Trojan - didn't go after running superantispyware , malaware bytes

[Suba]

Trojan - didn't go after running superantispyware , malaware bytes , Spybot search and destroy ,ad aware . I don't know any other option to try .

My Nephews have downloaded this virus by visiting some games websites. Initially , I was not able to access any browsers including IE in the beginning . So i had to do system restore in the safe mode . Then i was able to download Ad aware , superantispyware . I run all the application in both safe mode , normal mode . But still the virus doesn't seems to go .

Virus name : Fake Microsoft security essential .

How ever the warning message that i was getting went away . But still i am unable to use any web browsers besides IE . When i do Google search on IE and click on some link , it re-directs me to some other spam websites . I really need some help in fixing this virus ...as i don't want to format my system. Appreciate your help . Thanks .

[rise]

Hi

Download OTL from here: http://oldtimer.geekstogo.com/OTL.exe to your Dekstop.

Double click on the icon to run it select All users then under the Custom/scans fixes copy/paste the following:

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\Fonts\*.com

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.exe

%systemroot%\system32\spool\prtprocs\w32x86\*.*

%systemroot%\REPAIR\*.bak1

%systemroot%\REPAIR\*.ini

%systemroot%\system32\*.jpg

%systemroot%\*.jpg

%systemroot%\*.png

%systemroot%\*.scr

%systemroot%\*._sy

%APPDATA%\Adobe\Update\*.*

%ALLUSERSPROFILE%\Favorites\*.*

%APPDATA%\Microsoft\*.*

%PROGRAMFILES%\*.*

%APPDATA%\Update\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\bak. /s

%systemroot%\system32\bak. /s

%ALLUSERSPROFILE%\Start Menu\*.lnk /x

%systemroot%\system32\config\systemprofile\*.dat /x

%systemroot%\*.config

%systemroot%\system32\*.db

%PROGRAMFILES%\Internet Explorer\*.dat

%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x

%USERPROFILE%\Desktop\*.exe

%PROGRAMFILES%\Common Files\*.*

%systemroot%\*.src

%systemroot%\install\*.*

%systemroot%\system32\DLL\*.*

%systemroot%\system32\HelpFiles\*.*

%systemroot%\system32\rundll\*.*

%systemroot%\winn32\*.*

%systemroot%\Java\*.*

%systemroot%\system32\test\*.*

%systemroot%\system32\Rundll32\*.*

%systemroot%\AppPatch\Custom\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Now click Quick scan.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Post both logs in your reply.

[Suba]

OTL file :-

OTL logfile created on: 4/10/2011 3:00:20 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\sunikar\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 9.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 62.48 Gb Total Space | 1.62 Gb Free Space | 2.59% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 9.36 Gb Free Space | 93.60% Space Free | Partition Type: NTFS

Computer Name: SUNISHKAR | User Name: sunikar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 14:56:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

PRC - [2011/04/07 00:58:47 | 001,192,240 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011/04/07 00:58:39 | 001,753,048 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

PRC - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe

PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/10/19 12:27:33 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | -H-- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/03/12 11:54:41 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/01/21 17:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

PRC - [2010/01/21 17:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

PRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/05/27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe

PRC - [2008/04/24 11:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

PRC - [2008/04/24 11:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe

PRC - [2007/02/13 11:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe

PRC - [2005/09/08 11:06:20 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2003/05/29 19:18:42 | 000,380,928 | ---- | M] () -- C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe

PRC - [1999/02/28 02:32:52 | 000,124,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mdm.exe

========== Modules (SafeList) ==========

MOD - [2011/04/10 14:56:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2007/04/19 12:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll

MOD - [2007/02/13 11:42:38 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/04/07 00:58:39 | 001,753,048 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe -- (NSL)

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/12/17 15:37:00 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2009/03/18 11:54:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/04/24 11:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)

SRV - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)

SRV - [2007/02/13 11:44:34 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/02/13 11:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

========== Driver Services (SafeList) ==========

DRV - [2011/04/01 00:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2011/04/01 00:22:01 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\sunikar\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)

DRV - [2010/04/30 15:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2010/04/30 15:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\sunikar\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/09/16 08:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 08:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 08:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 08:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 08:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)

DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/02/13 11:42:28 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/02/13 11:42:04 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/02/13 11:39:54 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/02/09 00:24:00 | 001,939,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Dell Notebooks(UVC)

DRV - [2007/02/09 00:24:00 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/02/09 00:24:00 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2007/02/09 00:23:00 | 000,066,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)

DRV - [2007/02/09 00:22:00 | 001,507,232 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2004/05/26 16:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 11:56:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\WINDOWS\system32\5011 [2011/03/10 20:35:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\ [2011/04/09 15:08:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/22 17:28:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/19 10:04:21 | 000,000,000 | ---D | M]

[2009/06/10 12:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Extensions

[2011/02/20 18:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions

[2009/08/16 07:04:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/20 18:09:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009/03/18 17:28:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009/04/13 10:51:43 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}

[2009/12/24 20:19:56 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}

[2009/03/18 14:42:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009/04/13 10:51:44 | 000,000,000 | ---D | M] (EWOQ Mobile Setup extension) -- C:\Documents and Settings\sunikar\Application Data\Mozilla\Firefox\Profiles\vguevptr.default\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}

[2011/02/06 00:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/09/14 06:23:13 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org

[2010/03/12 11:56:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2009/03/26 12:19:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/03/10 20:35:53 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5011

[2008/12/17 14:59:30 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll

[2008/12/17 14:59:31 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll

[2008/12/17 14:59:32 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll

[2008/12/17 14:59:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll

[2008/12/17 14:59:35 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

Hosts file not found

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\CoIEPlg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [Desktop Software] File not found

O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)

O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O15 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab (WebBrowserType Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - Reg Error: Key error. File not found

O18 - Protocol\Handler\vfsp - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O28 - HKLM ShellExecuteHooks: {A5949E07-8536-4625-A3D0-2DD83F559990} - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/18 11:57:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell - "" = AutoRun

O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17746478449557504)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 14:56:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

[2011/04/09 18:02:27 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2011/04/09 18:01:05 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2011/04/09 15:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Application Data\SUPERAntiSpyware.com

[2011/04/09 15:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/04/09 15:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Local Settings\Application Data\Sunbelt Software

[2011/04/09 15:37:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}

[2011/04/09 15:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft

[2011/04/09 15:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2011/04/09 15:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2011/04/09 15:08:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST

[2011/04/09 15:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite

[2011/04/09 15:08:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\0102000.007

[2011/04/09 11:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Talk

[2011/04/09 11:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Application Data\Dealio

[2011/04/09 11:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MySQL

[2011/04/09 11:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quest Software

[2011/04/09 11:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft

[2011/04/09 10:58:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sunikar\Recent

[2011/04/09 08:56:01 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/04/04 08:32:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/04/01 21:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bDk06504oKdKp06504

[2011/04/01 20:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2011/03/28 16:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Desktop\US trip

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\sunikar\My Documents\*.tmp files -> C:\Documents and Settings\sunikar\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/10 14:56:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

[2011/04/10 14:49:34 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/10 14:49:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/04/10 14:49:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-963894560-1801674531-1004.job

[2011/04/10 14:49:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-963894560-1801674531-1005.job

[2011/04/10 14:48:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/10 14:48:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2011/04/10 08:27:08 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-963894560-1801674531-1004.job

[2011/04/10 00:55:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/09 20:36:23 | 000,562,804 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/09 20:36:22 | 000,110,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/09 20:32:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-963894560-1801674531-1004UA.job

[2011/04/09 19:37:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/04/09 18:00:58 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2011/04/09 15:37:31 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\sunikar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2011/04/09 15:37:31 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2011/04/09 14:39:43 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for sunikar.job

[2011/04/09 10:12:07 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476r

[2011/04/09 10:12:07 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476

[2011/04/09 10:11:59 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19783476

[2011/04/09 08:33:52 | 000,013,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps

[2011/04/09 08:32:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/07 00:59:03 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

[2011/04/04 22:45:28 | 000,013,404 | -HS- | M] () -- C:\Documents and Settings\sunikar\Local Settings\Application Data\jcl665ep0rnlp562hps

[2011/04/04 08:30:28 | 003,894,702 | -H-- | M] () -- C:\Documents and Settings\sunikar\Desktop\ComboFix.zip

[2011/04/03 12:32:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-963894560-1801674531-1004Core.job

[2011/04/01 22:33:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp

[2011/04/01 00:22:02 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2011/03/30 13:07:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/03/30 08:09:33 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19980084

[2011/03/30 08:09:32 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19980084r

[2011/03/30 08:09:22 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19980084

[2011/03/28 20:42:17 | 000,011,258 | -H-- | M] () -- C:\Documents and Settings\sunikar\Desktop\images.jpg

[2011/03/24 10:22:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/03/24 06:22:54 | 000,000,678 | ---- | M] () -- C:\WINDOWS\System32\jsaddons.ini

[2011/03/24 06:03:47 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-963894560-1801674531-1005.job

[2011/03/20 18:41:38 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\sunikar\My Documents\*.tmp files -> C:\Documents and Settings\sunikar\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/10 01:56:12 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe

[2011/04/09 16:14:30 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2011/04/09 15:37:31 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\sunikar\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk

[2011/04/09 15:37:31 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2011/04/09 15:08:11 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\0102000.007\isolate.ini

[2011/04/09 10:12:07 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19783476r

[2011/04/09 10:12:06 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19783476

[2011/04/09 10:11:59 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19783476

[2011/04/04 08:58:07 | 003,894,702 | -H-- | C] () -- C:\Documents and Settings\sunikar\Desktop\ComboFix.zip

[2011/04/02 09:55:24 | 000,013,404 | -HS- | C] () -- C:\Documents and Settings\sunikar\Local Settings\Application Data\jcl665ep0rnlp562hps

[2011/04/02 09:55:24 | 000,013,294 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps

[2011/04/01 22:33:23 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp

[2011/03/30 08:09:32 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19980084r

[2011/03/30 08:09:32 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~19980084

[2011/03/30 08:09:22 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\19980084

[2011/03/28 20:42:22 | 000,011,258 | -H-- | C] () -- C:\Documents and Settings\sunikar\Desktop\images.jpg

[2011/03/21 21:16:11 | 000,849,608 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/03/02 11:37:54 | 000,000,277 | ---- | C] () -- C:\WINDOWS\System32\vbaddons.ini

[2011/03/02 11:16:41 | 000,000,678 | ---- | C] () -- C:\WINDOWS\System32\jsaddons.ini

[2011/03/02 11:16:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2010/12/11 23:17:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/12/08 05:25:22 | 000,001,161 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\827008272.dat

[2010/03/07 21:53:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009/11/25 15:59:32 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/08/06 10:16:24 | 000,000,401 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/07/01 06:21:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\flight4b.INI

[2009/07/01 06:19:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2009/07/01 06:19:39 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2009/06/29 17:34:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\flight4a.INI

[2009/06/29 16:24:50 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wlrun.ini

[2009/06/29 16:24:11 | 000,007,127 | ---- | C] () -- C:\WINDOWS\wrun.ini

[2009/06/29 16:17:44 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AQTProductInfo.INI

[2009/06/29 15:28:55 | 000,001,370 | ---- | C] () -- C:\WINDOWS\mercury.ini

[2009/06/26 17:28:14 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2009/06/26 17:28:14 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2009/06/26 17:28:14 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2009/06/26 17:28:14 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2009/06/26 17:28:14 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2009/06/26 17:28:14 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2009/06/26 17:28:14 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2009/06/26 17:28:14 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2009/06/26 17:28:14 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2009/06/26 17:28:14 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat

[2009/06/26 17:28:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2009/06/26 17:28:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2009/06/26 17:28:14 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2009/06/26 17:28:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2009/06/26 17:28:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2009/06/26 17:28:14 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat

[2009/06/26 17:28:14 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat

[2009/06/26 17:28:14 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2009/06/26 17:28:14 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009/06/12 18:56:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/06/06 11:14:02 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\sunikar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/18 17:52:24 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2009/03/18 17:52:24 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2009/03/18 17:51:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2009/03/18 17:51:24 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2009/03/18 17:51:24 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat

[2009/03/18 17:50:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2009/03/18 17:50:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat

[2009/03/18 17:49:23 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2009/03/18 16:54:53 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/03/18 16:07:09 | 000,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2009/03/18 13:11:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/18 12:59:20 | 000,051,370 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/03/18 12:32:58 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

[2009/03/18 12:11:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll

[2009/03/18 12:04:33 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2009/03/18 12:00:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/18 11:55:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/17 21:54:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/17 21:53:15 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2007/02/13 11:42:28 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2007/02/13 11:39:54 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys

[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 05:00:00 | 000,562,804 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 05:00:00 | 000,110,212 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\snngbzg.dll

[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2004/08/04 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll

[2004/08/04 05:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll

[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/04 05:00:00 | 000,000,342 | ---- | C] () -- C:\WINDOWS\System32\g0r8jf2.dll

[2004/08/04 05:00:00 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll

[2004/08/04 05:00:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2004/08/04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\u6gfg65.dll

[2004/08/04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\mfcl7iz.dll

[2004/08/04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\lrue84c.dll

[2004/08/04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\a9m32e5.dll

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/03/04 11:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2009/06/04 00:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2011/04/09 11:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bDk06504oKdKp06504

[2009/03/18 11:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2009/10/08 13:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL

[2010/11/17 11:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software

[2009/03/18 17:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/08/31 14:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2010/11/28 23:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon

[2010/11/28 23:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital

[2011/04/09 15:37:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}

[2009/10/09 13:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/09/05 10:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest1\Application Data\Panasonic

[2010/12/11 23:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest1\Application Data\Western Digital

[2011/04/10 14:49:34 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/04/10 14:48:43 | 000,001,286 | ---- | M] () -- C:\aaw7boot.log

[2009/03/18 11:57:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/03/28 08:54:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2009/03/18 17:52:16 | 000,000,025 | ---- | M] () -- C:\Brxpinst.log

[2009/03/18 11:57:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/04/01 22:33:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp

[2009/03/18 11:57:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/03/18 11:57:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/03/21 10:09:12 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/04/10 14:48:44 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

[2010/12/11 22:06:51 | 000,047,494 | ---- | M] () -- C:\TDSSKiller.2.4.11.0_11.12.2010_21.05.46_log.txt

[2009/06/26 19:04:35 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini

[2009/04/12 22:27:34 | 000,001,876 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >

[2006/04/18 13:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 12:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 13:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 12:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/03/18 11:57:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

[2001/11/20 15:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll

[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

[2010/11/17 11:10:30 | 000,000,161 | -H-- | M] () -- C:\Program Files\INSTALL.LOG

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

[2009/03/17 21:52:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009/03/17 21:52:28 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009/03/17 21:52:27 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

[2009/03/21 10:18:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

[2009/03/18 12:21:21 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\sunikar\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

[2009/03/18 12:21:20 | 000,000,079 | -H-- | M] () -- C:\Documents and Settings\sunikar\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

[2010/02/14 20:38:42 | 000,316,680 | ---- | M] (Dassault Systèmes) -- C:\Documents and Settings\sunikar\Desktop\3DVIA_player_installer.exe

[2009/03/18 14:35:17 | 043,083,040 | ---- | M] ( ) -- C:\Documents and Settings\sunikar\Desktop\AdbeRdr910_en_US_Std.exe

[2009/09/19 08:22:02 | 007,218,536 | ---- | M] () -- C:\Documents and Settings\sunikar\Desktop\CommunicatorPlugin_281.exe

[2009/08/18 15:16:38 | 001,606,064 | ---- | M] () -- C:\Documents and Settings\sunikar\Desktop\googletalk-setup.exe

[2009/10/15 14:08:06 | 000,570,032 | ---- | M] (Google Inc.) -- C:\Documents and Settings\sunikar\Desktop\GoogleVoiceAndVideoSetup(2).exe

[2009/03/18 14:49:44 | 059,264,920 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\sunikar\Desktop\NAV09EN.exe

[2009/07/06 14:19:47 | 155,255,392 | ---- | M] () -- C:\Documents and Settings\sunikar\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe

[2009/10/08 10:08:01 | 216,933,372 | ---- | M] (Oracle Corporation ) -- C:\Documents and Settings\sunikar\Desktop\OracleXEUniv.exe

[2011/04/10 14:56:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sunikar\Desktop\OTL.exe

[2009/03/25 14:46:17 | 021,878,064 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\sunikar\Desktop\QuickTimeInstaller.exe

[2009/09/19 08:06:40 | 006,321,440 | ---- | M] () -- C:\Documents and Settings\sunikar\Desktop\WebUpdaterforWindows_242.exe

[2009/06/05 11:44:38 | 000,367,240 | ---- | M] (Digital River, Inc.) -- C:\Documents and Settings\sunikar\Desktop\X12-30196-DLM.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-09 20:49:27

< Update\Results\Install|LastSuccessTime /rs >

< >

< >

< End of report >

[Suba]

File:- Extras.txt

OTL Extras logfile created on: 4/10/2011 3:00:20 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\sunikar\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 93.00 Mb Available Physical Memory | 9.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 62.48 Gb Total Space | 1.62 Gb Free Space | 2.59% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 9.36 Gb Free Space | 93.60% Space Free | Partition Type: NTFS

Computer Name: SUNISHKAR | User Name: sunikar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"135:TCP" = 135:TCP:*:Enabled:DCOM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe" = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe:*:Enabled:MA521 Configuration Utility -- ()

"C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)

"C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\sunikar\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus

"C:\Program Files\Mercury Interactive\QuickTest Professional\bin\AQTRmtAgent.exe" = C:\Program Files\Mercury Interactive\QuickTest Professional\bin\AQTRmtAgent.exe:*:Enabled:AQT Remote Agent

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin

"{01558B00-3F19-4E26-8B56-11CA9F97E81C}" = MA521 Configuration Utility

"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0E794924-17AC-4565-96C7-960D40F8B61E}" = TurboTax 2010 wcoiper

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{37EBB600-EAA2-012B-AD89-000000000000}" = TurboTax 2009 wiliper

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{4402084F-61EE-48B2-AFCB-AC1EC2454C79}" = MySQL Server 5.1

"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client

"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"{578145B3-3831-4D85-BB53-4A9D90F821DE}" = WebEx Recorder and Player

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{70632C41-BDAC-4128-9FBF-287F9FF53DE5}" = TurboTax 2010 wiliper

"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort

"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003

"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1

"{9932886E-7874-4BA1-A1AA-E61EA5A9352D}" = Logitech QuickCam

"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4089B20-34E1-4331-BB0F-2FC76D0F3EB4}" = Quest Software Toad for MySQL Freeware 5.0

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer

"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files

"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor

"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes

"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Ad-Aware" = Ad-Aware

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"GoToAssist" = GoToAssist 8.0.0.514

"HDMI" = Intel® Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"IE4Dev" = Microsoft Script Debugger

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NSS" = Norton Security Scan

"NST" = Norton Safe Web Lite

"Picasa 3" = Picasa 3

"ProInst" = Intel® PROSet/Wireless Software

"QcDrv" = Logitech® Camera Driver

"RealPlayer 12.0" = RealPlayer

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"The Weather Channel Desktop 6" = The Weather Channel Desktop 6

"TurboTax 2008" = TurboTax 2008

"TurboTax 2009" = TurboTax 2009

"TurboTax 2010" = TurboTax 2010

"Uninstall_is1" = Uninstall 1.0.0.1

"Windows XP Service Pack" = Windows XP Service Pack 3

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2025429265-963894560-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/4/2011 1:13:26 AM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application bdi.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2011 1:14:46 AM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application bdi.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/4/2011 1:20:16 AM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application bdi.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2011 12:55:32 AM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application bdi.exe, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2011 6:08:27 PM | Computer Name = SUNISHKAR | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 4/9/2011 6:08:27 PM | Computer Name = SUNISHKAR | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 4/9/2011 6:43:33 PM | Computer Name = SUNISHKAR | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 4/9/2011 6:43:45 PM | Computer Name = SUNISHKAR | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 4/9/2011 9:02:09 PM | Computer Name = SUNISHKAR | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 4/10/2011 5:51:06 PM | Computer Name = SUNISHKAR | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 4/9/2011 1:51:18 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 2:45:46 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 2:46:46 PM | Computer Name = SUNISHKAR | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm mfehidk OMCI

Error - 4/9/2011 3:04:28 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 3:05:50 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 3:06:55 PM | Computer Name = SUNISHKAR | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm mfehidk ohci1394 OMCI

Error - 4/9/2011 4:41:32 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/9/2011 11:37:54 PM | Computer Name = SUNISHKAR | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm mfehidk OMCI SASDIFSV SASKUTIL

Error - 4/9/2011 11:41:51 PM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/10/2011 10:56:24 AM | Computer Name = SUNISHKAR | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

[rise]

Hi,

First uninstall Spybot S&D via Add/Remove programs.

You can reinstall it back later if you want.

Then

-Download TDSSKiller from here: http://support.kaspersky.com/downloads/utils/tdsskiller.zip and save it to your Desktop.

-Extract its contents to your desktop.

-Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

-If an infected file is detected, the default action will be Cure, click on Continue.

-If a suspicious file is detected, the default action will be Skip, click on Continue.

-It may ask you to reboot the computer to complete the process. Click on Reboot Now.

-If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

-If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

Copy and paste the contents of that file here.

Then

Run OTL

-Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKU\S-1-5-21-2025429265-963894560-1801674531-1004..\Run: [Desktop Software] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\HTLFP {03B7A5D4-96B0-4316-95F8-072D326A58F1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vfsp - No CLSID value found
O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee3b5ce4-fb56-11df-a819-00188bca0ea8}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2011/04/09 11:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sunikar\Application Data\Dealio
[2011/04/01 21:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bDk06504oKdKp06504
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\sunikar\My Documents\*.tmp files -> C:\Documents and Settings\sunikar\My Documents\*.tmp -> ]
[2011/04/09 10:12:07 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476r
[2011/04/09 10:12:07 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476
[2011/04/09 10:11:59 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19783476
[2011/04/09 08:33:52 | 000,013,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps
[2011/04/04 22:45:28 | 000,013,404 | -HS- | M] () -- C:\Documents and Settings\sunikar\Local Settings\Application Data\jcl665ep0rnlp562hps
[2011/04/01 22:33:23 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/30 08:09:33 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19980084
[2011/03/30 08:09:32 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~19980084r
[2011/03/30 08:09:22 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\19980084

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

-Then click the Run Fix button at the top

-Let the program run unhindered, reboot the PC when it is done

-Post the log you get

Then

Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe and save it to your Desktop.

-Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix see this page "How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs": http://www.bleepingcomputer.com/forums/topic114351.html

-Close everything

-Double click on Combofix.exe and follow the prompts.

Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall

-When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

And finally,

-download Security Check from here: http://screen317.spywareinfoforum.org/SecurityCheck.exe and save it to your dekstop

-Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

-A Notepad document should open automatically called checkup.txt; post the contents of that document.