54:42 | 00,000,000 | --SD | C] -- C:\Documents and Settings\nikux\Application Data\Microsoft
[2009/03/02 20:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Move Networks
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Real
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Radmin
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\OurPictures
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Obsidium
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Nvu
[2009/03/02 20:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Mozilla
[2009/03/02 20:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Subversion
[2009/03/02 20:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\SSH
[2009/03/02 20:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\skypePM
[2009/03/02 20:54:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Skype
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\whitney
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\Unused Desktop Shortcuts
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\Thesis
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\Research
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\ppts
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\documents
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\CRF
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Desktop\calvin
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Workrave
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\vlc
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\uTorrent
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Uniblue
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\TortoiseSVN
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Thunderbird
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Talkback
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nikux\Application Data\Sun
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\lec
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Image5000_104
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\ieee_files
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\IC3
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Google Talk Received Files
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\geomproc
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\frompapa
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\flight
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\finance
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\final
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Downloads
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Corel User Files
[2009/03/02 20:54:39 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\CCWin
[2009/03/02 20:54:24 | 00,000,000 | R--D | C] -- C:\ddrive\My Documents\Start Menu
[2009/03/02 20:54:24 | 00,000,000 | R--D | C] -- C:\ddrive\My Documents\My Videos
[2009/03/02 20:54:24 | 00,000,000 | R--D | C] -- C:\ddrive\My Documents\My Pictures
[2009/03/02 20:54:24 | 00,000,000 | R--D | C] -- C:\ddrive\My Documents\My Music
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\What To Do
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\vision list_files
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Updater
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\trip
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\to send
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\test
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\tax
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\squash
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\receipts
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Random+Process+Old+Exams
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\publications
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\PresentationCD
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\Prelims
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\personal
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\New Folder
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\My Skype Pictures
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\My Skype Content
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\My PSP Files
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\My eBooks
[2009/03/02 20:54:24 | 00,000,000 | ---D | C] -- C:\ddrive\My Documents\linux

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/20 12:17:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/20 12:16:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/20 12:16:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/20 12:16:41 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/20 11:56:51 | 00,000,012 | ---- | M] () -- C:\deskwin.bin
[2009/03/20 11:47:20 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/20 11:47:20 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/20 11:47:20 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/20 11:40:55 | 02,106,792 | -H-- | M] () -- C:\Documents and Settings\nikux\Local Settings\Application Data\IconCache.db
[2009/03/20 11:28:36 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nikux\Desktop\OTListIt2.exe
[2009/03/20 11:27:33 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\Rooter.exe
[2009/03/20 10:02:57 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1650842470-4203624185-2766465924-1132.job
[2009/03/19 20:10:12 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/19 15:21:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/19 15:11:49 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/03/19 15:11:41 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/19 15:01:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\HijackThis.lnk
[2009/03/19 15:01:20 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\nikux\Desktop\HJTInstall.exe
[2009/03/13 18:30:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (nikux-nikhil).job
[2009/03/13 14:23:03 | 00,230,163 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\h27_18257817.jpg
[2009/03/12 14:07:05 | 00,004,608 | ---- | M] () -- C:\Documents and Settings\nikux\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 21:56:56 | 00,297,003 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\qbse.rar
[2009/03/04 16:34:29 | 00,181,412 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\spatial_pyramid_code.zip
[2009/03/04 15:30:58 | 00,570,871 | ---- | M] () -- C:\ddrive\My Documents\cvpr1985-2009.png
[2009/03/04 11:47:43 | 00,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/02/27 00:22:47 | 00,033,310 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\NikhilRasiwasia_Research.pdf
[2009/02/27 00:22:44 | 00,075,027 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.ps
[2009/02/27 00:22:14 | 00,009,153 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.tex
[2009/02/27 00:16:38 | 00,010,520 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.dvi
[2009/02/27 00:16:38 | 00,000,009 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.aux
[2009/02/27 00:15:55 | 00,009,153 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\coverletter.tex~
[2009/02/26 00:53:47 | 00,028,033 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\NikhilRasiwasia_CV.pdf
[2009/02/23 18:39:19 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/02/23 17:40:38 | 09,069,736 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\Criminisi_TextonBoost_ijcv2007.pdf
[2009/02/23 16:53:50 | 00,028,850 | ---- | M] () -- C:\Documents and Settings\nikux\Desktop\Resume - Nikhil Rasiwasia_MSR.pdf
< End of report >

=====================
Combofix log
=====================
ComboFix 09-03-18.01 - nikux 2009-03-19 20:07:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.173 [GMT -7:00]
Running from: c:\documents and settings\nikux\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-19 15:21 . 2009-03-19 15:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-19 15:21 . 2009-03-19 15:21 <DIR> d-------- c:\documents and settings\nikux\Application Data\Malwarebytes
2009-03-19 15:21 . 2009-03-19 15:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-19 15:21 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-19 15:21 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-19 15:11 . 2009-03-19 15:11 <DIR> d-------- c:\program files\Alwil Software
2009-03-19 15:01 . 2009-03-19 15:01 <DIR> d-------- c:\program files\Trend Micro
2009-03-16 17:26 . 2009-03-16 17:26 104,448 -ra-s---- c:\windows\system32\wwwucfw.dll
2009-03-02 20:54 . 2003-06-27 05:30 <DIR> d-------- c:\documents and settings\nikux\WINDOWS
2009-03-02 20:54 . 2005-09-26 16:37 <DIR> d---s---- c:\documents and settings\nikux\UserData
2009-03-02 20:54 . 2007-10-17 16:01 <DIR> d-------- c:\documents and settings\nikux\repository
2009-03-02 20:54 . 2008-03-11 04:00 <DIR> d-------- c:\documents and settings\nikux\Application Data\Workrave
2009-03-02 20:54 . 2006-09-25 17:38 <DIR> d-------- c:\documents and settings\nikux\Application Data\vlc
2009-03-02 20:54 . 2008-04-05 15:00 <DIR> d-------- c:\documents and settings\nikux\Application Data\uTorrent
2009-03-02 20:54 . 2008-04-02 14:31 <DIR> d-------- c:\documents and settings\nikux\Application Data\Uniblue
2009-03-02 20:54 . 2008-11-20 00:08 <DIR> d-------- c:\documents and settings\nikux\Application Data\TortoiseSVN
2009-03-02 20:54 . 2006-09-19 16:07 <DIR> d-------- c:\documents and settings\nikux\Application Data\Thunderbird
2009-03-02 20:54 . 2007-05-31 16:01 <DIR> d-------- c:\documents and settings\nikux\Application Data\Talkback
2009-03-02 20:54 . 2007-10-10 16:46 <DIR> d-------- c:\documents and settings\nikux\Application Data\Subversion
2009-03-02 20:54 . 2006-09-21 11:28 <DIR> d-------- c:\documents and settings\nikux\Application Data\SSH
2009-03-02 20:54 . 2009-03-19 18:27 <DIR> d-------- c:\documents and settings\nikux\Application Data\skypePM
2009-03-02 20:54 . 2009-03-19 20:10 <DIR> d-------- c:\documents and settings\nikux\Application Data\Skype
2009-03-02 20:54 . 2008-03-24 13:21 <DIR> d-------- c:\documents and settings\nikux\Application Data\Radmin
2009-03-02 20:54 . 2007-01-31 17:55 <DIR> d-------- c:\documents and settings\nikux\Application Data\OurPictures
2009-03-02 20:54 . 2009-02-17 14:48 <DIR> d-------- c:\documents and settings\nikux\Application Data\Obsidium
2009-03-02 20:54 . 2007-01-29 15:42 <DIR> d-------- c:\documents and settings\nikux\Application Data\Nvu
2009-03-02 20:54 . 2008-09-23 21:24 <DIR> d-------- c:\documents and settings\nikux\Application Data\Move Networks
2009-03-02 20:54 . 2005-09-28 15:00 <DIR> d-------- c:\documents and settings\nikux\Application Data\McAfee.com Personal Firewall
2009-03-02 20:54 . 2008-05-04 19:15 <DIR> d-------- c:\documents and settings\nikux\Application Data\McAfee.com
2009-03-02 20:54 . 2006-09-25 23:15 <DIR> d-------- c:\documents and settings\nikux\Application Data\MathWorks
2009-03-02 20:54 . 2005-09-14 12:45 <DIR> d--h----- c:\documents and settings\nikux\Application Data\Gtek
2009-03-02 20:54 . 2007-06-13 03:08 <DIR> d-------- c:\documents and settings\nikux\Application Data\Free Download Manager
2009-03-02 20:54 . 2006-10-27 16:11 <DIR> d-------- c:\documents and settings\nikux\Application Data\FLV Extract
2009-03-02 20:54 . 2006-10-06 14:27 <DIR> d-------- c:\documents and settings\nikux\Application Data\Corel
2009-03-02 20:54 . 2006-04-10 12:20 <DIR> d-------- c:\documents and settings\nikux\Application Data\AVG7
2009-03-02 20:54 . 2007-10-10 12:12 <DIR> d-------- c:\documents and settings\nikux\Application Data\Apple Computer
2009-03-02 20:54 . 2009-02-19 16:48 <DIR> d-------- c:\documents and settings\nikux\Application Data\AdobeUM
2009-03-02 20:54 . 2005-09-14 12:55 <DIR> d-------- c:\documents and settings\nikux\.ssh
2009-03-02 20:54 . 2007-03-13 14:48 <DIR> d-------- c:\documents and settings\nikux\.realobjects
2009-03-02 20:54 . 2005-09-18 17:37 <DIR> d-------- c:\documents and settings\nikux\.jpi_cache
2009-03-02 20:54 . 2006-09-29 14:28 <DIR> d-------- c:\documents and settings\nikux\.jogl_ext
2009-03-02 20:54 . 2005-09-18 17:37 <DIR> d-------- c:\documents and settings\nikux\.java
2009-03-02 20:54 . 2009-03-19 19:49 <DIR> d-------- c:\documents and settings\nikux

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 03:01 --------- d-----w c:\program files\FlashGet
2009-03-20 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-03-03 18:55 12 ----a-w C:\deskwin.bin
2009-02-25 20:00 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-02-17 21:48 --------- d-----w c:\program files\ImageComparer
2009-02-05 03:51 5,018 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-01-29 23:13 --------- d-----w c:\program files\MyPublisher
2009-01-29 04:05 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-17 05:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2005-12-01 22:03 39,616 ----a-w c:\documents and settings\Nikhil.BHABHA\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 01:26 44,153 ----a-w c:\program files\mozilla firefox\components\inspector.dll
2006-01-10 02:26 104 --sh--r c:\windows\system32\35B7327F1D.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-19_18.39.19.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-20 01:29:39 64,200 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-20 02:54:24 64,200 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-20 01:29:39 407,670 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-20 02:54:24 407,670 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-20 02:50:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-12 180269]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"FlashGet"="c:\program files\FlashGet\FlashGet.exe" [2007-01-29 1554184]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-03-06 61440]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\nikux\Start Menu\Programs\Startup\
Workrave.lnk - c:\program files\Workrave\lib\Workrave.exe [2007-09-14 2925568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2005-10-07 19968]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2005-09-21 04:39 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 21:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 12:58 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-07 22:38 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-19 20560]
S2 xmlserv;Helper Support;c:\windows\system32\svchost.exe -k netsvcs [2004-08-11 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xmlserv
.
Contents of the 'Scheduled Tasks' folder

2009-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1650842470-4203624185-2766465924-1132.job
- c:\documents and settings\nikux\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

2009-03-14 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (nikux-nikhil).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &WordWeb... - c:\windows\system32\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {E594EFDF-3CF6-4C4F-A7AB-19A0091C28FA} = 192.168.65.81,192.168.65.10,132.239.1.52
FF - ProfilePath - c:\documents and settings\nikux\Application Data\Mozilla\Firefox\Profiles\c5kc3ip0.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmetastream.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 20:10:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlserv]
"ServiceDll"="c:\windows\system32\wwwucfw.dll"
.
Completion time: 2009-03-19 20:21:43
ComboFix-quarantined-files.txt 2009-03-20 03:21:39
ComboFix2.txt 2009-03-20 02:48:31
ComboFix3.txt 2009-03-20 02:21:40
ComboFix4.txt 2009-03-20 01:49:43

Pre-Run: 19,560,955,904 bytes free
Post-Run: 19,545,501,696 bytes free

232 --- E O F --- 2009-02-16 23:30:45

#6
Essexboy

Posted 20 March 2009 - 01:26 PM

GeekU Moderator

Retired Staff
69,964 posts

Now we will switch over to Combofix

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\wwwucfw.dll

Driver::
xmlserv

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlserv]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt .

#7
nikux

Posted 20 March 2009 - 02:26 PM

New Member

Topic Starter
Member
6 posts

- appending the combofix results run with the script suggested above.

===================
Combofix run with the script
===================
ComboFix 09-03-19.02 - nikux 2009-03-20 13:20:55.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.177 [GMT -7:00]
Running from: c:\documents and settings\nikux\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\nikux\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090319-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\wwwucfw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XMLSERV
-------\Service_xmlserv

((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-20 12:15 . 2009-03-20 12:15 <DIR> d-------- C:\_OTListIt
2009-03-20 11:27 . 2009-03-20 11:47 <DIR> d-------- C:\Rooter$
2009-03-19 15:21 . 2009-03-19 15:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-19 15:21 . 2009-03-19 15:21 <DIR> d-------- c:\documents and settings\nikux\Application Data\Malwarebytes
2009-03-19 15:21 . 2009-03-19 15:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-19 15:21 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-19 15:21 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-19 15:11 . 2009-03-19 15:11 <DIR> d-------- c:\program files\Alwil Software
2009-03-19 15:01 . 2009-03-19 15:01 <DIR> d-------- c:\program files\Trend Micro
2009-03-02 20:54 . 2003-06-27 05:30 <DIR> d-------- c:\documents and settings\nikux\WINDOWS
2009-03-02 20:54 . 2005-09-26 16:37 <DIR> d---s---- c:\documents and settings\nikux\UserData
2009-03-02 20:54 . 2007-10-17 16:01 <DIR> d-------- c:\documents and settings\nikux\repository
2009-03-02 20:54 . 2008-03-11 04:00 <DIR> d-------- c:\documents and settings\nikux\Application Data\Workrave
2009-03-02 20:54 . 2006-09-25 17:38 <DIR> d-------- c:\documents and settings\nikux\Application Data\vlc
2009-03-02 20:54 . 2008-04-05 15:00 <DIR> d-------- c:\documents and settings\nikux\Application Data\uTorrent
2009-03-02 20:54 . 2008-04-02 14:31 <DIR> d-------- c:\documents and settings\nikux\Application Data\Uniblue
2009-03-02 20:54 . 2008-11-20 00:08 <DIR> d-------- c:\documents and settings\nikux\Application Data\TortoiseSVN
2009-03-02 20:54 . 2006-09-19 16:07 <DIR> d-------- c:\documents and settings\nikux\Application Data\Thunderbird
2009-03-02 20:54 . 2007-05-31 16:01 <DIR> d-------- c:\documents and settings\nikux\Application Data\Talkback
2009-03-02 20:54 . 2007-10-10 16:46 <DIR> d-------- c:\documents and settings\nikux\Application Data\Subversion
2009-03-02 20:54 . 2006-09-21 11:28 <DIR> d-------- c:\documents and settings\nikux\Application Data\SSH
2009-03-02 20:54 . 2009-03-20 11:44 <DIR> d-------- c:\documents and settings\nikux\Application Data\skypePM
2009-03-02 20:54 . 2009-03-20 13:18 <DIR> d-------- c:\documents and settings\nikux\Application Data\Skype
2009-03-02 20:54 . 2008-03-24 13:21 <DIR> d-------- c:\documents and settings\nikux\Application Data\Radmin
2009-03-02 20:54 . 2007-01-31 17:55 <DIR> d-------- c:\documents and settings\nikux\Application Data\OurPictures
2009-03-02 20:54 . 2009-02-17 14:48 <DIR> d-------- c:\documents and settings\nikux\Application Data\Obsidium
2009-03-02 20:54 . 2007-01-29 15:42 <DIR> d-------- c:\documents and settings\nikux\Application Data\Nvu
2009-03-02 20:54 . 2008-09-23 21:24 <DIR> d-------- c:\documents and settings\nikux\Application Data\Move Networks
2009-03-02 20:54 . 2005-09-28 15:00 <DIR> d-------- c:\documents and settings\nikux\Application Data\McAfee.com Personal Firewall
2009-03-02 20:54 . 2008-05-04 19:15 <DIR> d-------- c:\documents and settings\nikux\Application Data\McAfee.com
2009-03-02 20:54 . 2006-09-25 23:15 <DIR> d-------- c:\documents and settings\nikux\Application Data\MathWorks
2009-03-02 20:54 . 2005-09-14 12:45 <DIR> d--h----- c:\documents and settings\nikux\Application Data\Gtek
2009-03-02 20:54 . 2007-06-13 03:08 <DIR> d-------- c:\documents and settings\nikux\Application Data\Free Download Manager
2009-03-02 20:54 . 2006-10-27 16:11 <DIR> d-------- c:\documents and settings\nikux\Application Data\FLV Extract
2009-03-02 20:54 . 2006-10-06 14:27 <DIR> d-------- c:\documents and settings\nikux\Application Data\Corel
2009-03-02 20:54 . 2006-04-10 12:20 <DIR> d-------- c:\documents and settings\nikux\Application Data\AVG7
2009-03-02 20:54 . 2007-10-10 12:12 <DIR> d-------- c:\documents and settings\nikux\Application Data\Apple Computer
2009-03-02 20:54 . 2009-02-19 16:48 <DIR> d-------- c:\documents and settings\nikux\Application Data\AdobeUM
2009-03-02 20:54 . 2005-09-14 12:55 <DIR> d-------- c:\documents and settings\nikux\.ssh
2009-03-02 20:54 . 2007-03-13 14:48 <DIR> d-------- c:\documents and settings\nikux\.realobjects
2009-03-02 20:54 . 2005-09-18 17:37 <DIR> d-------- c:\documents and settings\nikux\.jpi_cache
2009-03-02 20:54 . 2006-09-29 14:28 <DIR> d-------- c:\documents and settings\nikux\.jogl_ext
2009-03-02 20:54 . 2005-09-18 17:37 <DIR> d-------- c:\documents and settings\nikux\.java
2009-03-02 20:54 . 2009-03-20 13:26 <DIR> d-------- c:\documents and settings\nikux

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 20:24 --------- d-----w c:\program files\FlashGet
2009-03-20 18:56 12 ----a-w C:\deskwin.bin
2009-03-20 01:58 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-02-25 20:00 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-02-17 21:48 --------- d-----w c:\program files\ImageComparer
2009-01-29 23:13 --------- d-----w c:\program files\MyPublisher
2009-01-29 04:05 --------- d-----w c:\program files\Mozilla Thunderbird
2005-12-01 22:03 39,616 ----a-w c:\documents and settings\Nikhil.BHABHA\Application Data\GDIPFONTCACHEV1.DAT
2005-09-16 01:26 44,153 ----a-w c:\program files\mozilla firefox\components\inspector.dll
2006-01-10 02:26 104 --sh--r c:\windows\system32\35B7327F1D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-12 180269]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"FlashGet"="c:\program files\FlashGet\FlashGet.exe" [2007-01-29 1554184]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-03-06 61440]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\nikux\Start Menu\Programs\Startup\
Workrave.lnk - c:\program files\Workrave\lib\Workrave.exe [2007-09-14 2925568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2005-10-07 19968]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2005-09-21 04:39 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 21:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 12:58 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-07 22:38 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-19 20560]
.
Contents of the 'Scheduled Tasks' folder

2009-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1650842470-4203624185-2766465924-1132.job
- c:\documents and settings\nikux\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

2009-03-14 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (nikux-nikhil).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &WordWeb... - c:\windows\system32\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {E594EFDF-3CF6-4C4F-A7AB-19A0091C28FA} = 192.168.65.81,192.168.65.10,132.239.1.52
FF - ProfilePath - c:\documents and settings\nikux\Application Data\Mozilla\Firefox\Profiles\c5kc3ip0.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmetastream.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 13:28:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\wdfmgr.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-03-20 13:41:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-20 20:40:58

Pre-Run: 19,509,436,416 bytes free
Post-Run: 19,418,357,760 bytes free

238 --- E O F --- 2009-02-16 23:30:45

#8
nikux

Posted 20 March 2009 - 02:43 PM

New Member

Topic Starter
Member
6 posts

Hey!! Just checked, microsoft and other sites are working now!!! Thank you thank you!! Can I request you to give a brief on what was wrong. Just curious

#9
Essexboy

Posted 20 March 2009 - 02:47 PM

GeekU Moderator

Retired Staff
69,964 posts

Yep it was the XMLSERV driver that was trying to stop you updating - Not any more

Are you experiencing any more problems ?

#10
nikux

Posted 20 March 2009 - 03:12 PM

New Member

Topic Starter
Member
6 posts

No, thats all I was facing difficulties with

.

Thanks again.

#11
Essexboy

Posted 20 March 2009 - 03:25 PM

GeekU Moderator

Retired Staff
69,964 posts

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

SpywareBlaster to help prevent spyware from installing in the first place.
SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Secunia Software inspector To check your programme update status
Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

#12
Essexboy

Posted 21 March 2009 - 10:26 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.