Jump to content
Sign in to follow this  
Suba

Trojan - didn't go after running superantispyware , malaware bytes

Recommended Posts

Trojan - didn't go after running superantispyware , malaware bytes , Spybot search and destroy ,ad aware . I don't know any other option to try .

My Nephews have downloaded this virus by visiting some games websites. Initially , I was not able to access any browsers including IE in the beginning . So i had to do system restore in the safe mode . Then i was able to download Ad aware , superantispyware . I run all the application in both safe mode , normal mode . But still the virus doesn't seems to go .

Virus name : Fake Microsoft security essential .

How ever the warning message that i was getting went away . But still i am unable to use any web browsers besides IE . When i do Google search on IE and click on some link , it re-directs me to some other spam websites . I really need some help in fixing this virus ...as i don't want to format my system. Appreciate your help . Thanks .

Share this post


Link to post
Share on other sites

Hi

Download OTL from here: http://oldtimer.geekstogo.com/OTL.exe to your Dekstop.

Double click on the icon to run it select All users then under the Custom/scans fixes copy/paste the following:

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\Fonts\*.com

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.exe

%systemroot%\system32\spool\prtprocs\w32x86\*.*

%systemroot%\REPAIR\*.bak1

%systemroot%\REPAIR\*.ini

%systemroot%\system32\*.jpg

%systemroot%\*.jpg

%systemroot%\*.png

%systemroot%\*.scr

%systemroot%\*._sy

%APPDATA%\Adobe\Update\*.*

%ALLUSERSPROFILE%\Favorites\*.*

%APPDATA%\Microsoft\*.*

%PROGRAMFILES%\*.*

%APPDATA%\Update\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\bak. /s

%systemroot%\system32\bak. /s

%ALLUSERSPROFILE%\Start Menu\*.lnk /x

%systemroot%\system32\config\systemprofile\*.dat /x

%systemroot%\*.config

%systemroot%\system32\*.db

%PROGRAMFILES%\Internet Explorer\*.dat

%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x

%USERPROFILE%\Desktop\*.exe

%PROGRAMFILES%\Common Files\*.*

%systemroot%\*.src

%systemroot%\install\*.*

%systemroot%\system32\DLL\*.*

%systemroot%\system32\HelpFiles\*.*

%systemroot%\system32\rundll\*.*

%systemroot%\winn32\*.*

%systemroot%\Java\*.*

%systemroot%\system32\test\*.*

%systemroot%\system32\Rundll32\*.*

%systemroot%\AppPatch\Custom\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Now click Quick scan.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Post both logs in your reply.

Share this post


Link to post
Share on other sites

OTL file :-

OTL logfile created on: 4/10/2011 3:00:20 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\sunikar\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 9.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 62.48 Gb Total Space | 1.62 Gb Free Space | 2.59% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 9.36 Gb Free Space | 93.60% Space Free | Partition Type: NTFS

Computer Name: SUNISHKAR | User Name: sunikar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 14:56:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

PRC - [2011/04/07 00:58:47 | 001,192,240 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011/04/07 00:58:39 | 001,753,048 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

PRC - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe

PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/10/19 12:27:33 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | -H-- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/03/12 11:54:41 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/01/21 17:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

PRC - [2010/01/21 17:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

PRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/05/27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe

PRC - [2008/04/24 11:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

PRC - [2008/04/24 11:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe

PRC - [2007/02/13 11:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe

PRC - [2005/09/08 11:06:20 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2003/05/29 19:18:42 | 000,380,928 | ---- | M] () -- C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe

PRC - [1999/02/28 02:32:52 | 000,124,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mdm.exe

========== Modules (SafeList) ==========

MOD - [2011/04/10 14:56:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2007/04/19 12:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll

MOD - [2007/02/13 11:42:38 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/04/07 00:58:39 | 001,753,048 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe -- (NSL)

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/12/17 15:37:00 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2009/03/18 11:54:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/04/24 11:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)

SRV - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)

SRV - [2007/02/13 11:44:34 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/02/13 11:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

========== Driver Services (SafeList) ==========

DRV - [2011/04/01 00:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2011/04/01 00:22:01 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\sunikar\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)

DRV - [2010/04/30 15:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2010/04/30 15:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\sunikar\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/09/16 08:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 08:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 08:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 08:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 08:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)

DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/02/13 11:42:28 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/02/13 11:42:04 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/02/13 11:39:54 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/02/09 00:24:00 | 001,939,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Dell Notebooks(UVC)

DRV - [2007/02/09 00:24:00 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/02/09 00:24:00 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2007/02/09 00:23:00 | 000,066,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)

DRV - [2007/02/09 00:22:00 | 001,507,232 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2004/05/26 16:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 11:56:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\WINDOWS\system32\5011 [2011/03/10 20:35:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2011/04/09 15:08:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/22 17:28:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/19 10:04:21 | 000,000,000 | ---D | M]

[2009/06/10 12:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Extensions

[2011/02/20 18:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions

[2009/08/16 07:04:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/20 18:09:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/03/18 17:28:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/04/13 10:51:43 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}

[2009/12/24 20:19:56 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}

[2009/03/18 14:42:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009/04/13 10:51:44 | 000,000,000 | ---D | M] (EWOQ Mobile Setup extension) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}

[2011/02/06 00:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/09/14 06:23:13 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org

[2010/03/12 11:56:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2009/03/26 12:19:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/03/10 20:35:53 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5011

[2008/12/17 14:59:30 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll

[2008/12/17 14:59:31 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll

[2008/12/17 14:59:32 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll

[2008/12/17 14:59:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll

[2008/12/17 14:59:35 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

Hosts file not found

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [Desktop Software] File not found

O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)

O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O15 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - Reg Error: Key error. File not found

O18 - Protocol\Handler\vfsp - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/18 11:57:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell - "" = AutoRun

O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 14:56:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

[2011/04/09 18:02:27 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2011/04/09 18:01:05 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2011/04/09 15:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Application Data\SUPERAntiSpyware.com

[2011/04/09 15:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/04/09 15:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Local Settings\Application Data\Sunbelt Software

[2011/04/09 15:37:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}

[2011/04/09 15:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft

[2011/04/09 15:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2011/04/09 15:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2011/04/09 15:08:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST

[2011/04/09 15:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite

[2011/04/09 15:08:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\0102000.007

[2011/04/09 11:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Talk

[2011/04/09 11:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Application Data\Dealio

[2011/04/09 11:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MySQL

[2011/04/09 11:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quest Software

[2011/04/09 11:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft

[2011/04/09 10:58:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sunikar\Recent

[2011/04/09 08:56:01 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/04/04 08:32:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/04/01 21:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bDk06504oKdKp06504

[2011/04/01 20:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2011/03/28 16:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Desktop\US trip

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\sunikar\My Documents\*.tmp files -> C:\Documents and Settings\sunikar\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/10 14:56:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

[2011/04/10 14:49:34 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/10 14:49:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/10 14:49:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-963894560-1801674531-1004.job

[2011/04/10 14:49:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-963894560-1801674531-1005.job

[2011/04/10 14:48:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/10 14:48:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2011/04/10 08:27:08 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-963894560-1801674531-1004.job

[2011/04/10 00:55:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/09 20:36:23 | 000,562,804 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/09 20:36:22 | 000,110,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/09 20:32:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-963894560-1801674531-1004UA.job

[2011/04/09 19:37:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/09 18:00:58 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2011/04/09 15:37:31 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\sunikar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2011/04/09 15:37:31 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2011/04/09 14:39:43 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for sunikar.job

[2011/04/09 10:12:07 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476r

[2011/04/09 10:12:07 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476

[2011/04/09 10:11:59 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19783476

[2011/04/09 08:33:52 | 000,013,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps

[2011/04/09 08:32:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/07 00:59:03 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2011/04/04 22:45:28 | 000,013,404 | -HS- | M] () -- C:\Documents and Settings\sunikar\Local Settings\Application Data\jcl665ep0rnlp562hps

[2011/04/04 08:30:28 | 003,894,702 | -H-- | M] () -- C:\Documents and Settings\sunikar\Desktop\ComboFix.zip

[2011/04/03 12:32:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-963894560-1801674531-1004Core.job

[2011/04/01 22:33:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp

[2011/04/01 00:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2011/03/30 13:07:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/03/30 08:09:33 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19980084

[2011/03/30 08:09:32 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19980084r

[2011/03/30 08:09:22 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19980084

[2011/03/28 20:42:17 | 000,011,258 | -H-- | M] () -- C:\Documents and Settings\sunikar\Desktop\images.jpg

[2011/03/24 10:22:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/03/24 06:22:54 | 000,000,678 | ---- | M] () -- C:\WINDOWS\System32\jsaddons.ini

[2011/03/24 06:03:47 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-963894560-1801674531-1005.job

[2011/03/20 18:41:38 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\sunikar\My Documents\*.tmp files -> C:\Documents and Settings\sunikar\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/10 01:56:12 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2011/04/09 16:14:30 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/09 15:37:31 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\sunikar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2011/04/09 15:37:31 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2011/04/09 15:08:11 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\0102000.007\isolate.ini

[2011/04/09 10:12:07 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19783476r

[2011/04/09 10:12:06 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19783476

[2011/04/09 10:11:59 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19783476

[2011/04/04 08:58:07 | 003,894,702 | -H-- | C] () -- C:\Documents and Settings\sunikar\Desktop\ComboFix.zip

[2011/04/02 09:55:24 | 000,013,404 | -HS- | C] () -- C:\Documents and Settings\sunikar\Local Settings\Application Data\jcl665ep0rnlp562hps

[2011/04/02 09:55:24 | 000,013,294 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps

[2011/04/01 22:33:23 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp

[2011/03/30 08:09:32 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19980084r

[2011/03/30 08:09:32 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19980084

[2011/03/30 08:09:22 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19980084

[2011/03/28 20:42:22 | 000,011,258 | -H-- | C] () -- C:\Documents and Settings\sunikar\Desktop\images.jpg

[2011/03/21 21:16:11 | 000,849,608 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/03/02 11:37:54 | 000,000,277 | ---- | C] () -- C:\WINDOWS\System32\vbaddons.ini

[2011/03/02 11:16:41 | 000,000,678 | ---- | C] () -- C:\WINDOWS\System32\jsaddons.ini

[2011/03/02 11:16:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2010/12/11 23:17:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/12/08 05:25:22 | 000,001,161 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\827008272.dat

[2010/03/07 21:53:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009/11/25 15:59:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/08/06 10:16:24 | 000,000,401 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/07/01 06:21:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\flight4b.INI

[2009/07/01 06:19:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2009/07/01 06:19:39 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2009/06/29 17:34:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\flight4a.INI

[2009/06/29 16:24:50 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wlrun.ini

[2009/06/29 16:24:11 | 000,007,127 | ---- | C] () -- C:\WINDOWS\wrun.ini

[2009/06/29 16:17:44 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI

[2009/06/29 15:28:55 | 000,001,370 | ---- | C] () -- C:\WINDOWS\mercury.ini

[2009/06/26 17:28:14 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2009/06/26 17:28:14 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2009/06/26 17:28:14 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2009/06/26 17:28:14 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2009/06/26 17:28:14 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2009/06/26 17:28:14 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2009/06/26 17:28:14 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2009/06/26 17:28:14 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2009/06/26 17:28:14 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2009/06/26 17:28:14 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2009/06/26 17:28:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2009/06/26 17:28:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2009/06/26 17:28:14 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2009/06/26 17:28:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2009/06/26 17:28:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2009/06/26 17:28:14 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2009/06/26 17:28:14 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2009/06/26 17:28:14 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2009/06/26 17:28:14 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009/06/12 18:56:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/06/06 11:14:02 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\sunikar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/18 17:52:24 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2009/03/18 17:52:24 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2009/03/18 17:51:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2009/03/18 17:51:24 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2009/03/18 17:51:24 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat

[2009/03/18 17:50:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2009/03/18 17:50:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat

[2009/03/18 17:49:23 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2009/03/18 16:54:53 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/03/18 16:07:09 | 000,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2009/03/18 13:11:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/18 12:59:20 | 000,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/03/18 12:32:58 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

[2009/03/18 12:11:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll

[2009/03/18 12:04:33 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2009/03/18 12:00:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/18 11:55:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/17 21:54:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/17 21:53:15 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/02/13 11:42:28 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2007/02/13 11:39:54 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 05:00:00 | 000,562,804 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 05:00:00 | 000,110,212 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\snngbzg.dll

[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2004/08/04 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll

[2004/08/04 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll

[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/04 05:00:00 | 000,000,342 | ---- | C] () -- C:\WINDOWS\System32\g0r8jf2.dll

[2004/08/04 05:00:00 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll

[2004/08/04 05:00:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2004/08/04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\u6gfg65.dll

[2004/08/04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\mfcl7iz.dll

[2004/08/04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\lrue84c.dll

[2004/08/04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\a9m32e5.dll

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2009/06/04 00:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2011/04/09 11:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bDk06504oKdKp06504

[2009/03/18 11:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2009/10/08 13:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL

[2010/11/17 11:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software

[2009/03/18 17:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/08/31 14:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/11/28 23:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon

[2010/11/28 23:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital

[2011/04/09 15:37:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}

[2009/10/09 13:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/09/05 10:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest1\Application Data\Panasonic

[2010/12/11 23:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest1\Application Data\Western Digital

[2011/04/10 14:49:34 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/04/10 14:48:43 | 000,001,286 | ---- | M] () -- C:\aaw7boot.log

[2009/03/18 11:57:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/03/28 08:54:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2009/03/18 17:52:16 | 000,000,025 | ---- | M] () -- C:\Brxpinst.log

[2009/03/18 11:57:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/04/01 22:33:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp

[2009/03/18 11:57:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/03/18 11:57:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/03/21 10:09:12 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/04/10 14:48:44 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

[2010/12/11 22:06:51 | 000,047,494 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_11.12.2010_21.05.46_log.txt

[2009/06/26 19:04:35 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini

[2009/04/12 22:27:34 | 000,001,876 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >

[2006/04/18 13:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 12:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 13:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 12:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/03/18 11:57:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

[2001/11/20 15:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll

[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2010/11/17 11:10:30 | 000,000,161 | -H-- | M] () -- C:\Program Files\INSTALL.LOG

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2009/03/17 21:52:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009/03/17 21:52:28 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009/03/17 21:52:27 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

[2009/03/21 10:18:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2009/03/18 12:21:21 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\sunikar\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

[2009/03/18 12:21:20 | 000,000,079 | -H-- | M] () -- C:\Documents and Settings\sunikar\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

[2010/02/14 20:38:42 | 000,316,680 | ---- | M] (Dassault Systèmes) -- C:\Documents and Settings\sunikar\Desktop\3DVIA_player_installer.exe

[2009/03/18 14:35:17 | 043,083,040 | ---- | M] ( ) -- C:\Documents and Settings\sunikar\Desktop\AdbeRdr910_en_US_Std.exe

[2009/09/19 08:22:02 | 007,218,536 | ---- | M] () -- C:\Documents and Settings\sunikar\Desktop\CommunicatorPlugin_281.exe

[2009/08/18 15:16:38 | 001,606,064 | ---- | M] () -- C:\Documents and Settings\sunikar\Desktop\googletalk-setup.exe

[2009/10/15 14:08:06 | 000,570,032 | ---- | M] (Google Inc.) -- C:\Documents and Settings\sunikar\Desktop\GoogleVoiceAndVideoSetup(2).exe

[2009/03/18 14:49:44 | 059,264,920 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\sunikar\Desktop\NAV09EN.exe

[2009/07/06 14:19:47 | 155,255,392 | ---- | M] () -- C:\Documents and Settings\sunikar\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe

[2009/10/08 10:08:01 | 216,933,372 | ---- | M] (Oracle Corporation ) -- C:\Documents and Settings\sunikar\Desktop\OracleXEUniv.exe

[2011/04/10 14:56:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

[2009/03/25 14:46:17 | 021,878,064 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\sunikar\Desktop\QuickTimeInstaller.exe

[2009/09/19 08:06:40 | 006,321,440 | ---- | M] () -- C:\Documents and Settings\sunikar\Desktop\WebUpdaterforWindows_242.exe

[2009/06/05 11:44:38 | 000,367,240 | ---- | M] (Digital River, Inc.) -- C:\Documents and Settings\sunikar\Desktop\X12-30196-DLM.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-09 20:49:27

< Update\Results\Install|LastSuccessTime /rs >

< >

< >

< End of report >

Share this post


Link to post
Share on other sites

File:- Extras.txt

OTL Extras logfile created on: 4/10/2011 3:00:20 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\sunikar\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 9.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 62.48 Gb Total Space | 1.62 Gb Free Space | 2.59% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 9.36 Gb Free Space | 93.60% Space Free | Partition Type: NTFS

Computer Name: SUNISHKAR | User Name: sunikar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"135:TCP" = 135:TCP:*:Enabled:DCOM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe" = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe:*:Enabled:MA521 Configuration Utility -- ()

"C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)

"C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus

"C:\Program Files\Mercury Interactive\QuickTest Professional\bin\AQTRmtAgent.exe" = C:\Program Files\Mercury Interactive\QuickTest Professional\bin\AQTRmtAgent.exe:*:Enabled:AQT Remote Agent

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin

"{01558B00-3F19-4E26-8B56-11CA9F97E81C}" = MA521 Configuration Utility

"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0E794924-17AC-4565-96C7-960D40F8B61E}" = TurboTax 2010 wcoiper

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{37EBB600-EAA2-012B-AD89-000000000000}" = TurboTax 2009 wiliper

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{4402084F-61EE-48B2-AFCB-AC1EC2454C79}" = MySQL Server 5.1

"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client

"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"{578145B3-3831-4D85-BB53-4A9D90F821DE}" = WebEx Recorder and Player

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{70632C41-BDAC-4128-9FBF-287F9FF53DE5}" = TurboTax 2010 wiliper

"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort

"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003

"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1

"{9932886E-7874-4BA1-A1AA-E61EA5A9352D}" = Logitech QuickCam

"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4089B20-34E1-4331-BB0F-2FC76D0F3EB4}" = Quest Software Toad for MySQL Freeware 5.0

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer

"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files

"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor

"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes

"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"GoToAssist" = GoToAssist 8.0.0.514

"HDMI" = Intel® Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"IE4Dev" = Microsoft Script Debugger

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NSS" = Norton Security Scan

"NST" = Norton Safe Web Lite

"Picasa 3" = Picasa 3

"ProInst" = Intel® PROSet/Wireless Software

"QcDrv" = Logitech® Camera Driver

"RealPlayer 12.0" = RealPlayer

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"The Weather Channel Desktop 6" = The Weather Channel Desktop 6

"TurboTax 2008" = TurboTax 2008

"TurboTax 2009" = TurboTax 2009

"TurboTax 2010" = TurboTax 2010

"Uninstall_is1" = Uninstall 1.0.0.1

"Windows XP Service Pack" = Windows XP Service Pack 3

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/4/2011 1:13:26 AM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application bdi.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2011 1:14:46 AM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application bdi.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2011 1:20:16 AM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application bdi.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2011 12:55:32 AM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application bdi.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2011 6:08:27 PM | Computer Name = SUNISHKAR | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 4/9/2011 6:08:27 PM | Computer Name = SUNISHKAR | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 4/9/2011 6:43:33 PM | Computer Name = SUNISHKAR | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 4/9/2011 6:43:45 PM | Computer Name = SUNISHKAR | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 4/9/2011 9:02:09 PM | Computer Name = SUNISHKAR | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 4/10/2011 5:51:06 PM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 4/9/2011 1:51:18 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 2:45:46 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 2:46:46 PM | Computer Name = SUNISHKAR | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm mfehidk OMCI

Error - 4/9/2011 3:04:28 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 3:05:50 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 3:06:55 PM | Computer Name = SUNISHKAR | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm mfehidk ohci1394 OMCI

Error - 4/9/2011 4:41:32 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 11:37:54 PM | Computer Name = SUNISHKAR | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm mfehidk OMCI SASDIFSV SASKUTIL

Error - 4/9/2011 11:41:51 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/10/2011 10:56:24 AM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

Share this post


Link to post
Share on other sites

Hi,

First uninstall Spybot S&D via Add/Remove programs.

You can reinstall it back later if you want.

Then

-Download TDSSKiller from here: http://support.kaspersky.com/downloads/utils/tdsskiller.zip and save it to your Desktop.

-Extract its contents to your desktop.

-Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

-If an infected file is detected, the default action will be Cure, click on Continue.

-If a suspicious file is detected, the default action will be Skip, click on Continue.

-It may ask you to reboot the computer to complete the process. Click on Reboot Now.

-If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

-If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

Copy and paste the contents of that file here.

Then

Run OTL

-Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [Desktop Software] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vfsp - No CLSID value found
O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2011/04/09 11:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Application Data\Dealio
[2011/04/01 21:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bDk06504oKdKp06504
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\sunikar\My Documents\*.tmp files -> C:\Documents and Settings\sunikar\My Documents\*.tmp -> ]
[2011/04/09 10:12:07 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476r
[2011/04/09 10:12:07 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476
[2011/04/09 10:11:59 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19783476
[2011/04/09 08:33:52 | 000,013,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps
[2011/04/04 22:45:28 | 000,013,404 | -HS- | M] () -- C:\Documents and Settings\sunikar\Local Settings\Application Data\jcl665ep0rnlp562hps
[2011/04/01 22:33:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/30 08:09:33 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19980084
[2011/03/30 08:09:32 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19980084r
[2011/03/30 08:09:22 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19980084

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

-Then click the Run Fix button at the top

-Let the program run unhindered, reboot the PC when it is done

-Post the log you get

Then

Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe and save it to your Desktop.

-Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix see this page "How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs": http://www.bleepingcomputer.com/forums/topic114351.html

-Close everything

-Double click on Combofix.exe and follow the prompts.

Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall

-When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

And finally,

-download Security Check from here: http://screen317.spywareinfoforum.org/SecurityCheck.exe and save it to your dekstop

-Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

-A Notepad document should open automatically called checkup.txt; post the contents of that document.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...