Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG";"Object is white-listed (critical/system file that should not be removed)"


  • This topic is locked This topic is locked
16 replies to this topic

#1 Shankar.ish

Shankar.ish

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 05 April 2010 - 01:32 PM

Please find the log




DDS (Ver_10-03-17.01) - NTFSx86
Run by Shankar at 23:44:50.24 on Mon 04/05/2010
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.974 [GMT 5.5:30]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shankar\Music\Documents\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - Ask Toolbar BHO
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} -
TB: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?

module=2009&error=0&language=en&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000082.00000045.00000119&b=00000082.00000049.000000d3&c=00000082.000000

96.000001da&d=00000082.000000e6.0000026f
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download with &DAP
IE: &Winamp Toolbar Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program

files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-4 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-4 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-4 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-4 108552]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-6-7 12800]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00

\licensing\pe\NetworkLicenseServer.exe [2007-12-7 660768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-4 297752]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\airtel\netxpert\bin\sprtsvc.exe [2009-10-21 202800]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-5-27 185640]
S2 .1192677209;1192677209;c:\program files\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360\562c4dd5\3.0.0.135\bntr1192677209.exe --> c:\program

files\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360\562c4dd5\3.0.0.135\bntr1192677209.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-6-22 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-4-21 52080]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.txt=

=============== Created Last 30 ================

2010-04-05 16:20:48 691 -c--a-w- c:\users\shankar\appdata\roaming\GetValue.vbs
2010-04-05 16:20:48 35 -c--a-w- c:\users\shankar\appdata\roaming\SetValue.bat
2010-04-05 16:11:49 3794 -c--a-w- c:\windows\system32\tmp.reg
2010-04-05 15:45:39 0 dc----w- c:\users\shankar\appdata\roaming\GetRightToGo
2010-04-02 19:03:40 0 dc----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 11:42:55 0 dc----w- c:\users\shankar\appdata\roaming\Malwarebytes
2010-04-01 11:42:41 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 11:42:39 0 dc----w- c:\programdata\Malwarebytes
2010-04-01 11:42:38 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 11:42:38 0 dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 03:29:52 0 dc----w- c:\programdata\IObit
2010-03-30 15:33:02 0 dc----w- c:\program files\ThriXXX
2010-03-29 16:59:01 0 dc----w- C:\$RECYCLE(0).BIN
2010-03-29 16:44:04 0 dc----w- C:\ComboFix
2010-03-17 16:23:42 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-17 16:23:42 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2010-03-16 19:57:57 0 dc----w- C:\PFiles
2010-03-09 18:04:08 544768 -c--a-w- c:\windows\system32\msvcr71d.dll
2010-03-09 18:04:08 344064 -c--a-w- c:\windows\system32\msvcr70.dll
2010-03-09 18:04:04 719872 -c--a-w- c:\windows\system32\devil.dll
2010-03-09 18:04:04 314368 -c--a-w- c:\windows\system32\avisynth.dll
2010-03-09 18:04:03 0 dc----w- c:\program files\Magic Video Converter

==================== Find3M ====================

2010-04-05 18:02:18 42381 -c--a-w- c:\programdata\nvModes.dat
2010-04-02 18:57:42 86016 ----a-w- c:\windows\inf\infpub.dat
2010-04-02 18:57:42 143360 ----a-w- c:\windows\inf\infstor.dat
2010-04-02 18:57:41 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-24 04:46:06 181632 -c----w- c:\windows\system32\MpSigStub.exe
2010-02-12 06:16:14 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-02-12 06:16:14 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-02-04 20:33:27 604488 -c--a-w- c:\windows\system32\TUProgSt.exe
2010-02-04 20:33:20 361288 -c--a-w- c:\windows\system32\TuneUpDefragService.exe
2008-07-27 08:46:55 174 --sha-w- c:\program files\desktop.ini
2008-07-27 08:31:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 -c--a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 -c--a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 -c--a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 -c--a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 -c--a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 -c--a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 -c--a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 -c--a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-08-20 12:22:12 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-20 12:22:12 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5

\index.dat
2008-08-20 12:22:12 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-23 07:57:16 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-23 07:57:16 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet

files\content.ie5\index.dat
2009-10-23 07:57:16 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-23 07:57:16 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-10 21:36:09 16384 -csha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat

============= FINISH: 23:46:36.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 05 April 2010 - 02:04 PM

Hello Shankar.ish,

welcome.gif to Bleeping Computer Virus, Trojan, Spyware, and Malware Removal Logs Forum.


My Nick is Net_Surfer I'll be glad to help you with your computer problems. I will be working on your Malware issues, this may or may not solve other issues you may have with your machine. whistling.gif

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Please take note of the following which will make our fix go more smoothly:
    1. The cleaning process is not instant. Very seldom can we remove the entire infection in one go. Many of today's infections install other infections and for the most part they do not like to go quietly. Please continue to review my answers until I tell you your machine is clean. Just because a symptom "disappears" does not mean your system is clean.
    2. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    3. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please set aside enough time to complete all the steps in each post and follow the instructions in the order stated.
    4. If you are running P2P filesharing program(s). My recommendation is you uninstall it/them.
    5. Do NOT run any extra scans or fix programs not requested by me as it could change the results in the reports I request.
    6. If there's anything that you don't understand, stop and ask your question(s) before proceeding with the fixes.
    7. The forum is busy and we need to have replies as soon as possible. After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you have circumstances that you are aware of that will delay your response, then please let me know. This is to ensure that your topic remains open and I don't close it to start a new post.
NOTE: In the upper right hand corner of the topic you will see a button called Options. If you click on this button, a drop-down menu will expand. By choosing Track this topic and then choosing Immediate Email Notification, followed by clicking Proceed, you will be advised when I respond to your topic. This facilitates the cleaning procedure.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.
Please reply using the button in the lower right hand corner of your screen. Do not start a new topic.
If you can do these things, everything should go smoothly. thumbup2.gif

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.

OK...Shankar.ish

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Please carefully follow the next set of steps:


I see you are running Teatimer. I suggest you to disable it
Firstly, we need to disable SpyBot's Teatimer which can interfere with the fixes.


TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

step1.gif **Note: In the event you already have old versions of Combofix I need you to delete them, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

  • For Internet Explorer:
    o Choose to save, not open the file
    o When prompted - save the file to your desktop, and rename it to CFscan with .exe extension on the end.

Please download Combofix from any of the links below but rename it to CFscan before saving it to your desktop.
Link 1
Link 2

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

step2.gif Please insert your flash drive and all usb-drives before running Combofix
    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
  • Close any open browsers.
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
  • Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
-----------------------------------------------------------

step3.gif Double click on the renamed on your desktop & follow the prompts.
If you are unsure how to run ComboFix tool, please visit this webpage for instructions: How-to-use-combofix


If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.


**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

*** When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review.***

A word of advise if you are a lurker: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

Kind regards
Net_Surfer




#3 Shankar.ish

Shankar.ish
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 05 April 2010 - 03:01 PM

CF log...



ComboFix 10-04-04.01 - Shankar 04/06/2010 1:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.913 [GMT 5.5:30]
Running from: c:\users\Shankar\Desktop\CFscan.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2172950831-992505468-2905365777-1001
c:\$recycle.bin\S-1-5-21-3102239989-1682233996-76167453-500
c:\windows\system32\oem107.inf
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.

2010-04-05 16:20 . 2010-04-05 16:20 35 -c--a-w- c:\users\Shankar\AppData\Roaming\SetValue.bat
2010-04-05 15:45 . 2010-04-05 15:48 -------- dc----w- c:\users\Shankar\AppData\Roaming\GetRightToGo
2010-04-02 19:03 . 2010-04-02 19:04 -------- dc----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 19:00 . 2010-04-02 19:01 -------- dc----w- c:\program files\QuickTime
2010-04-02 18:38 . 2010-04-02 18:38 73000 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 11:42 . 2010-04-01 11:42 -------- dc----w- c:\users\Shankar\AppData\Roaming\Malwarebytes
2010-04-01 11:42 . 2010-03-29 09:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 11:42 . 2010-04-01 11:42 -------- dc----w- c:\programdata\Malwarebytes
2010-04-01 11:42 . 2010-04-01 11:42 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 11:42 . 2010-03-29 09:54 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 10:20 . 2010-04-01 10:20 -------- dc----w- c:\users\Administrator\AppData\Roaming\TuneUp Software
2010-04-01 10:03 . 2010-04-01 10:03 -------- dc----w- c:\users\Administrator\AppData\Roaming\Hewlett-Packard
2010-04-01 10:03 . 2010-04-01 10:03 -------- dc----w- c:\users\Administrator\AppData\Local\Hewlett-Packard
2010-04-01 03:29 . 2010-04-01 03:29 -------- dc----w- c:\programdata\IObit
2010-03-30 15:33 . 2010-03-30 15:33 -------- dc----w- c:\program files\ThriXXX
2010-03-29 16:59 . 2010-03-29 16:59 -------- dc----w- C:\$RECYCLE(0).BIN
2010-03-29 16:44 . 2010-03-29 17:02 -------- dc----w- C:\ComboFix
2010-03-16 19:57 . 2010-03-16 19:57 -------- dc----w- C:\PFiles
2010-03-12 16:32 . 2006-02-09 05:29 223 -c--a-w- c:\users\Shankar\AppData\Roaming\uTorrent\IP filter µpdater.bat
2010-03-12 16:32 . 2005-10-17 05:42 258048 -c--a-w- c:\users\Shankar\AppData\Roaming\uTorrent\wget.exe
2010-03-12 16:32 . 2005-04-13 07:27 159744 -c--a-w- c:\users\Shankar\AppData\Roaming\uTorrent\ssleay32.dll
2010-03-12 16:32 . 2005-04-13 07:26 888832 -c--a-w- c:\users\Shankar\AppData\Roaming\uTorrent\libeay32.dll
2010-03-09 18:04 . 2003-03-19 05:33 544768 -c--a-w- c:\windows\system32\msvcr71d.dll
2010-03-09 18:04 . 2002-01-05 09:07 344064 -c--a-w- c:\windows\system32\msvcr70.dll
2010-03-09 18:04 . 2006-09-16 14:14 314368 -c--a-w- c:\windows\system32\avisynth.dll
2010-03-09 18:04 . 2004-05-26 16:07 719872 -c--a-w- c:\windows\system32\devil.dll
2010-03-09 18:04 . 2010-03-11 04:38 -------- dc----w- c:\program files\Magic Video Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 19:28 . 2009-06-07 14:41 -------- dc----w- c:\program files\Spybot - Search & Destroy
2010-04-05 19:28 . 2009-06-07 14:41 -------- dc----w- c:\programdata\Spybot - Search & Destroy
2010-04-05 19:26 . 2009-06-20 10:07 -------- dc----w- c:\program files\uTorrent
2010-04-05 19:26 . 2009-06-20 10:07 -------- dc----w- c:\users\Shankar\AppData\Roaming\uTorrent
2010-04-05 18:02 . 2009-06-03 04:41 42381 -c--a-w- c:\programdata\nvModes.dat
2010-04-05 16:20 . 2007-11-18 21:22 -------- dc----w- c:\program files\Google
2010-04-05 16:20 . 2010-04-05 16:20 691 -c--a-w- c:\users\Shankar\AppData\Roaming\GetValue.vbs
2010-04-05 15:48 . 2008-02-10 10:14 -------- dc----w- c:\users\Shankar\AppData\Roaming\Free Download Manager
2010-04-04 05:57 . 2008-02-10 10:14 -------- dc----w- c:\program files\Free Download Manager
2010-04-02 19:04 . 2008-02-21 18:10 -------- dc----w- c:\program files\iTunes
2010-04-02 19:03 . 2008-02-21 18:10 -------- dc----w- c:\program files\iPod
2010-04-02 19:03 . 2007-11-22 22:16 -------- dc----w- c:\program files\Common Files\Apple
2010-04-02 18:56 . 2009-06-02 08:41 -------- dc----w- c:\program files\Bonjour
2010-04-01 10:01 . 2010-04-01 10:01 121432 -c--a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-01 03:18 . 2007-11-19 03:52 -------- dc----w- c:\users\Shankar\AppData\Roaming\Winamp
2010-03-31 10:37 . 2008-01-08 15:36 680 -c--a-w- c:\users\Shankar\AppData\Local\d3d9caps.dat
2010-03-30 10:18 . 2008-10-31 09:00 -------- dc----w- c:\program files\Common Files\Adobe
2010-03-15 06:16 . 2008-05-26 09:49 -------- dc----w- c:\users\Shankar\AppData\Roaming\Skype
2010-03-15 06:09 . 2008-05-29 01:20 -------- dc----w- c:\users\Shankar\AppData\Roaming\skypePM
2010-03-01 03:10 . 2009-09-27 16:14 -------- dc----w- c:\users\Shankar\AppData\Roaming\DiskAid
2010-02-26 11:01 . 2010-02-26 11:01 10240 -c--a-w- c:\users\Shankar\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2010-02-24 04:46 . 2009-10-21 17:41 181632 -c----w- c:\windows\system32\MpSigStub.exe
2010-02-21 06:41 . 2010-02-21 06:41 -------- dc----w- c:\program files\AC3Filter
2010-02-15 18:45 . 2010-02-15 18:45 -------- dc----w- c:\program files\GContactSync
2010-02-12 06:16 . 2010-02-12 06:16 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-02-12 06:16 . 2010-02-12 06:16 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-02-08 09:17 . 2007-11-22 22:20 -------- dc----w- c:\users\Shankar\AppData\Roaming\Apple Computer
2010-02-08 09:15 . 2010-02-08 09:14 -------- dc----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-05 05:09 . 2010-02-05 05:09 251376 -c--a-w- c:\users\Shankar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-02-04 20:33 . 2009-08-05 21:44 604488 -c--a-w- c:\windows\system32\TUProgSt.exe
2010-02-04 20:33 . 2010-02-04 20:33 361288 -c--a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-04 20:33 . 2009-08-05 21:43 -------- dc----w- c:\program files\TuneUp Utilities 2009
2010-01-14 15:27 . 2010-01-14 15:27 5775360 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold.exe
2010-01-14 15:27 . 2010-01-14 15:26 8405312 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-01-14 15:22 . 2010-01-14 15:22 149000 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2010-01-14 15:22 . 2010-01-14 15:22 10309448 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2010-01-14 15:16 . 2010-01-14 15:16 79368 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2010-01-14 15:16 . 2010-01-14 15:16 64000 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
2010-01-14 15:16 . 2010-01-14 15:16 52288 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
2010-01-14 15:16 . 2010-01-14 15:16 50688 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
2010-01-14 15:16 . 2010-01-14 15:16 118784 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2010-01-13 17:58 . 2010-01-13 17:58 439816 -c--a-w- c:\users\Shankar\AppData\Roaming\Real\Update\setup3.09\setup.exe
.

------- Sigcheck -------

[-] 2008-01-19 07:41 . A063564FD1718576AE119D36D75829AC . 21560 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2008-01-19 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[7] 2008-01-19 . B35CFCEF838382AB6490B321C87EDF17 . 21560 . . [6.0.6000.16632] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-09-15 01:17 1784856 -c--a-w- c:\program files\The_Pirate_Bay\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "c:\program files\The_Pirate_Bay\tbThe_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "c:\program files\The_Pirate_Bay\tbThe_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-08-27 638232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13556256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual CD 3 - Quicklaunch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Virtual CD 3 - Quicklaunch.lnk
backup=c:\windows\pss\Virtual CD 3 - Quicklaunch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Shankar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Google Outlook Contact Sync.lnk]
path=c:\users\Shankar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Outlook Contact Sync.lnk
backup=c:\windows\pss\Google Outlook Contact Sync.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Shankar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-03-16 16:28 47392 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 13:33 152872 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-01-30 21:15 3399727 -c--a-w- c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 05:35 133104 -c--atw- c:\users\Shankar\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 01:30 33648 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 08:12 70912 -c--a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-20 22:23 1773568 -c--a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 00:37 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 19:40 142120 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 20:26 484904 -c--a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 13:21 3885408 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 10:27 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11 176128 -c--a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 16:23 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-09 22:57 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-18 21:22 171448 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-08-11 04:22 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 -c--a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
"Google Update"="c:\users\Shankar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"nxpclient"=c:\program files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 .1192677209;1192677209;c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\3.0.0.135\bntr1192677209.exe [x]
R3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 52080]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-09-03 12800]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\Airtel\NetXpert\bin\sprtsvc.exe [2009-09-09 202800]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-27 185640]
S4 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [x]
S4 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - AvgLdx86

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 -c--a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-04-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]

2010-04-05 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-02-08 08:41]

2010-04-05 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-08 05:32]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2172950831-992505468-2905365777-1000Core.job
- c:\users\Shankar\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 05:35]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2172950831-992505468-2905365777-1000UA.job
- c:\users\Shankar\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 05:35]

2008-11-29 c:\windows\Tasks\HPCeeScheduleForShankar.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-08-04 21:23]

2010-04-05 c:\windows\Tasks\User_Feed_Synchronization-{51D5D567-96B2-441B-A540-2FA349AA0595}.job
- c:\windows\system32\msfeedssync.exe [2009-10-21 03:41]

2010-04-05 c:\windows\Tasks\User_Feed_Synchronization-{51E9BD6B-B605-410A-B83C-EA3F7265496E}.job
- c:\windows\system32\msfeedssync.exe [2009-10-21 03:41]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP
IE: &Winamp Toolbar Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.txt=
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Software Informer - c:\program files\Free Download Manager\softinfo.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
MSConfigStartUp-VCDPlayer - c:\program files\VirtualCD3\VCDPlayer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 01:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Shankar\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2172950831-992505468-2905365777-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BD79045C-51CF-8C3C-8830-94B8C3742E50}*]
"bbpcpmkljfhjgmelhmekdbochjohklgnlemh"=hex:61,62,6f,62,6f,66,6b,6a,70,69,6b,63,
6c,64,62,6e,6f,6a,63,62,6b,6b,65,6c,66,70,6f,6f,63,6b,65,69,61,64,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\MSSYCLM]
@Denied: (B C D 1 2 3 4 5 6) (LocalSystem)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-06 01:19:51
ComboFix-quarantined-files.txt 2010-04-05 19:49
ComboFix2.txt 2010-03-29 17:02

Pre-Run: 24,388,718,592 bytes free
Post-Run: 24,043,454,464 bytes free

- - End Of File - - 815EC4FB84205997ED75C0CEACE29D9C


#4 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 05 April 2010 - 04:56 PM

Hello again Shankar.ish, busy.gif

The infection appears to be related to the new TDL3 infection. You can read more here:


url=http://www.drweb.com/static/BackDoor.Tdss.565_%28aka%20TDL3%29_en.pdf

Please Carefully follow my next set of steps:

Since you stated at the Bleeping Computer irc help channel that you agree to uninstall spybot teatimer, utorrent and the old version of AVG antivirus and now installed Avira. Please take a note:

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.

Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


Step 1. Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Please carefully follow my next set of steps:

Step 2.* JavaRa and Java update.

Your Java program is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
Download and Run JavaRA

Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start.
  • Use the drop down box to choose your language and click Select.
  • Select "Remove Older Versions".
  • Click Yes when asked "This will remove all older versions of the Java JRE...Are you sure you want to proceed?"
  • Click Ok when search and removal of old versions has completed.
  • A notice will appear indicating "Finished searching for all old versions...A logfile has been created...called JavaRa.log...
    JavaRa will now open its logfile.
    "
  • Click Ok and notepad will open with the log results of what was found and removed.
  • View the logfile and close notepad.
  • A copy of JavaRa.log will automatically be saved to your primary hard drive (usually C\:JavaRa.log).
  • Return to JavaRa and click the button for Additonal Tasks.
  • Select these Tasks:
    • Remove Useless JRE Files
    • Remove Startup Entry
    • Remove JavaRa Logfile (optional)
  • Click Go and then Ok when prompted "Finished searching for useless JRE files.
  • Click Ok again when prompted "Finished searching for JRE startup entries.
  • Close the Additional Tasks window, exit JavaRa and reboot your computer.
Step 3. Then download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 19 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • From your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
-- The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
Malwarebytes' Anti-Malware

step4.* Please download: Malwarebytes' Anti-Malware

Note: If you already have Malwarebytes' Anti-Malware, just update first then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform a Full system Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Step 5. I will like for you to install all the critical updates issued by Microsoft by visiting this site and ensure that you install the service package 2 for your vista:

http://www.windowsupdate.com/

Step 6.
  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
    Now copy the lines below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    .
  • Click the Run Scan button.


  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
Summary of the logs I will need in your next reply:
  • MBAM log.
  • the report logs of OTL: OTL.Txt and Extras.Txt
How are things your end Shankar.ish?


Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Kind regards
Net_Surfer

horse.gif

Edited by Net_Surfer, 05 April 2010 - 05:04 PM.


#5 Shankar.ish

Shankar.ish
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 05 April 2010 - 07:19 PM

After I uninstall spybot teatimer, utorrent and the old version of AVG antivirus, I installed Avira. Later when it ran a scan, it said that the system is infected with a virus patched to "atapi.sys". Later as per instructions, when i updated Java, it asked for a reboot. When i did that,my system did not boot. I had to restore it to the stage where i uninstalled AVG and later it started. Now i had run OTL skipping MBAM as per instructions. Please find the log files of the scan. OTL.txt and Extras.txt.

____________________________________________________________________________________________________________________________________

OTL logfile created on: 4/6/2010 05:20:54 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Shankar\Music\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 16.05 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.80 Gb Free Space | 21.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 347.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHANKAR-PC
Current User Name: Shankar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Shankar\Music\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Users\Shankar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Shankar\Music\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (.1192677209) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (sprtsvc_nxpclient) SupportSoft Sprocket Service (nxpclient) -- C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (Start BT in service) -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\elrawdsk.sys (EldoS Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (atapi) -- C:\Windows\system32\drivers\atapi.sys ()
DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/04/05 21:50:39 | 000,307,391 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10570 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (The Pirate Bay Toolbar) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (The Pirate Bay Toolbar) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (The Pirate Bay Toolbar) - {A33FA729-D155-4B23-842B-2C665ECABDB6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shankar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shankar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 16:38:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{2a22236c-00f1-11de-924c-001b24bd93cf}\Shell\AutoRun\command - "" = F:\System\DriveGuard\DriveProtect.exe -- File not found
O33 - MountPoints2\{2a22236c-00f1-11de-924c-001b24bd93cf}\Shell\Explore\Command - "" = F:\System\DriveGuard\DriveProtect.exe -- File not found
O33 - MountPoints2\{2a22236c-00f1-11de-924c-001b24bd93cf}\Shell\Open\Command - "" = F:\System\DriveGuard\DriveProtect.exe -- File not found
O33 - MountPoints2\{2fff9bc7-d8f1-11de-b942-00030d000001}\Shell\AutoRun\command - "" = E:\DSK\FLE.exe -- File not found
O33 - MountPoints2\{2fff9bc7-d8f1-11de-b942-00030d000001}\Shell\open\command - "" = E:\DSK\FLE.exe -- File not found
O33 - MountPoints2\{5f76967d-bb42-11de-b3ac-001b24bd93cf}\Shell\AutoRun\command - "" = E:\dsncb.exe -- File not found
O33 - MountPoints2\{5f76967d-bb42-11de-b3ac-001b24bd93cf}\Shell\Explore\Command - "" = E:\dsncb.exe -- File not found
O33 - MountPoints2\{5f76967d-bb42-11de-b3ac-001b24bd93cf}\Shell\Open\Command - "" = E:\dsncb.exe -- File not found
O33 - MountPoints2\{7943f145-ab0d-11dc-bd3f-001b24bd93cf}\Shell\Explore\Command - "" = RECYCLER\desktop.exe
O33 - MountPoints2\{7943f145-ab0d-11dc-bd3f-001b24bd93cf}\Shell\Open\Command - "" = RECYCLER\desktop.exe
O33 - MountPoints2\{a85db229-a3e9-11dc-ae66-001a73b57432}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe
O33 - MountPoints2\{afc5b76c-5a88-11dd-b37a-001b24bd93cf}\Shell - "" = Autorun
O33 - MountPoints2\{afc5b76c-5a88-11dd-b37a-001b24bd93cf}\Shell\Open\command - "" = regsvr.exe
O33 - MountPoints2\{f9394eb4-a546-11dc-a059-001a73b57432}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe
O34 - HKLM BootExecute: ("autocheck autochk *") - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/27 14:02:57 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual CD 3 - Quicklaunch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Users^Shankar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Google Outlook Contact Sync.lnk - C:\Program Files\GContactSync\GContactsSync.exe - ()
MsConfig - StartUpFolder: C:^Users^Shankar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: BitTorrent - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Free Download Manager - hkey= - key= - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Shankar\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig - StartUpReg: iolo Startup - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Software Informer - hkey= - key= - C:\Program Files\Free Download Manager\softinfo.exe File not found
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VCDPlayer - hkey= - key= - C:\Program Files\VirtualCD3\VCDPlayer.exe File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 05:06:28 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/04/06 05:06:28 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/04/06 05:06:28 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/04/06 05:06:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/04/06 05:06:28 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/04/06 04:45:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/06 03:03:59 | 000,000,000 | ---D | C] -- C:\Users\Shankar\AppData\Roaming\Avira
[2010/04/06 02:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/04/06 02:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/06 01:19:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/05 21:15:41 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Downloads
[2010/04/05 21:15:39 | 000,000,000 | ---D | C] -- C:\Users\Shankar\AppData\Roaming\GetRightToGo
[2010/04/04 11:29:02 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Paiyaa
[2010/04/03 00:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/03 00:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/01 17:12:55 | 000,000,000 | ---D | C] -- C:\Users\Shankar\AppData\Roaming\Malwarebytes
[2010/04/01 17:12:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/01 17:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/01 17:12:38 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/01 17:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/01 13:53:37 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Shankar\Desktop\mbam-setup.exe
[2010/04/01 13:53:08 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Shankar\Desktop\TFC.exe
[2010/04/01 08:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/03/30 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\ThriXXX
[2010/03/29 22:29:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE(0).BIN
[2010/03/29 22:14:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/29 22:08:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/26 19:13:21 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Paathshala
[2010/03/23 23:10:44 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Upload
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/03/17 01:27:57 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/03/16 16:42:51 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Funny Pics
[2010/03/09 23:34:08 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71d.dll
[2010/03/09 23:34:08 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010/03/09 23:34:04 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010/03/09 23:34:04 | 000,314,368 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010/03/09 23:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Video Converter
[2009/10/21 17:33:12 | 008,899,310 | ---- | C] (Bharti ) -- C:\Users\Shankar\agent.exe

========== Files - Modified Within 30 Days ==========

[2010/04/06 05:24:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51D5D567-96B2-441B-A540-2FA349AA0595}.job
[2010/04/06 05:23:12 | 007,077,888 | ---- | M] () -- C:\Users\Shankar\ntuser.dat
[2010/04/06 05:23:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172950831-992505468-2905365777-1000UA.job
[2010/04/06 05:20:20 | 000,000,680 | ---- | M] () -- C:\Users\Shankar\AppData\Local\d3d9caps.dat
[2010/04/06 05:17:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 05:17:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 05:06:40 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/06 05:00:02 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2010/04/06 04:44:38 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51E9BD6B-B605-410A-B83C-EA3F7265496E}.job
[2010/04/06 04:41:18 | 000,042,381 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/06 04:41:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/04/06 04:40:52 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/04/06 04:40:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/06 04:40:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/06 04:05:29 | 000,524,288 | -HS- | M] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TMContainer00000000000000000001.regtrans-ms
[2010/04/06 04:05:29 | 000,065,536 | -HS- | M] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TM.blf
[2010/04/06 04:04:41 | 002,945,954 | -H-- | M] () -- C:\Users\Shankar\AppData\Local\IconCache.db
[2010/04/06 01:24:59 | 000,042,381 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/06 00:47:54 | 003,907,460 | ---- | M] () -- C:\Users\Shankar\Desktop\CFscan.exe
[2010/04/06 00:01:27 | 000,005,111 | ---- | M] () -- C:\Users\Shankar\Desktop\Attach.zip
[2010/04/05 21:50:48 | 000,003,794 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/04/05 21:50:48 | 000,000,691 | ---- | M] () -- C:\Users\Shankar\AppData\Roaming\GetValue.vbs
[2010/04/05 21:50:48 | 000,000,035 | ---- | M] () -- C:\Users\Shankar\AppData\Roaming\SetValue.bat
[2010/04/05 21:50:39 | 000,307,391 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/05 20:26:48 | 058,564,804 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/05 17:23:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172950831-992505468-2905365777-1000Core.job
[2010/04/04 11:27:52 | 000,000,786 | ---- | M] () -- C:\Users\Shankar\Desktop\Free Download Manager.lnk
[2010/04/03 00:34:27 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/03 00:31:02 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/02 23:25:16 | 744,858,624 | ---- | M] () -- C:\Users\Shankar\Music\Documents\Shankar Gmail.pst
[2010/04/02 13:44:37 | 000,207,360 | ---- | M] () -- C:\Users\Shankar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/02 12:56:14 | 000,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/02 12:56:14 | 000,634,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/02 12:56:14 | 000,117,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/01 17:12:44 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 13:55:13 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Shankar\Desktop\mbam-setup.exe
[2010/04/01 13:53:20 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Shankar\Desktop\TFC.exe
[2010/04/01 13:08:39 | 000,000,689 | ---- | M] () -- C:\Users\Shankar\Desktop\cmd.exe.lnk
[2010/04/01 08:48:58 | 007,077,888 | ---- | M] () -- C:\Users\Shankar\ntuser.dat_previous
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/03/17 14:41:08 | 001,769,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/11 10:07:41 | 000,001,701 | ---- | M] () -- C:\Users\Shankar\Desktop\Magic Video Converter.lnk
[2010/03/10 07:38:27 | 000,000,994 | ---- | M] () -- C:\Users\Shankar\Desktop\Xilisoft Video Converter 3.lnk
[2010/03/10 07:38:27 | 000,000,963 | ---- | M] () -- C:\Users\Shankar\Desktop\Xilisoft Video Converter Wizard 3.lnk

========== Files Created - No Company Name ==========

[2010/04/06 05:06:40 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/06 00:47:22 | 003,907,460 | ---- | C] () -- C:\Users\Shankar\Desktop\CFscan.exe
[2010/04/06 00:01:27 | 000,005,111 | ---- | C] () -- C:\Users\Shankar\Desktop\Attach.zip
[2010/04/05 21:50:48 | 000,000,691 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\GetValue.vbs
[2010/04/05 21:50:48 | 000,000,035 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\SetValue.bat
[2010/04/05 21:41:49 | 000,003,794 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/04/04 11:27:52 | 000,000,786 | ---- | C] () -- C:\Users\Shankar\Desktop\Free Download Manager.lnk
[2010/04/03 00:34:27 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/03 00:31:02 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/01 17:12:44 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 15:34:37 | 000,000,438 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{51D5D567-96B2-441B-A540-2FA349AA0595}.job
[2010/04/01 13:08:32 | 000,000,689 | ---- | C] () -- C:\Users\Shankar\Desktop\cmd.exe.lnk
[2010/03/10 07:38:27 | 000,000,994 | ---- | C] () -- C:\Users\Shankar\Desktop\Xilisoft Video Converter 3.lnk
[2010/03/10 07:38:27 | 000,000,963 | ---- | C] () -- C:\Users\Shankar\Desktop\Xilisoft Video Converter Wizard 3.lnk
[2010/03/09 23:34:12 | 000,001,701 | ---- | C] () -- C:\Users\Shankar\Desktop\Magic Video Converter.lnk
[2009/11/24 19:29:31 | 000,001,024 | ---- | C] () -- C:\ProgramData\sowdp88.dat
[2009/11/24 19:29:28 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini
[2009/11/24 19:29:25 | 002,157,568 | ---- | C] () -- C:\Windows\System32\pdfutil.dll
[2009/11/24 00:36:14 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TMContainer00000000000000000002.regtrans-ms
[2009/11/24 00:36:14 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TMContainer00000000000000000001.regtrans-ms
[2009/11/24 00:36:14 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TM.blf
[2009/10/21 17:37:06 | 000,000,067 | ---- | C] () -- C:\Users\Shankar\startAgent.bat
[2009/10/21 17:34:01 | 000,000,297 | ---- | C] () -- C:\Users\Shankar\launchAgent.bat
[2009/10/16 15:28:01 | 000,000,552 | ---- | C] () -- C:\Users\Shankar\AppData\Local\d3d8caps.dat
[2009/08/27 13:15:45 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5c7d0caa-8a4c-11de-a68e-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2009/08/27 13:15:45 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5c7d0caa-8a4c-11de-a68e-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2009/08/27 13:15:45 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5c7d0caa-8a4c-11de-a68e-001b24bd93cf}.TM.blf
[2009/08/16 15:37:01 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5903f7b9-89ed-11de-9441-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2009/08/16 15:37:01 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5903f7b9-89ed-11de-9441-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2009/08/16 15:37:00 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5903f7b9-89ed-11de-9441-001b24bd93cf}.TM.blf
[2009/06/27 02:25:47 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{8aba8857-6244-11de-8e6a-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/27 02:25:47 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{8aba8857-6244-11de-8e6a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/27 02:25:47 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{8aba8857-6244-11de-8e6a-806e6f6e6963}.TM.blf
[2009/06/25 10:30:23 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{48aee1c1-6144-11de-a800-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/25 10:30:23 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{48aee1c1-6144-11de-a800-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/25 10:30:22 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{48aee1c1-6144-11de-a800-806e6f6e6963}.TM.blf
[2009/06/23 16:44:42 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{bc3c3cfa-5fe4-11de-86b4-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/23 16:44:42 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{bc3c3cfa-5fe4-11de-86b4-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/23 16:44:42 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{bc3c3cfa-5fe4-11de-86b4-806e6f6e6963}.TM.blf
[2009/06/22 15:11:25 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{fc5cb772-5ef3-11de-957c-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/22 15:11:25 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{fc5cb772-5ef3-11de-957c-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/22 15:11:25 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{fc5cb772-5ef3-11de-957c-806e6f6e6963}.TM.blf
[2009/06/21 08:11:28 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{b9d2bc0d-5e0b-11de-bf45-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/21 08:11:28 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{b9d2bc0d-5e0b-11de-bf45-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/21 08:11:28 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{b9d2bc0d-5e0b-11de-bf45-806e6f6e6963}.TM.blf
[2009/06/18 09:45:39 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{edb63fd5-5bbd-11de-ab5a-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/18 09:45:39 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{edb63fd5-5bbd-11de-ab5a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/18 09:45:39 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{edb63fd5-5bbd-11de-ab5a-806e6f6e6963}.TM.blf
[2009/06/17 11:41:08 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{6658c599-5b04-11de-b955-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/17 11:41:08 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{6658c599-5b04-11de-b955-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/17 11:41:08 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{6658c599-5b04-11de-b955-806e6f6e6963}.TM.blf
[2009/06/15 13:19:16 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{25d03f19-5980-11de-b1e9-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/15 13:19:15 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{25d03f19-5980-11de-b1e9-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/15 13:19:15 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{25d03f19-5980-11de-b1e9-806e6f6e6963}.TM.blf
[2009/06/14 04:54:38 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2ed44c7a-5870-11de-b053-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/14 04:54:38 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2ed44c7a-5870-11de-b053-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/14 04:54:38 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2ed44c7a-5870-11de-b053-806e6f6e6963}.TM.blf
[2009/06/13 10:02:20 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{796e2891-579a-11de-a78e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/13 10:02:20 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{796e2891-579a-11de-a78e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/13 10:02:20 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{796e2891-579a-11de-a78e-806e6f6e6963}.TM.blf
[2009/06/10 01:12:25 | 000,000,000 | ---- | C] () -- C:\Windows\CSDiff.INI
[2009/06/09 20:23:49 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2fb643f2-54fb-11de-89ec-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/09 20:23:49 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2fb643f2-54fb-11de-89ec-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/09 20:23:49 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2fb643f2-54fb-11de-89ec-806e6f6e6963}.TM.blf
[2009/06/09 01:02:46 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{7efc65f2-5462-11de-b709-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/09 01:02:46 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{7efc65f2-5462-11de-b709-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/09 01:02:46 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{7efc65f2-5462-11de-b709-806e6f6e6963}.TM.blf
[2009/06/08 09:46:44 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{313a1bf2-53d6-11de-a29d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/08 09:46:44 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{313a1bf2-53d6-11de-a29d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/08 09:46:44 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{313a1bf2-53d6-11de-a29d-806e6f6e6963}.TM.blf
[2009/06/07 20:32:17 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini
[2009/06/07 20:07:00 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{d6a4af90-5344-11de-a5fe-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/07 20:07:00 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{d6a4af90-5344-11de-a5fe-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/07 20:07:00 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{d6a4af90-5344-11de-a5fe-806e6f6e6963}.TM.blf
[2009/06/07 10:11:08 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/06/03 10:11:58 | 000,042,381 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/03 10:11:52 | 000,042,381 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/19 22:44:40 | 000,022,225 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/08/19 13:55:24 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{45ba1318-6dc8-11dd-b49c-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2008/08/19 13:55:24 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{45ba1318-6dc8-11dd-b49c-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2008/08/19 13:55:24 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{45ba1318-6dc8-11dd-b49c-001b24bd93cf}.TM.blf
[2008/08/14 15:07:25 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2008/07/23 21:26:49 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2008/06/19 18:02:59 | 000,000,310 | ---- | C] () -- C:\Users\Shankar\Public - Shortcut.lnk
[2008/06/11 05:37:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/11 05:33:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/11 05:33:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/29 06:50:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/23 03:48:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/03/02 21:40:28 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{83981dfa-e86f-11dc-af55-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2008/03/02 21:40:27 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{83981dfa-e86f-11dc-af55-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2008/03/02 21:40:27 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{83981dfa-e86f-11dc-af55-001b24bd93cf}.TM.blf
[2008/02/20 22:17:36 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{f25bdf2a-dfd1-11dc-b8a9-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2008/02/20 22:17:36 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{f25bdf2a-dfd1-11dc-b8a9-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2008/02/20 22:17:36 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{f25bdf2a-dfd1-11dc-b8a9-001b24bd93cf}.TM.blf
[2008/02/03 15:18:02 | 000,000,000 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\wklnhst.dat
[2008/01/08 21:06:36 | 000,000,680 | ---- | C] () -- C:\Users\Shankar\AppData\Local\d3d9caps.dat
[2007/11/27 13:39:58 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/11/22 09:34:40 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/11/22 09:34:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/11/19 03:20:28 | 009,686,827 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\UserTile.png
[2007/11/18 22:25:04 | 000,041,621 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\nvModes.001
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\Windows\System32\imlCID.dll
[2007/11/18 14:31:45 | 000,041,621 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\nvModes.dat
[2007/11/18 14:22:42 | 000,006,144 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/18 09:21:17 | 000,207,360 | ---- | C] () -- C:\Users\Shankar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/18 08:47:18 | 000,000,000 | ---- | C] () -- C:\Users\Shankar\AppData\Local\QSwitch.txt
[2007/11/18 08:47:18 | 000,000,000 | ---- | C] () -- C:\Users\Shankar\AppData\Local\DSwitch.txt
[2007/11/18 08:47:18 | 000,000,000 | ---- | C] () -- C:\Users\Shankar\AppData\Local\AtStart.txt
[2007/11/18 08:33:59 | 007,077,888 | ---- | C] () -- C:\Users\Shankar\ntuser.dat_previous
[2007/11/18 08:33:59 | 007,077,888 | ---- | C] () -- C:\Users\Shankar\ntuser.dat
[2007/11/18 08:33:59 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/11/18 08:33:59 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/11/18 08:33:59 | 000,262,144 | -H-- | C] () -- C:\Users\Shankar\ntuser.dat.LOG1
[2007/11/18 08:33:59 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/11/18 08:33:59 | 000,000,020 | -HS- | C] () -- C:\Users\Shankar\ntuser.ini
[2007/11/18 08:33:59 | 000,000,000 | -H-- | C] () -- C:\Users\Shankar\ntuser.dat.LOG2
[2007/02/28 02:13:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 11:31:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 11:31:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:55:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/10 06:28:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 17:36:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2009/07/28 00:26:51 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\CopyTransPhoto
[2010/03/01 08:40:33 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\DiskAid
[2010/04/05 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Free Download Manager
[2010/04/05 21:18:00 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\GetRightToGo
[2009/06/27 22:38:33 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\IObit
[2009/06/07 10:31:56 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\iolo
[2009/12/16 00:56:08 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\iWin
[2008/06/08 01:12:47 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\MyPhoneExplorer
[2008/09/02 20:36:53 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\NCH Swift Sound
[2007/12/04 06:10:26 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\ScanSoft
[2009/06/10 01:47:48 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Scooter Software
[2009/12/04 11:05:57 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\shrink_pic
[2008/05/25 01:52:47 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Software Informer
[2009/11/17 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\SpinTop
[2009/11/17 22:12:16 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\SpinTop Games
[2009/07/06 19:12:39 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\TeamViewer
[2008/09/05 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Thinstall
[2009/08/06 03:14:21 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\TuneUp Software
[2010/04/06 04:43:32 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\uTorrent
[2008/11/04 02:14:40 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\WAYN
[2009/07/28 00:22:38 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\WindSolutions
[2009/06/10 11:44:59 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Workshare
[2007/11/27 13:42:30 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Zeon
[2010/04/06 05:00:02 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2010/04/06 04:41:06 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2010/04/06 04:40:52 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/04/05 21:47:37 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/06 05:24:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{51D5D567-96B2-441B-A540-2FA349AA0595}.job
[2010/04/06 04:44:38 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{51E9BD6B-B605-410A-B83C-EA3F7265496E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: [2008/01/19 13:11:30 | 000,021,560 | ---- | M] () >
[2008/01/19 13:11:30 | 000,021,560 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

< MD5 for: AGP440.SYS >
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/04 16:48:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/08/04 16:48:39 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/08/04 16:48:39 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 15:19:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 15:19:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 13:11:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 13:11:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 15:19:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 10:36:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/19 10:36:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/19 10:03:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 15:16:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 15:16:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 13:12:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 13:12:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 15:16:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 13:05:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 13:05:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 13:12:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 13:12:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 13:06:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 13:06:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 15:16:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 13:08:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 13:06:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/01/19 13:11:30 | 000,021,560 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:538DC028
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA34E08F
< End of report >

_________________________________________________________________________________________________________________________________

OTL Extras logfile created on: 4/6/2010 05:20:54 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Shankar\Music\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 16.05 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.80 Gb Free Space | 21.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 347.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHANKAR-PC
Current User Name: Shankar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F1BC81-4C00-453C-A433-50EAB37A8F97}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08D2E99D-94CA-4A0B-A60F-EAE8914DCF79}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D6B67EF-ADE2-40C0-9649-19AE7535B1F9}" = lport=32459 | protocol=6 | dir=in | name=bit torrent |
"{2320F6A6-D200-4E16-B542-05AA5A290E8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2C605297-3850-4A71-B0EA-2E4FA4987E06}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E6FB032-5F6E-46C0-9C87-223089C7294D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44202BC3-EDB6-4645-8F27-641A31021E8D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A5A0E47-27A2-4DD2-BB2C-37453E1A6C73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{541E5728-4281-4C35-8D0B-055BB7715174}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{631A4E71-1F24-42A6-B4A4-0FAAE106AF7D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79E12C4E-B248-48C0-A1FC-24F7EEB1C913}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7AA2E650-AB3A-49B6-9EF6-F76B71560855}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8BAF9B5B-8C5F-44FF-9004-FB9B3901220B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{999DBC9D-FF21-43FA-A3CB-906130C7D4C2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9BF148CD-C8D8-4D90-80F7-78654770073F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA7DD4A7-B32C-45C9-A9B0-58D8ACB03F08}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C6980960-331C-4D42-B906-A051CB2B2ED7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D964099B-AD11-4ECE-8093-DD1ABF57E1E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F47B38A9-0AF6-43AF-8F32-7F4D4215B137}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B3E3D3-25EE-49F5-822A-539C5D088CDC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{075EB95F-94A6-4630-9A90-112AAA625534}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0A805378-160E-47FF-A8C3-BAAAB4F06B78}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{0C5FB705-DF47-4F39-B493-ECDCF6400677}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{0CAA4340-1274-4176-9CC7-47887FBA96FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{184F53A9-389E-4CA2-B08C-8D2A5A21A1CD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{197C8FBD-6C2D-4FA4-A6BB-28A048F560F9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{258DB5F4-E85E-4FC6-9AC0-7E46A5F767C1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{2B507FD9-2B68-428F-957F-9A6D7F1E29BA}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{2CBE32A9-9AC4-421E-8000-5C2F902C729A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3724B021-6C4F-462C-B157-1E73DF9D7EC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3D702E83-71A3-45C0-B1CD-D9D75E053E4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EACBD00-B5AA-44F8-8A77-0AB6776E97FB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{40C1E293-9FC1-49F5-9C1E-B534C473E76F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4AA760B8-0F1E-48C3-97E0-98A88103C5D7}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4AF0AEA3-070C-4DDA-A9B6-BC663B92E6F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D802D18-2CE9-472F-A7AE-F5A07DC1B734}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{508B9350-31DC-4EA5-A0AF-B4317204A3BE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55F81EE6-AF57-4F2C-A07B-35440A97E54B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{57C1979A-2DF4-4A1D-A784-AF789A1598A3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{587A849C-7B3C-40C7-BFAD-D60E35347EF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B3749D6-FCBC-40D6-BE2A-27133F72D53F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BC58A37-88F1-48D7-8BE5-98236F326965}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{68D59206-6C48-4B68-8D22-2893E5B62D70}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6972BA25-D14C-4758-97A0-3441578C7F56}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6F05FD4A-6226-4EC5-831C-C87199E5641E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FEC6288-B344-45F9-9E0A-C580A5252941}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{7096C1D7-303A-4E52-AFE3-3D4962D7EA6B}" = protocol=17 | dir=in | app=c:\program files\online services\aolca\installaol.exe |
"{74F31F7A-B219-4CD5-9C00-6198D9B8E2C3}" = protocol=6 | dir=in | app=c:\program files\online services\aolca\installaol.exe |
"{753648B8-6364-47A1-8A1F-B8FB21342CAE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8828D41A-433A-414A-8BA8-90A121AB1EDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A475D88-3C4A-493B-8326-FC857F845BED}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9326971F-C864-422E-B869-0D7D4C8E51FB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{977244DC-0C6F-4602-9E5D-F53F4137696A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{981C8973-72F5-423F-97BA-C54BC83D09ED}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9ABC6854-EAC4-4D01-834B-02A6BC41A519}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9EB87C86-6209-418D-B697-975F148F1CAE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{9F0C30AF-11EF-41B4-8105-0F80F3756351}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0D12C79-132B-45A0-BFE3-A2B93B144160}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A18C8592-D99E-40DF-B3BD-9605E6B1F52B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A62561EE-B5B6-4C37-BD22-B9550DD032CF}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{AEB81A30-F4A4-4424-8374-B61884992DF9}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{B1593ADD-C7AC-4D8A-B5AD-5BABE424A370}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{BDECA72C-77DB-4AA6-9407-5B9B57C1559D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C1FBAFC6-F295-4D69-98A7-140816A39620}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D11E68AF-301C-4CCC-A8B3-E929B66E7776}" = protocol=6 | dir=out | app=system |
"{DCF9C759-C834-4569-8BC7-3E79C8E20C58}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E84D0CB5-7921-44DA-86A5-795DE2AC1AFA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ED97D4CD-D67C-488C-95AC-61F40F5283D1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F238082B-3978-480D-B122-CF2A1C1231A2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F633920A-E500-407B-8E84-5D1E89F8648E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F655D4F9-14B1-44B2-8163-B8A4C0A59FCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4E758F22-6484-442B-8061-1BE3EB3D7258}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{57B8E48C-0933-45F2-89DA-D59F6BB056A6}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{7681C5E7-7666-4A30-B6E1-C85AC83B3C56}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{DFEC3306-6EFF-455D-980D-7713D3FAB27A}C:\users\shankar\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\shankar\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{0DC62B10-822D-436E-B3AB-1C9BB52FE88F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{1BABB845-F323-4355-A1A3-FF5A030F01B7}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{81FB1DF7-5DD5-44C8-A1F5-F04EB64CF876}C:\users\shankar\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\shankar\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{9FDB26BD-A33F-4CCA-B1AD-2214C8032F85}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D6E90E1-602D-48C8-BBD2-28D1E183AE50}_is1" = Google Outlook Contact Sync 0.9.1.0
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85B73D1A-EEEA-4F95-BA6F-7A8EC31D94F6}" = Bluesoleil3.2.2.8 Release 070421
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"AAA PDF Password Remover_is1" = AAA PDF Password Remover V2.0
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AirtelNetXpert 2.3_is1" = Airtel NetXpert 2.3
"AVG8Uninstall" = AVG 8.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DiskAid_is1" = DiskAid 1.0
"Duplicate File Remover" = Duplicate File Remover 1.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Download Manager_is1" = Free Download Manager 3.0
"GOM Player" = GOM Player
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"IrfanView" = IrfanView (remove only)
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"MPE" = MyPhoneExplorer
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"RealPlayer 6.0" = RealPlayer
"Smart Defrag_is1" = Smart Defrag 1.20
"SmartAudio" = SmartAudio
"Software Informer_is1" = Software Informer 1.0 BETA
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"Videora iPod touch Converter" = Videora iPod touch Converter 3.07
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
__________________________________________________________________________________________________________________________________

#6 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 05 April 2010 - 09:48 PM

Ok Shakar.ish

Since you stated on the irc help channel that you need this fix fast, then do this:

let's do the following:

go to Start>Run> type in command.com

This should open a DOS window. In that window please type in:
Please make sure it is exactly how I have written it above and hit Enter on your keyboard before starting on a new line.

ftype exefile="%1" %*
ftype scrfile="%1" /s
assoc .exe=exefile
assoc .scr=scrfile


(please note the blank after ftype and after assoc)
Then please type in Exit to exit out.

This should fix your .exe file associations. To check, please type cmd into the window of Start->Run and tell me if a DOS window opened.

Next

Let's try this new tool that was just released.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

And to double check Please re-run the OTL step again from my prior post and post the log of TDSS Killer alone with the OTL log.

Kind regards
Net_Surfer

#7 Shankar.ish

Shankar.ish
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 06 April 2010 - 12:03 AM

Hi..As instructed, please find the log of TDSS Killer as well as OTL.


07:40:39:730 2424 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
07:40:39:730 2424 ================================================================================
07:40:39:730 2424 SystemInfo:

07:40:39:730 2424 OS Version: 6.0.6001 ServicePack: 1.0
07:40:39:730 2424 Product type: Workstation
07:40:39:731 2424 ComputerName: SHANKAR-PC
07:40:39:731 2424 UserName: Shankar
07:40:39:731 2424 Windows directory: C:\Windows
07:40:39:731 2424 Processor architecture: Intel x86
07:40:39:731 2424 Number of processors: 2
07:40:39:731 2424 Page size: 0x1000
07:40:39:733 2424 Boot type: Normal boot
07:40:39:733 2424 ================================================================================
07:40:39:737 2424 UnloadDriverW: NtUnloadDriver error 2
07:40:39:737 2424 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
07:40:40:006 2424 wfopen_ex: Trying to open file C:\Windows\system32\config\system
07:40:40:007 2424 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
07:40:40:007 2424 wfopen_ex: Trying to KLMD file open
07:40:40:007 2424 wfopen_ex: File opened ok (Flags 2)
07:40:40:024 2424 wfopen_ex: Trying to open file C:\Windows\system32\config\software
07:40:40:025 2424 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
07:40:40:025 2424 wfopen_ex: Trying to KLMD file open
07:40:40:025 2424 wfopen_ex: File opened ok (Flags 2)
07:40:40:025 2424 Initialize success
07:40:40:025 2424
07:40:40:025 2424 Scanning Services ...
07:40:40:807 2424 Raw services enum returned 481 services
07:40:40:819 2424
07:40:40:819 2424 Scanning Kernel memory ...
07:40:40:820 2424 Devices to scan: 1
07:40:40:820 2424
07:40:40:820 2424 Driver Name: atapi
07:40:40:820 2424 IRP_MJ_CREATE : 82D450FC
07:40:40:820 2424 IRP_MJ_CREATE_NAMED_PIPE : 8223AFE3
07:40:40:820 2424 IRP_MJ_CLOSE : 82D450FC
07:40:40:820 2424 IRP_MJ_READ : 8223AFE3
07:40:40:820 2424 IRP_MJ_WRITE : 8223AFE3
07:40:40:820 2424 IRP_MJ_QUERY_INFORMATION : 8223AFE3
07:40:40:820 2424 IRP_MJ_SET_INFORMATION : 8223AFE3
07:40:40:820 2424 IRP_MJ_QUERY_EA : 8223AFE3
07:40:40:820 2424 IRP_MJ_SET_EA : 8223AFE3
07:40:40:820 2424 IRP_MJ_FLUSH_BUFFERS : 8223AFE3
07:40:40:820 2424 IRP_MJ_QUERY_VOLUME_INFORMATION : 8223AFE3
07:40:40:820 2424 IRP_MJ_SET_VOLUME_INFORMATION : 8223AFE3
07:40:40:820 2424 IRP_MJ_DIRECTORY_CONTROL : 8223AFE3
07:40:40:820 2424 IRP_MJ_FILE_SYSTEM_CONTROL : 8223AFE3
07:40:40:820 2424 IRP_MJ_DEVICE_CONTROL : 84FEC90A
07:40:40:820 2424 IRP_MJ_INTERNAL_DEVICE_CONTROL : 82D339A8
07:40:40:821 2424 IRP_MJ_SHUTDOWN : 8223AFE3
07:40:40:821 2424 IRP_MJ_LOCK_CONTROL : 8223AFE3
07:40:40:821 2424 IRP_MJ_CLEANUP : 8223AFE3
07:40:40:821 2424 IRP_MJ_CREATE_MAILSLOT : 8223AFE3
07:40:40:821 2424 IRP_MJ_QUERY_SECURITY : 8223AFE3
07:40:40:821 2424 IRP_MJ_SET_SECURITY : 8223AFE3
07:40:40:821 2424 IRP_MJ_POWER : 82D33A04
07:40:40:821 2424 IRP_MJ_SYSTEM_CONTROL : 82D40B70
07:40:40:821 2424 IRP_MJ_DEVICE_CHANGE : 8223AFE3
07:40:40:821 2424 IRP_MJ_QUERY_QUOTA : 8223AFE3
07:40:40:821 2424 IRP_MJ_SET_QUOTA : 8223AFE3
07:40:40:840 2424 C:\Windows\system32\drivers\atapi.sys - Verdict: 2
07:40:40:840 2424 File "C:\Windows\system32\drivers\atapi.sys" infected by TDSS rootkit ... 07:40:40:840 2424 Processing driver file: C:\Windows\system32\drivers\atapi.sys
07:40:40:894 2424 vfvi6
07:40:40:999 2424 dsvbh1
07:40:41:039 2424 fdfb1
07:40:41:039 2424 Backup copy found, using it..
07:40:41:076 2424 will be cured on next reboot
07:40:41:077 2424 Reboot required for cure complete..
07:40:41:105 2424 Cure on reboot scheduled successfully
07:40:41:105 2424
07:40:41:105 2424 Completed
07:40:41:106 2424
07:40:41:106 2424 Results:
07:40:41:106 2424 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
07:40:41:106 2424 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
07:40:41:107 2424 File objects infected / cured / cured on reboot: 1 / 0 / 1
07:40:41:107 2424
07:40:41:107 2424 fclose_ex: Trying to close file C:\Windows\system32\config\system
07:40:41:108 2424 fclose_ex: Trying to close file C:\Windows\system32\config\software
07:40:41:108 2424 UnloadDriverW: NtUnloadDriver error 1
07:40:41:109 2424 KLMD(ARK) unloaded successfully



__________________________________________________________________________________________________________________________________



OTL logfile created on: 4/6/2010 07:56:57 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Shankar\Music\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.62 Gb Total Space | 14.92 Gb Free Space | 10.61% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 1.80 Gb Free Space | 21.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 347.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHANKAR-PC
Current User Name: Shankar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Shankar\Music\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Shankar\Music\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (.1192677209) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (sprtsvc_nxpclient) SupportSoft Sprocket Service (nxpclient) -- C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (Start BT in service) -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\elrawdsk.sys (EldoS Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/04/05 21:50:39 | 000,307,391 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10570 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (The Pirate Bay Toolbar) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (The Pirate Bay Toolbar) - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (The Pirate Bay Toolbar) - {A33FA729-D155-4B23-842B-2C665ECABDB6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shankar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shankar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 16:38:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/27 14:02:57 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual CD 3 - Quicklaunch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Users^Shankar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Google Outlook Contact Sync.lnk - C:\Program Files\GContactSync\GContactsSync.exe - ()
MsConfig - StartUpFolder: C:^Users^Shankar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: Free Download Manager - hkey= - key= - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Shankar\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Software Informer - hkey= - key= - C:\Program Files\Free Download Manager\softinfo.exe File not found
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VCDPlayer - hkey= - key= - C:\Program Files\VirtualCD3\VCDPlayer.exe File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 07:27:53 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/04/06 06:52:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/06 06:52:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/06 06:39:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/06 06:39:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/06 06:39:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/06 06:38:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/06 06:37:57 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/04/06 06:35:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/06 05:06:28 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/04/06 05:06:28 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/04/06 05:06:28 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/04/06 05:06:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/04/06 05:06:28 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/04/06 04:45:23 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/06 03:03:59 | 000,000,000 | ---D | C] -- C:\Users\Shankar\AppData\Roaming\Avira
[2010/04/06 02:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/04/06 02:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/05 21:15:41 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Downloads
[2010/04/05 21:15:39 | 000,000,000 | ---D | C] -- C:\Users\Shankar\AppData\Roaming\GetRightToGo
[2010/04/04 11:29:02 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Paiyaa
[2010/04/03 00:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/03 00:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/01 17:12:55 | 000,000,000 | ---D | C] -- C:\Users\Shankar\AppData\Roaming\Malwarebytes
[2010/04/01 17:12:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/01 17:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/01 17:12:38 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/01 17:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/01 13:53:37 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Shankar\Desktop\mbam-setup.exe
[2010/04/01 13:53:08 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Shankar\Desktop\TFC.exe
[2010/04/01 08:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/03/30 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\ThriXXX
[2010/03/29 22:29:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE(0).BIN
[2010/03/29 22:14:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/29 22:08:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/26 19:13:21 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Paathshala
[2010/03/23 23:10:44 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Upload
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/03/17 01:27:57 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/03/16 16:42:51 | 000,000,000 | ---D | C] -- C:\Users\Shankar\Desktop\Funny Pics
[2010/03/09 23:34:08 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71d.dll
[2010/03/09 23:34:08 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010/03/09 23:34:04 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010/03/09 23:34:04 | 000,314,368 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010/03/09 23:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Video Converter
[2009/10/21 17:33:12 | 008,899,310 | ---- | C] (Bharti ) -- C:\Users\Shankar\agent.exe

========== Files - Modified Within 30 Days ==========

[2010/04/06 08:00:04 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2010/04/06 07:59:15 | 007,077,888 | ---- | M] () -- C:\Users\Shankar\ntuser.dat
[2010/04/06 07:59:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51D5D567-96B2-441B-A540-2FA349AA0595}.job
[2010/04/06 07:46:03 | 000,042,381 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/06 07:46:03 | 000,042,381 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/06 07:45:50 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/04/06 07:45:37 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/04/06 07:45:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 07:45:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 07:45:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/06 07:45:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/06 07:43:45 | 000,524,288 | -HS- | M] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TMContainer00000000000000000001.regtrans-ms
[2010/04/06 07:43:45 | 000,065,536 | -HS- | M] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TM.blf
[2010/04/06 07:43:10 | 002,747,708 | -H-- | M] () -- C:\Users\Shankar\AppData\Local\IconCache.db
[2010/04/06 07:23:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172950831-992505468-2905365777-1000UA.job
[2010/04/06 07:13:54 | 000,154,469 | ---- | M] () -- C:\Users\Shankar\Desktop\tdsskiller.zip
[2010/04/06 06:48:18 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/06 06:37:49 | 003,907,536 | R--- | M] () -- C:\Users\Shankar\Desktop\CFscan.exe
[2010/04/06 05:50:42 | 000,000,680 | ---- | M] () -- C:\Users\Shankar\AppData\Local\d3d9caps.dat
[2010/04/06 05:06:40 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/06 04:44:38 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51E9BD6B-B605-410A-B83C-EA3F7265496E}.job
[2010/04/06 00:01:27 | 000,005,111 | ---- | M] () -- C:\Users\Shankar\Desktop\Attach.zip
[2010/04/05 21:50:48 | 000,000,691 | ---- | M] () -- C:\Users\Shankar\AppData\Roaming\GetValue.vbs
[2010/04/05 21:50:48 | 000,000,035 | ---- | M] () -- C:\Users\Shankar\AppData\Roaming\SetValue.bat
[2010/04/05 21:50:39 | 000,307,391 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/05 20:26:48 | 058,564,804 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/05 17:23:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172950831-992505468-2905365777-1000Core.job
[2010/04/04 11:27:52 | 000,000,786 | ---- | M] () -- C:\Users\Shankar\Desktop\Free Download Manager.lnk
[2010/04/03 00:34:27 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/03 00:31:02 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/02 23:25:16 | 744,858,624 | ---- | M] () -- C:\Users\Shankar\Music\Documents\Shankar Gmail.pst
[2010/04/02 13:44:37 | 000,207,360 | ---- | M] () -- C:\Users\Shankar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/02 12:56:14 | 000,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/02 12:56:14 | 000,634,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/02 12:56:14 | 000,117,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/01 17:12:44 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 13:55:13 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Shankar\Desktop\mbam-setup.exe
[2010/04/01 13:53:20 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Shankar\Desktop\TFC.exe
[2010/04/01 13:08:39 | 000,000,689 | ---- | M] () -- C:\Users\Shankar\Desktop\cmd.exe.lnk
[2010/04/01 08:48:58 | 007,077,888 | ---- | M] () -- C:\Users\Shankar\ntuser.dat_previous
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/03/17 14:41:08 | 001,769,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/11 10:07:41 | 000,001,701 | ---- | M] () -- C:\Users\Shankar\Desktop\Magic Video Converter.lnk
[2010/03/10 07:38:27 | 000,000,994 | ---- | M] () -- C:\Users\Shankar\Desktop\Xilisoft Video Converter 3.lnk
[2010/03/10 07:38:27 | 000,000,963 | ---- | M] () -- C:\Users\Shankar\Desktop\Xilisoft Video Converter Wizard 3.lnk

========== Files Created - No Company Name ==========

[2010/04/06 07:13:52 | 000,154,469 | ---- | C] () -- C:\Users\Shankar\Desktop\tdsskiller.zip
[2010/04/06 06:39:03 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/06 06:39:03 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/06 06:39:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/06 06:39:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/06 06:39:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/06 05:06:40 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/06 00:47:22 | 003,907,536 | R--- | C] () -- C:\Users\Shankar\Desktop\CFscan.exe
[2010/04/06 00:01:27 | 000,005,111 | ---- | C] () -- C:\Users\Shankar\Desktop\Attach.zip
[2010/04/05 21:50:48 | 000,000,691 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\GetValue.vbs
[2010/04/05 21:50:48 | 000,000,035 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\SetValue.bat
[2010/04/04 11:27:52 | 000,000,786 | ---- | C] () -- C:\Users\Shankar\Desktop\Free Download Manager.lnk
[2010/04/03 00:34:27 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/03 00:31:02 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/01 17:12:44 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 15:34:37 | 000,000,438 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{51D5D567-96B2-441B-A540-2FA349AA0595}.job
[2010/04/01 13:08:32 | 000,000,689 | ---- | C] () -- C:\Users\Shankar\Desktop\cmd.exe.lnk
[2010/03/10 07:38:27 | 000,000,994 | ---- | C] () -- C:\Users\Shankar\Desktop\Xilisoft Video Converter 3.lnk
[2010/03/10 07:38:27 | 000,000,963 | ---- | C] () -- C:\Users\Shankar\Desktop\Xilisoft Video Converter Wizard 3.lnk
[2010/03/09 23:34:12 | 000,001,701 | ---- | C] () -- C:\Users\Shankar\Desktop\Magic Video Converter.lnk
[2009/11/24 19:29:31 | 000,001,024 | ---- | C] () -- C:\ProgramData\sowdp88.dat
[2009/11/24 19:29:28 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini
[2009/11/24 19:29:25 | 002,157,568 | ---- | C] () -- C:\Windows\System32\pdfutil.dll
[2009/11/24 00:36:14 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TMContainer00000000000000000002.regtrans-ms
[2009/11/24 00:36:14 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TMContainer00000000000000000001.regtrans-ms
[2009/11/24 00:36:14 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{c5a53f30-d85e-11de-89a5-00030d000001}.TM.blf
[2009/10/21 17:37:06 | 000,000,067 | ---- | C] () -- C:\Users\Shankar\startAgent.bat
[2009/10/21 17:34:01 | 000,000,297 | ---- | C] () -- C:\Users\Shankar\launchAgent.bat
[2009/10/16 15:28:01 | 000,000,552 | ---- | C] () -- C:\Users\Shankar\AppData\Local\d3d8caps.dat
[2009/08/27 13:15:45 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5c7d0caa-8a4c-11de-a68e-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2009/08/27 13:15:45 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5c7d0caa-8a4c-11de-a68e-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2009/08/27 13:15:45 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5c7d0caa-8a4c-11de-a68e-001b24bd93cf}.TM.blf
[2009/08/16 15:37:01 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5903f7b9-89ed-11de-9441-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2009/08/16 15:37:01 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5903f7b9-89ed-11de-9441-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2009/08/16 15:37:00 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{5903f7b9-89ed-11de-9441-001b24bd93cf}.TM.blf
[2009/06/27 02:25:47 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{8aba8857-6244-11de-8e6a-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/27 02:25:47 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{8aba8857-6244-11de-8e6a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/27 02:25:47 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{8aba8857-6244-11de-8e6a-806e6f6e6963}.TM.blf
[2009/06/25 10:30:23 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{48aee1c1-6144-11de-a800-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/25 10:30:23 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{48aee1c1-6144-11de-a800-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/25 10:30:22 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{48aee1c1-6144-11de-a800-806e6f6e6963}.TM.blf
[2009/06/23 16:44:42 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{bc3c3cfa-5fe4-11de-86b4-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/23 16:44:42 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{bc3c3cfa-5fe4-11de-86b4-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/23 16:44:42 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{bc3c3cfa-5fe4-11de-86b4-806e6f6e6963}.TM.blf
[2009/06/22 15:11:25 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{fc5cb772-5ef3-11de-957c-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/22 15:11:25 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{fc5cb772-5ef3-11de-957c-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/22 15:11:25 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{fc5cb772-5ef3-11de-957c-806e6f6e6963}.TM.blf
[2009/06/21 08:11:28 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{b9d2bc0d-5e0b-11de-bf45-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/21 08:11:28 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{b9d2bc0d-5e0b-11de-bf45-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/21 08:11:28 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{b9d2bc0d-5e0b-11de-bf45-806e6f6e6963}.TM.blf
[2009/06/18 09:45:39 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{edb63fd5-5bbd-11de-ab5a-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/18 09:45:39 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{edb63fd5-5bbd-11de-ab5a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/18 09:45:39 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{edb63fd5-5bbd-11de-ab5a-806e6f6e6963}.TM.blf
[2009/06/17 11:41:08 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{6658c599-5b04-11de-b955-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/17 11:41:08 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{6658c599-5b04-11de-b955-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/17 11:41:08 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{6658c599-5b04-11de-b955-806e6f6e6963}.TM.blf
[2009/06/15 13:19:16 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{25d03f19-5980-11de-b1e9-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/15 13:19:15 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{25d03f19-5980-11de-b1e9-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/15 13:19:15 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{25d03f19-5980-11de-b1e9-806e6f6e6963}.TM.blf
[2009/06/14 04:54:38 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2ed44c7a-5870-11de-b053-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/14 04:54:38 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2ed44c7a-5870-11de-b053-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/14 04:54:38 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2ed44c7a-5870-11de-b053-806e6f6e6963}.TM.blf
[2009/06/13 10:02:20 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{796e2891-579a-11de-a78e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/13 10:02:20 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{796e2891-579a-11de-a78e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/13 10:02:20 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{796e2891-579a-11de-a78e-806e6f6e6963}.TM.blf
[2009/06/10 01:12:25 | 000,000,000 | ---- | C] () -- C:\Windows\CSDiff.INI
[2009/06/09 20:23:49 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2fb643f2-54fb-11de-89ec-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/09 20:23:49 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2fb643f2-54fb-11de-89ec-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/09 20:23:49 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{2fb643f2-54fb-11de-89ec-806e6f6e6963}.TM.blf
[2009/06/09 01:02:46 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{7efc65f2-5462-11de-b709-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/09 01:02:46 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{7efc65f2-5462-11de-b709-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/09 01:02:46 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{7efc65f2-5462-11de-b709-806e6f6e6963}.TM.blf
[2009/06/08 09:46:44 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{313a1bf2-53d6-11de-a29d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/08 09:46:44 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{313a1bf2-53d6-11de-a29d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/08 09:46:44 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{313a1bf2-53d6-11de-a29d-806e6f6e6963}.TM.blf
[2009/06/07 20:32:17 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini
[2009/06/07 20:07:00 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{d6a4af90-5344-11de-a5fe-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/06/07 20:07:00 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{d6a4af90-5344-11de-a5fe-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/06/07 20:07:00 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{d6a4af90-5344-11de-a5fe-806e6f6e6963}.TM.blf
[2009/06/07 10:11:08 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/06/03 10:11:58 | 000,042,381 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/03 10:11:52 | 000,042,381 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/19 22:44:40 | 000,022,225 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/08/19 13:55:24 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{45ba1318-6dc8-11dd-b49c-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2008/08/19 13:55:24 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{45ba1318-6dc8-11dd-b49c-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2008/08/19 13:55:24 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{45ba1318-6dc8-11dd-b49c-001b24bd93cf}.TM.blf
[2008/08/14 15:07:25 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2008/06/19 18:02:59 | 000,000,310 | ---- | C] () -- C:\Users\Shankar\Public - Shortcut.lnk
[2008/06/11 05:37:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/11 05:33:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/11 05:33:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/29 06:50:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/23 03:48:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/03/02 21:40:28 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{83981dfa-e86f-11dc-af55-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2008/03/02 21:40:27 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{83981dfa-e86f-11dc-af55-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2008/03/02 21:40:27 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{83981dfa-e86f-11dc-af55-001b24bd93cf}.TM.blf
[2008/02/20 22:17:36 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{f25bdf2a-dfd1-11dc-b8a9-001b24bd93cf}.TMContainer00000000000000000002.regtrans-ms
[2008/02/20 22:17:36 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{f25bdf2a-dfd1-11dc-b8a9-001b24bd93cf}.TMContainer00000000000000000001.regtrans-ms
[2008/02/20 22:17:36 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\ntuser.dat{f25bdf2a-dfd1-11dc-b8a9-001b24bd93cf}.TM.blf
[2008/02/03 15:18:02 | 000,000,000 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\wklnhst.dat
[2008/01/08 21:06:36 | 000,000,680 | ---- | C] () -- C:\Users\Shankar\AppData\Local\d3d9caps.dat
[2007/11/27 13:39:58 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/11/22 09:34:40 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/11/22 09:34:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/11/19 03:20:28 | 009,686,827 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\UserTile.png
[2007/11/18 22:25:04 | 000,041,621 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\nvModes.001
[2007/11/18 15:22:28 | 000,098,304 | ---- | C] () -- C:\Windows\System32\imlCID.dll
[2007/11/18 14:31:45 | 000,041,621 | ---- | C] () -- C:\Users\Shankar\AppData\Roaming\nvModes.dat
[2007/11/18 14:22:42 | 000,006,144 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/18 09:21:17 | 000,207,360 | ---- | C] () -- C:\Users\Shankar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/18 08:47:18 | 000,000,000 | ---- | C] () -- C:\Users\Shankar\AppData\Local\QSwitch.txt
[2007/11/18 08:47:18 | 000,000,000 | ---- | C] () -- C:\Users\Shankar\AppData\Local\DSwitch.txt
[2007/11/18 08:47:18 | 000,000,000 | ---- | C] () -- C:\Users\Shankar\AppData\Local\AtStart.txt
[2007/11/18 08:33:59 | 007,077,888 | ---- | C] () -- C:\Users\Shankar\ntuser.dat_previous
[2007/11/18 08:33:59 | 007,077,888 | ---- | C] () -- C:\Users\Shankar\ntuser.dat
[2007/11/18 08:33:59 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007/11/18 08:33:59 | 000,524,288 | -HS- | C] () -- C:\Users\Shankar\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007/11/18 08:33:59 | 000,262,144 | -H-- | C] () -- C:\Users\Shankar\ntuser.dat.LOG1
[2007/11/18 08:33:59 | 000,065,536 | -HS- | C] () -- C:\Users\Shankar\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007/11/18 08:33:59 | 000,000,020 | -HS- | C] () -- C:\Users\Shankar\ntuser.ini
[2007/11/18 08:33:59 | 000,000,000 | -H-- | C] () -- C:\Users\Shankar\ntuser.dat.LOG2
[2007/02/28 02:13:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 11:31:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 11:31:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:55:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/10 06:28:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 17:36:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2009/07/28 00:26:51 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\CopyTransPhoto
[2010/03/01 08:40:33 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\DiskAid
[2010/04/05 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Free Download Manager
[2010/04/05 21:18:00 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\GetRightToGo
[2009/06/27 22:38:33 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\IObit
[2009/06/07 10:31:56 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\iolo
[2009/12/16 00:56:08 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\iWin
[2008/06/08 01:12:47 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\MyPhoneExplorer
[2008/09/02 20:36:53 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\NCH Swift Sound
[2007/12/04 06:10:26 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\ScanSoft
[2009/06/10 01:47:48 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Scooter Software
[2009/12/04 11:05:57 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\shrink_pic
[2008/05/25 01:52:47 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Software Informer
[2009/11/17 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\SpinTop
[2009/11/17 22:12:16 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\SpinTop Games
[2009/07/06 19:12:39 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\TeamViewer
[2008/09/05 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Thinstall
[2009/08/06 03:14:21 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\TuneUp Software
[2010/04/06 04:43:32 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\uTorrent
[2008/11/04 02:14:40 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\WAYN
[2009/07/28 00:22:38 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\WindSolutions
[2009/06/10 11:44:59 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Workshare
[2007/11/27 13:42:30 | 000,000,000 | ---D | M] -- C:\Users\Shankar\AppData\Roaming\Zeon
[2010/04/06 08:00:04 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2010/04/06 07:45:50 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2010/04/06 07:45:37 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/04/06 07:43:27 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/06 07:59:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{51D5D567-96B2-441B-A540-2FA349AA0595}.job
[2010/04/06 04:44:38 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{51E9BD6B-B605-410A-B83C-EA3F7265496E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 13:12:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/08/04 16:48:38 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/08/04 16:48:39 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/08/04 16:48:39 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 15:19:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 15:19:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 15:19:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 13:11:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 13:11:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 15:19:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010/04/06 07:44:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 10:36:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/19 10:36:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/19 10:03:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 15:16:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 15:16:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 15:16:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 13:12:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 13:12:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 15:16:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 13:05:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/19 13:05:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 13:05:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 13:12:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 13:12:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 13:06:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/19 13:06:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 13:06:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 15:16:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 13:08:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 13:06:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:538DC028
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA34E08F
< End of report >



__________________________________________________________________________________________________________________________________



#8 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 06 April 2010 - 02:53 AM

Hello again Shankar.ish, busy.gif

Your OTL log log looks good. thumbup.gif

Now Please update adobe and java and run MBAM again since you used an old restore point.

Please report back with MBAM log........and Go ahead and update to SP2 while you there.

Kind regards
Net_Surfer

horse.gif

#9 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 06 April 2010 - 03:05 AM

Shankar.ish

Please read and take a note:



Malware writers are now sending a "catch me, if you can" message to antivirus companies in a hide-and-seek game where rootkit techniques are always a step ahead to security countermeasures and they open wide the road to every other malware which don't mind using even old and known tricks - they are just invisible to everyone, they are free to do as they please. Key word is: money.

Tdss rootkit 3rd variant is the last member of Tdss rootkit family that is quickly spreading around the world. While a number of rootkits are just developed as a proof of concept, this is not the case. Tdss rootkit is well known to antivirus companies because of its goal to get total control of the infected PCs and using them as zombies for its botnet.

During these years it has always shown a team of skilled people behind it, who always applied advanced techniques often able to bypass antirootkit softwares. Actually, this last variant could be easily named as the stealthiest rootkit in the wild.

This infection is bringing all together the best of MBR rootkit, the best of Rustock.C and the experience of old Tdss variants. Result is an infection that is quickly spreading on the net and it is undetected by almost every security software and 3rd party anti rootkit software.

The infection comes from the usual dropper spread by peer to peer networks or by crack and keygen websites, and it needs administrator privileges to run its payload. If UAC is disabled or the user voluntarily gives admin permissions, this infection can run even on Windows Vista and Windows 7. This is likely to be the usual scenario, where a user looks for specific cracks and don't mind if UAC warnings him, he gives admin privileges to the wanted crack.


Tdss rootkit is indeed a really worrying infection, it is in the wild and it's quickly spreading without being intercepted and detected by almost anyone. Some antiviruses may throw up a warning about the presence of tdlcmd.dll or tdlwsp.dll, without being able to do anything. Most of times users won't be warned at all, they just don't know their PC is part of a botnet and it is under the control of malware writers which can use their PC as they please.

We heartily recommend to not download and use cracks or keygens, they are often vector for very nasty infections.

Despite the complexity of the infection we werer able to detect and clean the infection since you followed the steps I provided.



Best regards
Net_Surfer

horse.gif

#10 Shankar.ish

Shankar.ish
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 06 April 2010 - 04:49 AM

Please find the MBAM log attached...


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3941

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

4/6/2010 15:06:56
mbam-log-2010-04-06 (15-06-56).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 291359
Time elapsed: 1 hour(s), 44 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{56acb669-4139-5611-cbba-f5acb0f4db09} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Shankar\Tuneup\FFF\TuneUp.Utilities.2009-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.


#11 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 06 April 2010 - 06:36 AM

Hello Shankar.ish, busy.gif

Good job thumbup2.gif

We're almost done. Since you stated in the bc irc live help channel that you had finished updating java, adobe and got vista updated to sp2. thumbup.gif

Please do this three steps to ensure that we got any baddies that are not visible.


step1.gif * TFC (Temp File Cleaner)

Lets clean up the temp files and make sure there are not any other leftovers.

Download: to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
NOTE:
_It's normal after running TFC cleaner that the PC will be slower to boot the first time.

_TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.



step2.gif * FREE ESET Online Virus Scan

Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
.

You can use either Internet Explorer or Mozilla FireFox for this scan.
    Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  1. Please go here then click on: button.
    QUOTE
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  3. Check
  4. Click the button.
  5. Accept any security warnings from your browser.
  6. Check
  7. Push the Start button.
  8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  9. When the scan completes, push
  10. Push , and save the file to your desktop using a unique name, such as ESETScan. the logfile will be located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Include the contents of this report in your next reply.
    Note: If Eset finds not bad files it will NOT produce a log. This is normal.
  11. Push the button.
  12. Push
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You can refer to this animation by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing anti-virus program while performing the online scan.
step3.gif * Re-scan with DDS so we can verify nothing new is back.

Summary of the logs I will need in your next reply:
  • The report log of Eset Online scan if something bad was found.
  • The report log of DDS
And a description of any remaining problems in your next post.

How are things your end Shankar.ish ???.


Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer


Edited by Net_Surfer, 06 April 2010 - 06:39 AM.


#12 Shankar.ish

Shankar.ish
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 06 April 2010 - 06:32 PM

Hi.. Please find the ESET sacn log as well as the DDS log. After all those efforts, it still found 2 threats. ohmy.gif

ESETScan Result
C:\ProgramData\iolo\IRestartStub.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Softwares\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application deleted - quarantined


DDS Log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Shankar at 4:53:15.28 on Wed 04/07/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.1982.873 [GMT 5.5:30]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shankar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shankar\Music\Documents\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll
BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - Ask Toolbar BHO
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} -
TB: The Pirate Bay Toolbar: {a33fa729-d155-4b23-842b-2c665ecabdb6} - c:\program files\the_pirate_bay\tbThe_.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [<NO NAME>] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...0000e6.0000026f
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download with &DAP
IE: &Winamp Toolbar Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-6-7 12800]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-7 660768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-6 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-6 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-6 60936]
R2 sprtsvc_nxpclient;SupportSoft Sprocket Service (nxpclient);c:\program files\airtel\netxpert\bin\sprtsvc.exe [2009-10-21 202800]
S2 .1192677209;1192677209;c:\program files\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360\562c4dd5\3.0.0.135\bntr1192677209.exe --> c:\program files\nortoninstaller\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360\562c4dd5\3.0.0.135\bntr1192677209.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-6-22 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-4-21 52080]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
.txt=

=============== Created Last 30 ================

2010-04-06 12:54:25 0 dc----w- c:\program files\ESET
2010-04-06 12:18:42 0 dc----w- c:\windows\system32\eu-ES
2010-04-06 12:18:42 0 dc----w- c:\windows\system32\ca-ES
2010-04-06 12:18:40 0 dc----w- c:\windows\system32\vi-VN
2010-04-06 12:05:05 0 dc----w- c:\windows\system32\SPReview
2010-04-06 11:46:23 928768 -c--a-w- c:\windows\system32\scavenge.dll
2010-04-06 11:45:53 57856 -c--a-w- c:\windows\system32\compcln.exe
2010-04-06 11:34:59 70656 -c--a-w- c:\windows\system32\iashlpr.dll
2010-04-06 11:33:59 57344 -c--a-w- c:\windows\system32\logman.exe
2010-04-06 11:28:52 0 dc----w- c:\windows\system32\EventProviders
2010-04-06 11:18:50 0 dc----w- c:\programdata\Sun
2010-04-06 10:21:58 0 dc----w- c:\program files\Windows Installer Clean Up
2010-04-06 07:17:26 24064 -c--a-w- c:\windows\system32\nshhttp.dll
2010-04-06 07:17:22 411648 -c--a-w- c:\windows\system32\drivers\http.sys
2010-04-06 07:17:21 30720 -c--a-w- c:\windows\system32\httpapi.dll
2010-04-06 05:53:37 526336 -c--a-w- c:\windows\system32\RMActivate_isv.exe
2010-04-06 05:53:37 518144 -c--a-w- c:\windows\system32\RMActivate.exe
2010-04-06 05:53:36 471552 -c--a-w- c:\windows\system32\secproc_isv.dll
2010-04-06 05:53:36 471552 -c--a-w- c:\windows\system32\secproc.dll
2010-04-06 05:53:36 347136 -c--a-w- c:\windows\system32\RMActivate_ssp.exe
2010-04-06 05:53:36 346624 -c--a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-04-06 05:53:35 332288 -c--a-w- c:\windows\system32\msdrm.dll
2010-04-06 05:53:35 152576 -c--a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-04-06 05:53:35 152064 -c--a-w- c:\windows\system32\secproc_ssp.dll
2010-04-06 05:53:30 355328 -c--a-w- c:\windows\system32\WSDApi.dll
2010-04-06 05:52:33 714240 -c--a-w- c:\windows\system32\timedate.cpl
2010-04-06 05:51:50 1401856 -c--a-w- c:\windows\system32\msxml6.dll
2010-04-06 05:51:50 1248768 -c--a-w- c:\windows\system32\msxml3.dll
2010-04-06 05:50:59 904776 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-06 05:50:59 30720 -c--a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-04-06 05:50:14 3600456 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-06 05:50:14 3548216 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-04-06 05:49:22 243712 -c--a-w- c:\windows\system32\rastls.dll
2010-04-06 05:49:02 212992 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-06 05:49:02 105984 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-06 05:47:25 98816 -c--a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-06 05:47:25 302080 -c--a-w- c:\windows\system32\drivers\srv.sys
2010-04-06 05:47:11 2048 -c--a-w- c:\windows\system32\tzres.dll
2010-04-06 05:44:41 156672 -c--a-w- c:\windows\system32\t2embed.dll
2010-04-06 05:44:40 72704 -c--a-w- c:\windows\system32\fontsub.dll
2010-04-06 05:43:35 377344 -c--a-w- c:\windows\system32\winhttp.dll
2010-04-06 05:43:30 1314816 -c--a-w- c:\windows\system32\quartz.dll
2010-04-06 05:43:29 91136 -c--a-w- c:\windows\system32\avifil32.dll
2010-04-06 05:43:29 82944 -c--a-w- c:\windows\system32\mciavi32.dll
2010-04-06 05:43:29 50176 -c--a-w- c:\windows\system32\iyuv_32.dll
2010-04-06 05:43:29 31744 -c--a-w- c:\windows\system32\msvidc32.dll
2010-04-06 05:43:29 22528 -c--a-w- c:\windows\system32\msyuv.dll
2010-04-06 05:43:29 13312 -c--a-w- c:\windows\system32\msrle32.dll
2010-04-06 05:43:29 123904 -c--a-w- c:\windows\system32\msvfw32.dll
2010-04-06 05:43:29 12288 -c--a-w- c:\windows\system32\tsbyuv.dll
2010-04-06 01:57:53 0 dc-h--w- c:\windows\PIF
2010-04-06 01:22:25 0 dcsh--w- C:\$RECYCLE.BIN
2010-04-06 01:09:03 77312 -c--a-w- c:\windows\MBR.exe
2010-04-06 01:09:03 261632 -c--a-w- c:\windows\PEV.exe
2010-04-06 01:09:03 161792 -c--a-w- c:\windows\SWREG.exe
2010-04-06 01:09:02 98816 -c--a-w- c:\windows\sed.exe
2010-04-05 23:36:28 60936 -c--a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-05 21:33:59 0 dc----w- c:\users\shankar\appdata\roaming\Avira
2010-04-05 21:22:45 0 dc----w- c:\programdata\Avira
2010-04-05 21:22:45 0 dc----w- c:\program files\Avira
2010-04-05 16:20:48 691 -c--a-w- c:\users\shankar\appdata\roaming\GetValue.vbs
2010-04-05 16:20:48 35 -c--a-w- c:\users\shankar\appdata\roaming\SetValue.bat
2010-04-05 15:45:39 0 dc----w- c:\users\shankar\appdata\roaming\GetRightToGo
2010-04-02 19:03:40 0 dc----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 11:42:55 0 dc----w- c:\users\shankar\appdata\roaming\Malwarebytes
2010-04-01 11:42:41 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 11:42:39 0 dc----w- c:\programdata\Malwarebytes
2010-04-01 11:42:38 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 11:42:38 0 dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 03:29:52 0 dc----w- c:\programdata\IObit
2010-03-30 15:33:02 0 dc----w- c:\program files\ThriXXX
2010-03-29 16:59:01 0 dc----w- C:\$RECYCLE(0).BIN
2010-03-29 16:44:04 0 dc----w- C:\ComboFix
2010-03-17 16:23:42 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-17 16:23:42 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2010-03-16 19:57:57 0 dc----w- C:\PFiles
2010-03-09 18:04:08 544768 -c--a-w- c:\windows\system32\msvcr71d.dll
2010-03-09 18:04:08 344064 -c--a-w- c:\windows\system32\msvcr70.dll
2010-03-09 18:04:04 719872 -c--a-w- c:\windows\system32\devil.dll
2010-03-09 18:04:04 314368 -c--a-w- c:\windows\system32\avisynth.dll
2010-03-09 18:04:03 0 dc----w- c:\program files\Magic Video Converter

==================== Find3M ====================

2010-04-06 18:14:47 42381 -c--a-w- c:\programdata\nvModes.dat
2010-04-06 12:27:51 86016 ----a-w- c:\windows\inf\infpub.dat
2010-04-06 12:27:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-06 12:27:50 143360 ----a-w- c:\windows\inf\infstor.dat
2010-04-06 12:18:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-06 12:00:00 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-04-06 11:17:48 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-02-24 04:46:06 181632 -c----w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2010-02-12 06:16:14 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-02-12 06:16:14 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-02-04 20:33:27 604488 -c--a-w- c:\windows\system32\TUProgSt.exe
2008-07-27 08:46:55 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 -c--a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 -c--a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 -c--a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 -c--a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 -c--a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 -c--a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 -c--a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 -c--a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-23 07:57:16 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-23 07:57:16 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-23 07:57:16 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-23 07:57:16 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-10 21:36:09 16384 -csha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat

============= FINISH: 4:54:52.83 ===============




But i guess we're clean right?





Missed to update one more thing,..... very important one... I had downloaded SP2 and installed. U know what? mine is SP2 now... WOW.......feels great

Edited by Shankar.ish, 07 April 2010 - 03:51 AM.


#13 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 08 April 2010 - 07:15 AM

Hello again Shankar.ish, busy.gif

Glad to hear that you everything well with your upgrade to sp2.

Since you remove some programs I need you to do the following:


Let's fix some issues with OTL by doing the following:

Double click on the Icon at your desktop to run it.
(Vista users right click and run as an Admin.)
Copy the lines in the codebox below. (make sure that :Otl is on the first line ) just highlight everything in the code box (starting with :Otl ) and copy and paste it into the 'Custom scan/fix' box on OTL.
CODE
:otl
SRV - (.1192677209) -- File not found
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab  (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 16:38:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual CD 3 - Quicklaunch.lnk - Reg Error: Value error. - File not found
Quicklaunch.lnk - Reg Error: Value error. - File not found
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:538DC028
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA34E08F

:files
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Java\jre1.6.0_07
C:\Users\Shankar\Desktop\tdsskiller.zip
C:\Users\Shankar\AppData\Roaming\TuneUp Software
C:\Users\Shankar\AppData\Roaming\uTorrent

:commands
[emptytemp]
[purity]
[EMPTYFLASH]
[reboot]
  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


  • Click the red Run Fix button.

  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Regards
Net_Surfer


#14 Shankar.ish

Shankar.ish
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 PM

Posted 08 April 2010 - 07:39 AM

Please find the OTL log...


All processes killed
========== OTL ==========
Service .1192677209 stopped successfully!
Service .1192677209 deleted successfully!
File File not found not found.
Error: No service named UxTuneUp was found to stop!
Service\Driver key UxTuneUp not found.
File C:\Windows\System32\uxtuneup.dll not found.
Error: No service named avg8wd was found to stop!
Service\Driver key avg8wd not found.
File C:\Program Files\AVG\AVG8\avgwdsvc.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
File C:\Program Files\AVG\AVG8\avgssie.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG8_TRAY not found.
File C:\Program Files\AVG\AVG8\avgtray.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
File C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Program Files\AVG\AVG8\avgpp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Invalid CLSID key: C:\Program Files\AVG\AVG8\avgpp.dll
File C:\Program Files\AVG\AVG8\avgpp.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Windows\System32\avgrsstx.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
UxTuneUp removed from NetSvcs value successfully!
File C:\Windows\System32\uxtuneup.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ deleted successfully.
C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk\ deleted successfully.
C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup moved successfully.
ADS C:\ProgramData\TEMP:8668AB36 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:073341D1 deleted successfully.
ADS C:\ProgramData\TEMP:538DC028 deleted successfully.
ADS C:\ProgramData\TEMP:2BDCFAD6 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:7C60A173 deleted successfully.
ADS C:\ProgramData\TEMP:EA34E08F deleted successfully.
========== FILES ==========
C:\Program Files\Spybot - Search & Destroy\Updates folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Skins folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Plugins folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Includes folder moved successfully.
C:\Program Files\Spybot - Search & Destroy\Dummies folder moved successfully.
C:\Program Files\Spybot - Search & Destroy folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\SystemV folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\Pacific folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\Indian folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\Europe folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\Etc folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\Australia folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\Atlantic folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\Asia folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\Antarctica folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\America\North_Dakota folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\America\Kentucky folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\America\Indiana folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\America\Argentina folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\America folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi\Africa folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\zi folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\servicetag folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\security folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\management folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\images\cursors folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\images folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\im folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\i386 folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\fonts folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\ext folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\deploy folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\cmm folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib\applet folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\lib folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\bin\client folder moved successfully.
C:\Program Files\Java\jre1.6.0_07\bin folder moved successfully.
C:\Program Files\Java\jre1.6.0_07 folder moved successfully.
C:\Users\Shankar\Desktop\tdsskiller.zip moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Cache folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\Cache folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens\Cache folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\StartUp Manager folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\Dashboard folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Users\Shankar\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Users\Shankar\AppData\Roaming\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shankar
->Temp folder emptied: 3436892 bytes
->Temporary Internet Files folder emptied: 6065079 bytes
->Java cache emptied: 931290 bytes
->Google Chrome cache emptied: 28130536 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Guest

User: Public

User: Shankar
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04082010_175821

Files\Folders moved on Reboot...
C:\Users\Shankar\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...


#15 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 08 April 2010 - 08:02 AM

Hello again Shankar.ish,

Good job!

Your logs appear clean of malware. clapping.gif

Now we can get rid of the tools we used from your computer and the logs that they created. thumbup2.gif

Please follow my next set of steps:


step1.gif Uninstall Combofix
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on your Start Menu, then Run....
    o (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    between the "x" and "/".> <--- It needs to be there
    Windows vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
"This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".


step2.gif Enable CD Emulation steps:
  • DeFogger - Re-Enable (only run when instructed to when your system is clean again)To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
  • IMPORTANT!: If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
  • Your Emulation drivers are now re-enabled.


step3.gif Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

To help you with this chores do the following:
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
OTL will delete: DDS, Gmer and any logs that any of the tools produced. If not then you can delete them manually delete DDS.exe and (C:\DDS). from your desktop.
I recommend keeping TFC (Temp File Cleaner), and use Malwarebyte's Anti-Malware to scan your computer regularly.

If you don't plan to use ESET OnlineScan again, then you can uninstall them through Add/Remove Programs or programs and features if vista. You can also delete: Rkill.exe, exeHelper and JavaRa and the logs they created.


If you have done all of the above, Your Computer should be Clean of Malware.
CONGRATULATIONS.
thumbup2.gif

Are things running okay? Do you have any more questions?

System Still Slow?

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

The following can help speed up your computer:

Fragmented files (Drive C) De-fragmenting is a must.

It's one of the large reasons for system slowdowns. I use JkDefrag to defragment. You can use it forever. I recommend installing it and defragmenting as soon as possible

To improve performance I recommend to check this LINK.

---------------------------^--------------------------------

OK...Shankar.ish, I'm not skilled at mincing words but I believe that by now you already figure it out how you got infected. Using P2P (File Sharing Programs: utorrent) wink.gif So, especially for you I will use my long version of my "All Clean Canned Speech".

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.:

Please take the time to read below to secure your machine and take the necessary steps to keep it Clean, some of the following you may already have, So. just disregard them.
  1. * Windows firewall uninstall.

    Firewall: It is real important that you use a third party Firewall on your computer. Without a firewall your computer is susceptible to
    being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not
    block outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
    Here are some free firewall's i would suggest trying:

    Here are some free firewalls: *PC Tool Firewall Plus or Zonealarm
    See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

    *If you choose the PC Tools Firewall Plus and you are asked to install ThreatFire do not do so.


    After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.
  2. Make sure that you keep your anti-virus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your anti-virus program to provide you with the best possible protection from malicious software.
    Note: You should only have one anti-virus installed at a time. Having more than one anti-virus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  3. Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  4. If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  5. Keep your non-Microsoft applications updated as well

    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector
    - I suggest that you run it at least once a month.

    Bottom line: the software you use every day is the biggest source of danger to your personal information. Keeping your software up to date is your best defense. You cannot afford to let vulnerabilities go un-patched.
  6. Make Internet Explorer more secure
    You are using Internet Explorer, Therefore please read and follow the recommendations at this SITE

    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  7. Backup regularly.
    You never know when your PC will become unstable or get infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.
    Alternatively, you can use 3rd-party programs to back up your data. It can be found at Bleeping Computer.
==============***============


Recommended Programs:
    To help protect your computer in the future I would recommend the download and installation of some or all of the following free programs (if not already present), and the updating of them on a regular basis:.
  1. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    *Green to go
    *Yellow for caution
    *Red to stop
    WOT has an addon available for both Firefox and IE.
  2. WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  3. McAfee Site Advisor --free version.
    To give you an indication of which sites may contain bad links or suspect downloads. It loads an icon to the taskbar of your browser (versions for IE and Firefox), As you browse, a small button on your browser toolbar changes color based on SiteAdvisor's safety results indicating the trustworthiness of the site you are on. Green for safe and Red for suspicious. Click on the icon to access details that SiteAdvisor has about the site. It also gives the same colour indications in the results page when you do a Google search, making it easier to decide which sites are safe to visit. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. Safety ratings from McAfee SiteAdvisor appear next to search results. Works with Google, Yahoo!, Live Search, AOL or ASK.
    This is a utility that can be downloaded and installed it from: HERE
  4. ERUNT (Emergency Recovery Utility NT):
    This utility allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    You can get this utility from: HERE and instructions how to Practice "Safe Computer" with regular automated Registry Backups with ERUNT from: HERE



Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

To find out more information about how you got infected in the first place? and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

To learn more about how to protect yourself while on the internet read this guide How did I get infected in the first place ?

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.
Stay clean and be safe wink.gif
That's it, happy surfing!

Cheers,
Net_Surfer


***If ComboFix tool helped you***, please kindly consider a donation to it's author, As you just experienced for yourself, ComboFix is a very effective tool. Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via:


I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

I'd be grateful if you could reply to this post so that I know you have read it and if you've no other questions, the thread can be closed.
horse.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users