OTL logfile created on: 11/8/2009 9:52:29 PM - Run 2 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\mpatel\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 178.46 Gb Total Space | 107.61 Gb Free Space | 60.30% Space Free | Partition Type: NTFS Drive D: | 5.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 178.46 Gb Total Space | 107.61 Gb Free Space | 60.30% Space Free | Partition Type: NTFS Computer Name: MPATEL Current User Name: mpatel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009/11/08 17:03:51 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mpatel\Desktop\OTL.exe PRC - [2009/11/02 11:54:21 | 00,095,232 | ---- | M] () -- C:\Program Files\Yammer\Yammer.exe PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/08/20 11:44:38 | 00,615,688 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe PRC - [2008/12/18 11:27:03 | 00,492,904 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe PRC - [2008/12/18 11:27:01 | 00,447,848 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe PRC - [2008/12/18 11:26:58 | 04,707,688 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/10/14 21:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe PRC - [2008/08/12 13:14:20 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008/08/12 13:14:20 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2008/07/16 18:00:55 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2008/05/07 15:59:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/08 13:27:02 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007/10/08 13:18:04 | 00,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007/10/08 13:15:50 | 00,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007/10/08 13:13:36 | 01,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007/10/08 13:09:26 | 00,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2007/10/08 13:06:44 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007/10/08 13:01:54 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007/07/31 21:10:04 | 00,065,536 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2007/05/10 09:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe PRC - [2007/05/10 09:22:32 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe PRC - [2006/12/19 13:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe PRC - [2006/10/26 23:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006/08/17 08:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe PRC - [2006/06/15 00:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2006/06/15 00:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe PRC - [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2006/03/24 16:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2004/07/27 15:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2004/04/14 13:46:50 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe PRC - [2003/05/05 18:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe PRC - [2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe PRC - [2001/12/12 23:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009/11/08 17:03:51 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mpatel\Desktop\OTL.exe MOD - [2008/07/25 10:17:20 | 00,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 19:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008/04/13 12:37:57 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2006/12/01 21:56:00 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll MOD - [2006/10/26 23:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll MOD - [2006/10/26 23:48:34 | 00,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll MOD - [2006/10/26 23:48:02 | 00,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll MOD - [2006/10/26 23:47:40 | 00,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/12/18 11:27:01 | 00,447,848 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe -- (DisplayLinkService) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/09/19 02:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2008/08/12 13:14:20 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2008/08/04 14:45:16 | 05,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL) SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/07/16 18:00:55 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/05/07 15:59:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2008/03/18 05:28:46 | 00,068,096 | ---- | M] () -- C:\cygwin\bin\cygrunsrv.exe -- (BrlAPI) SRV - [2007/10/08 13:27:02 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) SRV - [2007/10/08 13:15:50 | 00,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) SRV - [2007/10/08 13:06:44 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2007/10/08 13:01:54 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) SRV - [2007/05/10 09:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe -- (STacSV) SRV - [2006/12/19 13:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon) SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2006/09/14 13:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2006/06/15 00:40:28 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2006/06/15 00:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) SRV - [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2006/02/23 10:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate) SRV - [2006/01/24 19:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/05/05 18:30:22 | 00,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps) SRV - [2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www2.sandbox.google.com/" FF - prefs.js..extensions.enabledItems: firebug@tools.sitepoint.com:1.5 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2 FF - prefs.js..extensions.enabledItems: ServerSpy@jacquet.eu.org:0.1.6 FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.17 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/08/12 13:14:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/20 18:39:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 12:53:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 12:53:22 | 00,000,000 | ---D | M] [2008/07/13 11:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Extensions [2008/07/13 11:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/08 11:58:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions [2009/08/20 02:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2009/04/14 06:35:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2009/07/05 10:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2009/11/05 19:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2009/07/04 18:13:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/09/15 16:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2009/07/05 11:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/07/20 20:35:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009/07/04 18:13:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/11/05 19:01:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\firebug@software.joehewitt.com [2009/11/05 19:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\firebug@tools.sitepoint.com [2008/07/13 11:16:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Mozilla\Firefox\Profiles\vf1u98b5.default\extensions\ServerSpy@jacquet.eu.org [2009/11/05 19:02:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/06 12:53:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/04/07 17:12:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} [2008/08/12 13:14:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/11/06 12:53:16 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/11/06 12:53:17 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/08/12 13:14:20 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/11/06 12:53:18 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL [2009/10/02 20:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/07/04 18:11:57 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/07/04 18:11:57 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/07/04 18:11:57 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/07/04 18:11:57 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/07/04 18:11:57 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/07/04 18:11:57 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/07/04 18:11:57 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - Disabled:{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found. O2 - BHO: (no name) - Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (no name) - Disabled:{AE7CD045-E861-484f-8273-0445EE161910} - No CLSID value found. O2 - BHO: (no name) - Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - Disabled:{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\mpatel\Start Menu\Programs\Startup\Map M Drive.lnk = C:\Map_M.bat () O4 - Startup: C:\Documents and Settings\mpatel\Start Menu\Programs\Startup\RunTunnel.bat.lnk = C:\RunTunnel.bat () O4 - Startup: C:\Documents and Settings\mpatel\Start Menu\Programs\Startup\Yammer.lnk = C:\Program Files\Yammer\Yammer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} https://atlas.atlassolutions.com/dl/AtlasCtrl.cab (FileMgr Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215916340406 (WUWebControl Class) O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://atlas.atlassolutions.com/dl/msxml4.cab (XML DOM Document 4.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.13.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = entrieva.com O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/07 14:39:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/11/08 21:46:48 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mpatel\Desktop\OTL.exe [2009/11/08 21:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mpatel\Application Data\Malwarebytes [2009/11/08 21:15:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/08 21:15:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/08 21:15:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/08 21:15:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/08 21:15:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/08 21:14:07 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/11/05 15:13:31 | 00,000,000 | ---D | C] -- C:\Program Files\Picture Doctor [2009/11/05 15:13:19 | 00,895,717 | ---- | C] ( ) -- C:\Documents and Settings\mpatel\Desktop\Setup.exe [2009/11/03 17:03:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mpatel\Desktop\BroadView [2009/11/03 10:46:52 | 00,000,000 | ---D | C] -- C:\Program Files\Inpaint [2009/11/02 11:54:27 | 00,000,000 | ---D | C] -- C:\Program Files\Yammer [2009/11/02 10:17:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\mpatel\Desktop\HomeDepot [2009/10/27 09:20:03 | 00,000,000 | -HSD | C] -- C:\found.002 [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2009/11/08 21:15:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/08 21:14:08 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\NTREGOPT.lnk [2009/11/08 21:14:08 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\ERUNT.lnk [2009/11/08 20:39:00 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/08 20:39:00 | 00,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/08 20:39:00 | 00,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/08 20:36:06 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\mpatel\Start Menu\Programs\Startup\Yammer.lnk [2009/11/08 20:35:41 | 00,487,198 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2009/11/08 20:35:38 | 00,035,125 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2009/11/08 20:35:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/08 20:34:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/08 20:34:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/08 20:29:00 | 09,175,040 | -H-- | M] () -- C:\Documents and Settings\mpatel\NTUSER.DAT [2009/11/08 20:28:47 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\mpatel\ntuser.ini [2009/11/08 17:41:13 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2009/11/08 17:40:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\index.xml [2009/11/08 17:03:51 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mpatel\Desktop\OTL.exe [2009/11/08 03:18:10 | 00,105,472 | ---- | M] () -- C:\Documents and Settings\mpatel\My Documents\Domains.xls [2009/11/07 19:45:20 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\mpatel\Local Settings\Application Data\PUTTY.RND [2009/11/07 19:44:52 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\mpatel\Application Data\winscp.rnd [2009/11/06 19:58:12 | 00,487,198 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2009/11/06 18:28:44 | 00,019,502 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\Advertiser Users.xlsx [2009/11/06 15:28:11 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/11/05 23:49:55 | 00,010,669 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\Apache Tomcat-6.0.16 - Error report_1257482989582.png [2009/11/05 15:16:27 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\PictureDoctor.lnk [2009/11/05 13:12:38 | 00,522,385 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\20091105_MoxieNetworks_October.csv [2009/11/04 19:23:45 | 00,361,592 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\GetTRDoc.pdf [2009/11/03 12:17:46 | 01,012,476 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\Activate.exe [2009/11/03 10:50:17 | 00,267,709 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\JSC.IN - Dynadot.com_1257112775670.gif [2009/11/03 10:44:34 | 00,895,717 | ---- | M] ( ) -- C:\Documents and Settings\mpatel\Desktop\Setup.exe [2009/11/02 12:37:40 | 00,404,389 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\ResellerClub_Promo.PNG [2009/11/02 11:30:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/11/01 16:59:56 | 00,039,193 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\JSC.IN - Dynadot.com_1257112775670.png [2009/10/30 13:14:38 | 00,107,618 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\Dashboard.xlsx [2009/10/30 11:23:46 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk [2009/10/28 22:58:45 | 00,001,390 | ---- | M] () -- C:\Documents and Settings\mpatel\My Documents\ace.jpg [2009/10/26 13:26:30 | 12,067,2256 | ---- | M] () -- C:\Documents and Settings\mpatel\Desktop\ubcd411.iso [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009/11/08 21:15:59 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/08 21:14:08 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\NTREGOPT.lnk [2009/11/08 21:14:08 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\ERUNT.lnk [2009/11/05 23:49:55 | 00,010,669 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\Apache Tomcat-6.0.16 - Error report_1257482989582.png [2009/11/05 15:16:27 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\PictureDoctor.lnk [2009/11/05 15:13:15 | 01,012,476 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\Activate.exe [2009/11/05 13:15:23 | 00,522,385 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\20091105_MoxieNetworks_October.csv [2009/11/04 19:23:45 | 00,361,592 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\GetTRDoc.pdf [2009/11/03 10:50:17 | 00,267,709 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\JSC.IN - Dynadot.com_1257112775670.gif [2009/11/02 12:37:40 | 00,404,389 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\ResellerClub_Promo.PNG [2009/11/01 16:59:56 | 00,039,193 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\JSC.IN - Dynadot.com_1257112775670.png [2009/10/30 13:19:02 | 00,107,618 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\Dashboard.xlsx [2009/10/28 22:58:45 | 00,001,390 | ---- | C] () -- C:\Documents and Settings\mpatel\My Documents\ace.jpg [2009/10/26 13:39:05 | 12,067,2256 | ---- | C] () -- C:\Documents and Settings\mpatel\Desktop\ubcd411.iso [2009/06/21 14:04:37 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\mpatel\Application Data\setup_ldm.iss [2009/05/08 09:56:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI [2009/02/24 20:07:39 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009/02/24 20:07:38 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009/02/24 20:07:38 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009/02/24 20:07:37 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/11/01 13:26:58 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2008/11/01 13:26:57 | 00,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2008/10/30 09:38:03 | 00,000,128 | ---- | C] () -- C:\WINDOWS\System32\09wutili.sys [2008/08/19 17:04:48 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2008/08/19 17:04:47 | 00,000,167 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/08/10 20:06:01 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\mpatel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/07/21 06:53:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2008/07/19 12:55:12 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2008/07/19 12:54:11 | 00,000,848 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2008/07/19 12:54:11 | 00,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2008/07/19 12:54:11 | 00,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2008/07/19 12:54:11 | 00,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008/07/19 12:51:48 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008/07/14 13:10:06 | 00,080,824 | ---- | C] () -- C:\Documents and Settings\mpatel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/07/13 23:18:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2008/07/12 22:42:19 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\mpatel\Local Settings\Application Data\PUTTY.RND [2008/07/12 22:32:09 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\mpatel\Application Data\winscp.rnd [2008/04/07 17:55:50 | 01,578,984 | -H-- | C] () -- C:\Documents and Settings\mpatel\Local Settings\Application Data\IconCache.db [2008/04/07 17:43:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\mpatel\Application Data\desktop.ini [2008/04/07 10:27:47 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2006/11/09 16:07:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/16 22:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/16 22:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2005/09/02 13:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005/07/22 20:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004/08/04 07:00:00 | 00,000,613 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/04 07:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2004/07/20 16:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004/01/15 13:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2002/03/04 09:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [color=#E56717]========== LOP Check ==========[/color] [2008/08/24 17:31:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync [2009/02/04 18:49:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pingotron.com [2008/07/19 12:51:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009/09/11 14:42:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/07/12 23:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/05 10:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2008/07/12 23:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Aim [2008/07/12 23:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\AntsSoft [2008/07/13 00:46:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Blumentals [2009/03/10 16:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Felix_Deimel [2009/08/14 13:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\FileZilla [2008/09/20 00:35:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\gtk-2.0 [2008/07/13 01:06:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Helios [2008/08/24 17:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\HotSync [2008/07/12 23:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Opera [2008/07/13 00:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Subversion [2009/09/18 16:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\mpatel\Application Data\Yammer.2782AD3EDB99182DA9E10666691F7E39C8DBA6A3.1 [2009/11/08 17:41:13 | 00,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/08 20:34:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\eventlog.dll /s /md5 >[/color] [2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< %SYSTEMDRIVE%\scecli.dll /s /md5 >[/color] [2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[/color] [2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\sceclt.dll /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\logevent.dll /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\iaStor.sys /s /md5 >[/color] [2005/04/25 10:28:14 | 00,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys [color=#A23BEC]< %SYSTEMDRIVE%\nvstor.sys /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\atapi.sys /s /md5 >[/color] [2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys [2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys [color=#A23BEC]< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\viasraid.sys /s /md5 >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\AGP440.sys /s /md5 >[/color] [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCD39382 @Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE70D73 < End of report >