Hi
Thanks for helping me through this.
I ran OTL scans and am adding them here. I had to close my initial run of GMER scan because it was taking really long, and I had to do some work on my laptop. I'm running it again now.
OTL.log
OTL logfile created on: 2/28/2012 8:32:00 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\UserXP\Desktop
Windows XP Professional Edition Service Pack 3, v.6165 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.13% Memory free
3.84 Gb Paging File | 3.16 Gb Available in Paging File | 82.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 6.46 Gb Free Space | 22.04% Space Free | Partition Type: NTFS
Drive D: | 7.80 Gb Total Space | 3.37 Gb Free Space | 43.23% Space Free | Partition Type: FAT32
Drive E: | 96.52 Gb Total Space | 13.39 Gb Free Space | 13.88% Space Free | Partition Type: NTFS
Computer Name: JOLENE-239684D0 | User Name: UserXP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/02/28 20:30:25 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserXP\Desktop\OTL.scr
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/10/09 22:28:56 | 002,975,920 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/09/10 11:14:36 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/09/01 20:31:06 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe
PRC - [2011/05/23 13:54:50 | 000,522,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011/05/23 13:54:07 | 000,465,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2010/05/13 10:52:34 | 000,016,896 | ---- | M] (Microsoft) -- E:\gulti\TeluguLipi Unicode Editor\TeluguLipiTray.exe
PRC - [2009/11/08 13:48:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/04/14 04:10:30 | 001,032,192 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/03/09 03:14:12 | 000,130,560 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/04 00:55:12 | 000,621,056 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/02/16 11:43:38 | 000,153,600 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
PRC - [2008/11/26 02:05:00 | 000,119,808 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/03/03 13:13:16 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/03/03 13:12:38 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/03/03 13:12:34 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/03/03 13:10:44 | 000,072,240 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2007/11/30 13:56:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 05:25:46 | 001,628,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/05/15 05:25:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/03/23 03:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/02/06 08:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 08:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
========== Modules (No Company Name) ========== MOD - [2012/02/10 19:21:35 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/11/10 11:36:53 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/11/10 11:36:28 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/11/10 11:33:55 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/11/10 11:33:25 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/10/22 23:36:39 | 000,022,792 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2009/11/03 05:37:58 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\Execute.dll
MOD - [2009/10/02 11:27:12 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll
MOD - [2009/03/09 03:14:12 | 000,130,560 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
MOD - [2009/02/16 11:43:38 | 000,153,600 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
MOD - [2008/11/26 02:05:00 | 000,119,808 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
MOD - [2008/03/03 13:12:14 | 000,080,432 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\zlib1.dll
MOD - [2008/03/03 13:11:08 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libxml2.dll
MOD - [2007/11/30 13:55:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/11/30 13:55:34 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/03/23 03:03:02 | 000,834,352 | ---- | M] () -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\libeay32.dll
MOD - [2007/03/23 03:02:50 | 000,166,704 | ---- | M] () -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\ssleay32.dll
MOD - [2007/02/06 08:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/06 08:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ========== SRV - [2012/02/10 19:21:35 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/09/10 11:14:36 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/05/23 13:54:07 | 000,465,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/03/04 00:55:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/03 13:13:16 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/03/03 13:12:38 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/03/03 13:12:34 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/11/30 10:23:02 | 000,186,928 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/05/15 05:25:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/03/23 03:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
========== Driver Services (SafeList) ========== DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/09 09:37:28 | 000,039,824 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/05/23 13:45:27 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2011/05/23 13:45:05 | 000,046,480 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2011/05/23 13:45:05 | 000,036,624 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/12 04:51:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 04:25:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/03/30 23:09:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/25 23:56:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/03 13:14:20 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008/03/03 13:14:16 | 000,925,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008/03/03 13:14:06 | 000,025,136 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008/03/03 13:13:48 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008/03/03 13:10:02 | 000,030,768 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2008/03/03 13:10:02 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008/03/03 13:10:02 | 000,016,816 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/11/30 10:22:16 | 000,019,248 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007/06/28 08:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/15 05:25:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 05:25:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 05:25:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/03/23 03:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2007/02/14 07:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 07:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 07:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 07:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 07:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/02 08:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/12/01 18:34:14 | 000,194,200 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/12/01 18:34:14 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XPC4DRVR.SYS -- (XilinxPC4Driver)
DRV - [2006/10/18 18:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2005/07/27 03:10:08 | 000,027,200 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RTWTKRNL.sys -- (RTWTKRNL)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.bing.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CSeaMonkey%5Csearchplugins%5Cgoogle.src"
FF - prefs.js..browser.startup.homepage: "
http://www.google.co.in/ig?hl=en"FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems:
[email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..network.proxy.ftp: "192.168.10.14"
FF - prefs.js..network.proxy.ftp_port: 808
FF - prefs.js..network.proxy.gopher: "192.168.10.14"
FF - prefs.js..network.proxy.gopher_port: 808
FF - prefs.js..network.proxy.http: "192.168.10.14"
FF - prefs.js..network.proxy.http_port: 808
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.ssl: "192.168.10.14"
FF - prefs.js..network.proxy.ssl_port: 808
FF - prefs.js..network.proxy.type: 1
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\UserXP\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\UserXP\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/23 22:57:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/01/26 21:16:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/23 22:57:45 | 000,000,000 | ---D | M]
[2009/11/18 21:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\UserXP\Application Data\Mozilla\Extensions
[2009/11/18 21:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\UserXP\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2009/11/18 21:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\UserXP\Application Data\Mozilla\SeaMonkey\Profiles\v5meeiou.default\extensions
File not found (No name found) -- C:\PROGRAM FILES\SEAMONKEY\EXTENSIONS\{59C81DF5-4B7A-477B-912D-4E0FDF64E5F2}
File not found (No name found) -- C:\PROGRAM FILES\SEAMONKEY\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}
File not found (No name found) -- C:\PROGRAM FILES\SEAMONKEY\EXTENSIONS\
[email protected] ========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.8_0\lib/npdapchrome.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\UserXP\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\UserXP\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_JamesWhite = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: Search by Image (by Google) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.1.1_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.8_0\
CHR - Extension: wikiHow Survival Kit = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0\
CHR - Extension: Super Mario Bros. Crossover (Hacked!) = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilcellbipoehgheiecfonfmjccknmggo\1.1_0\
CHR - Extension: Google Books = C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.2_0\
O1 HOSTS File: ([2011/08/31 21:00:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\UserXP\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [GameXN] C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (news)] C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (update)] C:\Documents and Settings\All Users\Application Data\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TeluguLipi Quick Start.lnk = C:\WINDOWS\Installer\{990CA0A1-4EA0-4C39-9EFE-3494F21917E7}\_7809DDD814F44DC2B39EE0CFADC8C435.exe (Flexera Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1265212679843 (WUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B}
http://www.shockwave...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913}
http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
http://www.arcadetow...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB611A7-8ABA-4C73-B45B-4A74DD59DFAD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\UserXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\UserXP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/28 04:03:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/02/28 20:30:37 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\UserXP\Desktop\OTL.scr
[2012/02/27 22:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2012/02/27 22:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
========== Files - Modified Within 30 Days ========== [2012/02/28 20:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 20:30:25 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserXP\Desktop\OTL.scr
[2012/02/28 19:42:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-1801674531-1003UA.job
[2012/02/28 08:31:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 08:02:33 | 000,002,141 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TeluguLipi Quick Start.lnk
[2012/02/28 08:00:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/28 08:00:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/27 23:01:39 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\UserXP\Application Data\winscp.rnd
[2012/02/27 22:51:57 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\WinSCP.lnk
[2012/02/27 22:42:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-1801674531-1003Core.job
[2012/02/26 12:47:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/02/23 08:06:26 | 000,500,446 | ---- | M] () -- C:\Documents and Settings\UserXP\My Documents\Resume Jolene Singh _2_.pdf
[2012/02/19 11:34:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 12:45:43 | 000,111,799 | ---- | M] () -- C:\Documents and Settings\UserXP\My Documents\Print - ePay (pay bills).pdf
[2012/02/10 19:27:08 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2012/02/09 21:59:55 | 000,428,881 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Video call snapshot 4.png
[2012/02/09 21:57:14 | 000,428,725 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Video call snapshot 3.png
[2012/02/08 22:15:48 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/08 22:10:06 | 000,468,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/08 22:10:05 | 000,080,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/07 23:35:46 | 003,691,254 | ---- | M] () -- C:\Documents and Settings\UserXP\My Documents\posterv2_2.pdf
[2012/02/07 23:34:44 | 003,542,275 | ---- | M] () -- C:\Documents and Settings\UserXP\My Documents\posterv2.pdf
[2012/02/04 20:06:48 | 000,093,572 | ---- | M] () -- C:\Documents and Settings\UserXP\My Documents\Print - Payment Confirmation.pdf
========== Files Created - No Company Name ========== [2012/02/27 22:52:05 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\UserXP\Application Data\winscp.rnd
[2012/02/27 22:51:57 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\WinSCP.lnk
[2012/02/23 08:06:22 | 000,500,446 | ---- | C] () -- C:\Documents and Settings\UserXP\My Documents\Resume Jolene Singh _2_.pdf
[2012/02/16 12:45:41 | 000,111,799 | ---- | C] () -- C:\Documents and Settings\UserXP\My Documents\Print - ePay (pay bills).pdf
[2012/02/09 21:58:08 | 000,428,881 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Video call snapshot 4.png
[2012/02/09 21:55:16 | 000,428,725 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Video call snapshot 3.png
[2012/02/07 23:35:42 | 003,691,254 | ---- | C] () -- C:\Documents and Settings\UserXP\My Documents\posterv2_2.pdf
[2012/02/07 23:34:40 | 003,542,275 | ---- | C] () -- C:\Documents and Settings\UserXP\My Documents\posterv2.pdf
[2012/02/04 20:06:43 | 000,093,572 | ---- | C] () -- C:\Documents and Settings\UserXP\My Documents\Print - Payment Confirmation.pdf
[2012/01/08 22:51:18 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2011/11/15 20:34:28 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\PUTTY.RND
[2011/10/09 22:29:06 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2011/10/09 22:29:06 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/07/23 22:49:57 | 000,171,896 | ---- | C] () -- C:\WINDOWS\hphins32.dat
[2011/07/23 22:49:57 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
[2010/12/31 05:41:20 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/12/31 05:41:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/10/24 21:49:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/20 11:59:59 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\keyfile3.drm
[2010/08/06 10:10:40 | 001,121,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/14 03:53:53 | 000,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010/03/06 02:37:35 | 000,000,771 | ---- | C] () -- C:\WINDOWS\ISCII.INI
[2010/03/03 04:45:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
========== LOP Check ========== [2010/02/09 21:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Airytec
[2011/10/11 07:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2011/09/01 20:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2012/01/26 21:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/10/05 11:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2012/02/28 20:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXN
[2010/04/11 04:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2011/01/08 07:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2010/03/13 03:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2011/11/16 20:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetSarang
[2010/08/06 10:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/08/15 00:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/31 05:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/04/11 00:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/12/31 04:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/01/31 02:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/05/14 05:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/02/28 08:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/17 17:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VanDyke
[2010/05/18 06:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2012/02/10 19:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2010/09/21 15:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/10/06 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/12 22:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Airytec
[2012/01/08 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Carambis
[2010/12/05 12:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Conceptworld
[2010/05/20 05:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Desktop Sidebar
[2010/08/25 21:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\ESET
[2009/10/01 09:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Foxit
[2012/02/28 18:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\go
[2010/04/12 12:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\MysteryStudio
[2011/11/16 20:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\NetSarang
[2010/08/06 10:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Nokia
[2010/05/14 22:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\NVD
[2010/08/06 10:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\PC Suite
[2010/04/11 00:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\PlayFirst
[2010/02/23 12:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Samsung
[2010/05/18 08:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\SoftGrid Client
[2009/12/17 02:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Softland
[2009/12/16 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\TeamViewer
[2010/05/14 06:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\TP
[2011/06/11 17:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\uTorrent
[2011/06/11 03:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\ValuSoft
[2011/11/17 17:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\VanDyke
[2010/05/18 09:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Windows Desktop Search
[2010/05/18 09:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Windows Search
[2010/02/13 05:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Wireshark
[2009/10/04 06:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\WordWeb
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2007/11/30 13:56:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/11/30 13:56:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- C:\WINDOWS\explorer.exe
[2007/11/30 13:56:26 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=E0EE428F4777A3CD8760BAD61F87ABED -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: SVCHOST.EXE >[2007/11/30 13:56:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2007/11/30 13:56:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2007/11/30 13:56:52 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=0C82B0AE50BB2BC8A96A753F4EDC495F -- C:\WINDOWS\system32\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2007/11/30 13:56:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2007/11/30 13:56:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- C:\WINDOWS\system32\dllcache\userinit.exe
[2007/11/30 13:56:54 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=813B2E9C4CAEA05FBA51A442FAB7A95D -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2007/11/30 13:56:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2007/11/30 13:56:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2007/11/30 13:56:58 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=45FFE966290B9C4BA659325561DE4830 -- C:\WINDOWS\system32\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/10/31 05:46:00 | 000,634,504 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/02/15 00:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/10/31 15:56:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2011/10/31 05:46:00 | 000,634,504 | ---- | M] (Microsoft Corporation)
========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD060F93
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0F61BB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EFC1E5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED3F622D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA
< End of report >