OTL logfile created on: 1/23/2011 11:23:07 PM - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = C:\software
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.94 Gb Total Space | 52.16 Gb Free Space | 75.66% Space Free | Partition Type: NTFS
 
Computer Name: SKHANNA | User Name: SKHANNA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (All) ==========[/color]
 
PRC - [2011/01/23 23:23:01 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\software\OTL.exe
PRC - [2011/01/17 18:43:50 | 006,416,120 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/03 12:32:24 | 000,079,160 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/12/11 11:19:02 | 000,337,256 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009/11/13 10:41:12 | 000,366,080 | ---- | M] (TODO: <Company name>) -- C:\Program Files\MBlaze USB Modem\ADAR.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008/10/30 16:38:28 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/10/30 16:38:26 | 000,150,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/10/30 16:38:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/05/26 21:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/26 21:18:44 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
PRC - [2008/04/24 16:53:24 | 001,036,288 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 04:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/14 04:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008/04/14 04:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2008/04/14 04:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [RPCSS]
PRC - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [NETWORKSERVICE]
PRC - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [NETSVCS]
PRC - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE]
PRC - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE]
PRC - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [IMGSVC]
PRC - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HPZ12]
PRC - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HPZ12]
PRC - [2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [DCOMLAUNCH]
PRC - [2008/04/14 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008/04/14 04:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2007/03/14 18:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 18:48:56 | 000,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 16:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/01/28 12:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/01/23 23:23:01 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\software\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/01/17 18:43:50 | 006,416,120 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/12/29 12:39:52 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/05/14 14:33:06 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/09 11:12:30 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/03/14 18:48:56 | 000,116,416 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 16:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2011/01/17 18:43:52 | 000,076,696 | ---- | M] (Prevx) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2011/01/17 18:43:52 | 000,032,008 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2011/01/17 18:43:50 | 000,026,096 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/12/13 18:53:10 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110123.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/13 18:53:06 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110123.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/24 18:32:57 | 000,093,440 | ---- | M] (AnyDATA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adusbser.sys -- (adusbser)
DRV - [2010/10/12 14:02:13 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/12 13:59:28 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/22 23:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/21 14:41:02 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/22 16:17:40 | 000,244,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/04/05 09:04:12 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2010/04/03 19:13:20 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2010/03/23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/09 11:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/10/09 11:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/10/21 11:17:58 | 006,048,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/09/29 10:17:16 | 000,023,848 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/04/24 16:53:22 | 000,308,736 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/06 18:39:32 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/11/14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/02/12 16:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 16:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/10 15:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/05/17 10:20:06 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 21:17:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 21:16:58 | 000,000,000 | ---D | M]
 
[2010/12/11 21:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\skhanna\Application Data\Mozilla\Extensions
[2011/01/20 08:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\skhanna\Application Data\Mozilla\Firefox\Profiles\if4cy4vd.default\extensions
[2010/12/11 22:08:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\skhanna\Application Data\Mozilla\Firefox\Profiles\if4cy4vd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/11 21:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010/11/13 18:45:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ADAR] C:\Program Files\MBlaze USB Modem\ADAR.exe (TODO: <Company name>)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: hfmus.com  ([secure] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sasmeetings.webex.com/client/T27L10NSP11EP5/nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.hfmus.com
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/03 10:01:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/01/23 22:38:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/23 18:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/01/21 23:08:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\skhanna\Recent
[2011/01/21 23:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/01/21 23:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/17 21:25:02 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/17 21:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fssg
[2011/01/17 21:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\f-secure
[2011/01/17 18:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Prevx 3.0
[2011/01/17 18:43:53 | 000,071,880 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2011/01/17 18:43:52 | 000,032,008 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2011/01/17 18:43:51 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/01/17 18:43:50 | 000,026,096 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2011/01/17 18:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/01/17 18:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/01/06 15:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\skhanna\My Documents\My SAS Files
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/01/23 23:22:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/23 22:46:17 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/01/23 22:46:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/23 22:46:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/23 19:46:37 | 000,517,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/23 19:46:37 | 000,091,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/23 19:44:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/01/23 19:40:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/23 18:07:57 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/21 23:06:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/19 16:49:30 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\skhanna\Local Settings\Application Data\PUTTY.RND
[2011/01/18 12:12:31 | 000,123,578 | ---- | M] () -- C:\Documents and Settings\skhanna\My Documents\1008-1107.pdf
[2011/01/18 12:04:07 | 000,123,612 | ---- | M] () -- C:\Documents and Settings\skhanna\My Documents\0308-0407.pdf
[2011/01/17 18:43:53 | 000,071,880 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2011/01/17 18:43:52 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/01/17 18:43:52 | 000,032,008 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2011/01/17 18:43:50 | 000,026,096 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2011/01/17 18:43:36 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/01/15 22:15:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/14 20:16:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/10 20:44:06 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\skhanna\Application Data\winscp.rnd
[2011/01/10 15:36:58 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\skhanna\Desktop\Free Meeting!.URL
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/01/23 18:07:57 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/01/21 23:06:57 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/01/18 12:12:31 | 000,123,578 | ---- | C] () -- C:\Documents and Settings\skhanna\My Documents\1008-1107.pdf
[2011/01/18 12:04:07 | 000,123,612 | ---- | C] () -- C:\Documents and Settings\skhanna\My Documents\0308-0407.pdf
[2011/01/17 18:43:36 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/11/24 18:33:40 | 000,000,313 | ---- | C] () -- C:\WINDOWS\red_dialer.ini
[2010/11/03 22:06:27 | 000,275,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/12 14:31:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/10/04 14:08:12 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\skhanna\Application Data\winscp.rnd
[2010/09/30 15:52:15 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\skhanna\Local Settings\Application Data\PUTTY.RND
[2010/09/22 16:10:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/22 15:31:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2010/09/03 02:51:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/23 12:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 12:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/14 04:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 04:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 04:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 04:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 04:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

< End of report >