Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! - Rootkit.Win32.TSSS.d


  • This topic is locked This topic is locked
22 replies to this topic

#1 djprash

djprash

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 03 May 2010 - 06:56 AM

Hi

I am having problems on my laptop with "Rootkit.Win32.TSSS.d" last week the laptop was infected with some fake security softwares such as Security Essentials 2010 which I managed to get rid of. However I did realise that my Fsecure was disables and I couldnt scan for viruses therefore I installed Kaspersky and uninstalled Fsecure. When I tried running the full scan on Kaspersky it found the rootkit but could not disinfect or delete it after various number of reboots. Searched various forums and found that tdsskiller may do the trick. Installed that and it came up with a result "C:\windows\system32\drivers\atapi.sys" infected by TDSS rootkit...will be cured on next reboot. Rebooted it but found the rootkit was still there...did these a number of times but wasnt winning. Therefore decided to post on this forum for help.

Hi have followed the steps as instructed in the preperation guide. However when I ran DDS it did not produce the attach.txt log it only came up with DDS.txt log which I have saved and is pasted as below.


DDS (Ver_10-03-17.01) - NTFSx86
Run by prashant.vara at 15:35:40.35 on 02/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2524 [GMT 1:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Dell\QuickSet\quickset .exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\prashant.vara\Desktop\Defogger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\prashant.vara\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com
uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
uSearch Bar = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk
uInternet Settings,ProxyOverride = *.local
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM .exe" -scheduler
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr .exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" delay 20000
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [PMX Daemon] ICO.EXE
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms products\bounceback express\BBLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\winsysclean 2008 trial\udmanager\UDManager.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://ms01.teamanalysis.local:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://ms01.teamanalysis.local:4343/officescan/console/ClientInstall/setup.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://ms01.teamanalysis.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228736817437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228736751687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://landmarkinfo.webex.com/client/T27L/training/ieatgpc.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\prasha~1.var\applic~1\mozilla\firefox\profiles\v8x1ojl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\prashant.vara\application data\mozilla\firefox\profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\f-secure\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\prashant.vara\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\prashant.vara\application data\mozilla\firefox\profiles\v8x1ojl6.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\prashant.vara\application data\mozilla\firefox\profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: XULRunner: {97B41313-261A-46CE-BC29-C022974F7767} - c:\documents and settings\prashant.vara\local settings\application data\{97B41313-261A-46CE-BC29-C022974F7767}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-12-9 902432]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-4-29 315408]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-12-9 2326920]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-17 54752]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-3-13 311568]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-2-26 32512]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2008-4-10 7424]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-7-4 14336]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-9 159168]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 gupdate1ca50974ef9adb0;Google Update Service (gupdate1ca50974ef9adb0);c:\program files\google\update\GoogleUpdate.exe [2009-10-19 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-2-13 58880]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-2-13 106112]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2009-2-13 18816]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-2-13 8064]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2009-4-1 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2009-4-1 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 TTDVBSTB;TTDVBSTB driver;c:\windows\system32\drivers\TTDVBSTB.sys [2008-4-17 57328]
S3 TTNDISTB;Virtual STB-S/-C/-T Network Adapter Driver;c:\windows\system32\drivers\ttndistb.sys [2008-4-17 39124]

=============== Created Last 30 ================

2010-05-02 14:34:21 0 ----a-w- c:\documents and settings\prashant.vara\defogger_reenable
2010-04-30 10:49:46 3153920 ----a-w- c:\windows\system32\secsetup.sdb
2010-04-29 16:38:41 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-29 16:38:41 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-29 16:36:55 0 d-----w- c:\program files\Kaspersky Lab
2010-04-29 16:27:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-04-29 16:05:48 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-04-29 16:05:35 0 d-----w- c:\program files\McAfee Security Scan
2010-04-29 14:28:04 0 d-----w- c:\program files\Windows Installer Clean Up
2010-04-29 09:12:45 95744 ----a-w- c:\windows\system32\6334.exe
2010-04-29 08:52:43 95744 ----a-w- c:\windows\system32\18467.exe
2010-04-28 16:22:16 0 d-----w- C:\spoolerlogs
2010-04-27 11:31:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 11:31:19 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 11:31:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 11:07:05 0 d-----w- c:\program files\Western Digital
2010-04-26 10:14:41 0 d-----w- c:\documents and settings\prashant.vara\WD Sync Data
2010-04-25 02:17:15 128 ----a-w- c:\windows\system32\perf.dat
2010-04-24 18:33:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-24 18:33:32 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 18:33:32 0 d-----w- c:\docume~1\prasha~1.var\applic~1\SUPERAntiSpyware.com
2010-04-24 15:37:59 0 d-----w- c:\docume~1\alluse~1\applic~1\avG
2010-04-24 09:11:51 0 d-----w- c:\program files\PoivY.com
2010-04-23 10:20:10 112 ----a-w- c:\docume~1\alluse~1\applic~1\vs6t10115.dat
2010-04-19 10:40:22 42 ----a-w- c:\windows\system32\Jiii_PNUCT.pnc
2010-04-19 10:39:43 42 ----a-w- c:\windows\system32\AK083E209605E394C.lie
2010-04-19 10:39:32 0 d-----w- c:\program files\Perfect Uninstaller
2010-04-16 23:09:55 0 d-----w- c:\docume~1\prasha~1.var\applic~1\Uniblue
2010-04-16 23:09:35 0 d-----w- c:\program files\Uniblue
2010-04-13 10:25:10 4608 ----a-w- c:\windows\system32\Rsrc32.dll
2010-04-13 10:25:10 2903023 ----a-w- c:\windows\system32\pdfnet.res
2010-04-13 10:25:10 2544 ----a-w- c:\windows\system32\pdf2image.lib
2010-04-13 10:25:10 1312 ----a-w- c:\windows\system32\rsrc16.dll
2010-04-13 10:25:09 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-04-13 10:25:09 2899968 ----a-w- c:\windows\system32\pdf2image.dll
2010-04-13 10:25:09 1937408 ----a-w- c:\windows\system32\FreeImage.dll

==================== Find3M ====================

2010-05-02 14:32:42 87768 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-02 13:31:47 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-02 13:31:43 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-02 13:31:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-30 11:20:55 209539 ----a-w- c:\windows\system32\nvModes.dat
2010-03-25 15:24:13 68156 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-02 21:57:44 74446927 ---ha-w- c:\docume~1\prasha~1.var\applic~1\Adobe Photoshop CS4 for Photographers.exe
2009-12-01 13:49:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009120120091202\index.dat

============= FINISH: 15:37:40.68 ===============

Attached Files

  • Attached File  DDS.txt   24.32KB   1 downloads
  • Attached File  ark.txt   120.13KB   3 downloads

Edited by Budapest, 04 May 2010 - 04:58 PM.
Bump removed ~BP


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:33 PM

Posted 05 May 2010 - 12:16 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 djprash

djprash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 05 May 2010 - 01:40 PM

Hi

Thanks for getting back. Please see the OTL report below. Also pasted is the Extras. Many Thanks once again.

OTL logfile created on: 05/05/2010 19:22:07 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\prashant.vara\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): E:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 8.90 Gb Free Space | 5.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.64 Gb Total Space | 443.50 Gb Free Space | 95.24% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LT021
Current User Name: prashant.vara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 19:20:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\prashant.vara\Desktop\OTL.exe
PRC - [2010/04/26 13:06:18 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/26 13:06:08 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2010/04/14 12:19:58 | 000,059,160 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/12/24 18:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/12/09 17:35:11 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr .exe
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
PRC - [2008/07/04 13:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/06/12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/26 17:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/03 14:57:38 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset .exe
PRC - [2007/07/03 14:53:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/01/11 21:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/12/18 16:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/12/15 12:41:30 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/27 21:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/02/07 00:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/01/24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2006/01/18 11:45:02 | 000,090,112 | ---- | M] () -- C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
PRC - [2002/12/02 20:55:10 | 000,106,496 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 19:20:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\prashant.vara\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (Roxio Upnp Server 9)
SRV - File not found [On_Demand | Stopped] -- -- (Roxio UPnP Renderer 9)
SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-061008-081103)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/01 11:07:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/26 13:28:56 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/12/24 18:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/12/09 17:35:11 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [On_Demand | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/04 13:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/05/26 17:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/05/26 17:07:16 | 000,086,016 | ---- | M] (CACE Technologies) [Auto | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/07/03 14:53:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007/02/10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - [2010/04/30 12:57:34 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/09 17:35:14 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2009/12/09 17:35:05 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2009/12/09 17:35:04 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/12/09 17:34:25 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/09 02:14:18 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/12/17 07:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 07:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/12/17 07:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 07:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/06/06 13:13:56 | 000,018,816 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsoms.sys -- (GTUHSOMS)
DRV - [2008/06/04 17:53:56 | 000,058,880 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2008/06/04 17:38:58 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2008/06/04 17:32:34 | 000,106,112 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2008/05/26 17:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/05/26 17:07:16 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 05:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/12/05 21:07:36 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/26 13:57:18 | 000,216,800 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/10 10:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 10:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/08/17 13:31:26 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/07/17 20:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/17 20:46:10 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/17 20:46:08 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/17 15:16:36 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/07/16 20:39:42 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/01 13:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/24 16:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/04/26 15:29:30 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/04/26 15:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 15:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 15:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 15:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 15:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 15:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 15:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/11/29 06:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2005/11/14 14:59:00 | 000,007,424 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2003/01/29 15:01:08 | 000,057,328 | R--- | M] (TechnoTrend AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TTDVBSTB.sys -- (TTDVBSTB)
DRV - [2003/01/29 14:49:38 | 000,039,124 | R--- | M] (TechnoTrend AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ttndistb.sys -- (TTNDISTB)
DRV - [2002/07/17 11:05:10 | 000,016,512 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2002/05/06 14:00:10 | 000,024,511 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.virginmedia.com/ [binary data]
IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6a
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {97B41313-261A-46CE-BC29-C022974F7767}:1.9.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..network.proxy.backup.ftp: "84.108.148.75"
FF - prefs.js..network.proxy.backup.ftp_port: 11055
FF - prefs.js..network.proxy.backup.gopher: "84.108.148.75"
FF - prefs.js..network.proxy.backup.gopher_port: 11055
FF - prefs.js..network.proxy.backup.socks: "84.108.148.75"
FF - prefs.js..network.proxy.backup.socks_port: 11055
FF - prefs.js..network.proxy.backup.ssl: "84.108.148.75"
FF - prefs.js..network.proxy.backup.ssl_port: 11055
FF - prefs.js..network.proxy.ftp: "190.161.67.237"
FF - prefs.js..network.proxy.ftp_port: 11033
FF - prefs.js..network.proxy.gopher: "190.161.67.237"
FF - prefs.js..network.proxy.gopher_port: 11033
FF - prefs.js..network.proxy.http: "190.161.67.237"
FF - prefs.js..network.proxy.http_port: 11033
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "190.161.67.237"
FF - prefs.js..network.proxy.socks_port: 11033
FF - prefs.js..network.proxy.ssl: "190.161.67.237"
FF - prefs.js..network.proxy.ssl_port: 11033

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/06/26 21:39:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{97B41313-261A-46CE-BC29-C022974F7767}: C:\Documents and Settings\prashant.vara\Local Settings\Application Data\{97B41313-261A-46CE-BC29-C022974F7767} [2010/03/27 12:38:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 14:27:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/04 10:32:18 | 000,000,000 | ---D | M]

[2008/08/28 10:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Extensions
[2008/05/23 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/05/04 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions
[2010/04/25 22:44:38 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/11 10:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/01/27 11:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com
[2010/01/27 11:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com-trash
[2010/05/04 14:19:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/29 17:39:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/04/08 10:19:42 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/04/08 10:19:42 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/04/08 10:19:50 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/04/08 10:19:41 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/12/09 05:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2010/05/04 10:31:28 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007/12/19 13:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2010/04/02 14:26:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/02 14:26:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/02 14:26:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/02 14:26:53 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/01/30 17:43:08 | 000,292,496 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.84 _sip._tls.abcd.winnerip.com
O1 - Hosts: 62.189.6.84 _sip._ssl.abcd.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._tls.efgh.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._ssl.efgh.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 10068 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1343024091-412668190-725345543-2737\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1343024091-412668190-725345543-2737\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe (Dell Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PMX Daemon] File not found
O4 - HKU\S-1-5-21-1343024091-412668190-725345543-2737..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1343024091-412668190-725345543-2737..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr .exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1343024091-412668190-725345543-2737..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1343024091-412668190-725345543-2737..\RunOnce: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://ms01.teamanalysis.local:4343/office...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://ms01.teamanalysis.local:4343/office...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://ms01.teamanalysis.local:4343/office.../RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1228736817437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1228736751687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layou...PSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://landmarkinfo.webex.com/client/T27L/...ing/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = teamanalysis.local
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\prashant.vara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\prashant.vara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 15:37:32 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/05/30 09:31:56 | 000,000,054 | -H-- | M] () - E:\autorun.in_2.org -- [ FAT32 ]
O32 - AutoRun File - [2007/12/23 21:31:06 | 000,000,053 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{197f3d94-2b3e-11dd-905b-001c233eeeeb}\Shell - "" = AutoRun
O33 - MountPoints2\{197f3d94-2b3e-11dd-905b-001c233eeeeb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{197f3d94-2b3e-11dd-905b-001c233eeeeb}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{197f3d95-2b3e-11dd-905b-001c233eeeeb}\Shell - "" = AutoRun
O33 - MountPoints2\{197f3d95-2b3e-11dd-905b-001c233eeeeb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{197f3d95-2b3e-11dd-905b-001c233eeeeb}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{49f88506-74e2-11dd-9078-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{49f88506-74e2-11dd-9078-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49f88506-74e2-11dd-9078-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6059c1e0-6704-11de-90a9-001e37afc004}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{6059c1e0-6704-11de-90a9-001e37afc004}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{68f00dbf-3c7c-11dd-9067-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{68f00dbf-3c7c-11dd-9067-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68f00dbf-3c7c-11dd-9067-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{7e9a0f9f-422e-11dd-9068-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{7e9a0f9f-422e-11dd-9068-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e9a0f9f-422e-11dd-9068-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{8aeae8f0-1111-11dd-bdec-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{8aeae8f0-1111-11dd-bdec-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8aeae8f0-1111-11dd-bdec-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{9ab01fe5-f132-11dd-9093-001c233eeeeb}\Shell - "" = AutoRun
O33 - MountPoints2\{9ab01fe5-f132-11dd-9093-001c233eeeeb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ab01fe5-f132-11dd-9093-001c233eeeeb}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{b9046354-071e-11dd-bdde-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{b9046354-071e-11dd-bdde-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9046354-071e-11dd-bdde-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{c397bbcd-2c9f-11dd-905c-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{c397bbcd-2c9f-11dd-905c-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c397bbcd-2c9f-11dd-905c-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d135766f-5905-11de-90a4-001e37afc004}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{d135766f-5905-11de-90a4-001e37afc004}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (74041529626263552)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 19:20:43 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\prashant.vara\Desktop\OTL.exe
[2010/05/04 10:56:51 | 000,000,000 | ---D | C] -- C:\temp
[2010/05/04 10:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/05/04 10:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Tools
[2010/04/29 17:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/04/29 17:36:18 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/04/29 17:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/04/29 17:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Kaspersky Anti-Virus 2010 with keys
[2010/04/29 17:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/29 17:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/29 15:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/29 15:19:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\prashant.vara\Recent
[2010/04/28 22:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\Temp
[2010/04/28 17:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\ACROBAT
[2010/04/28 17:22:16 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/04/27 12:31:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/27 12:31:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 12:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/26 13:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Windows Search
[2010/04/26 13:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/04/26 12:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/04/26 11:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\WD Sync Data
[2010/04/24 19:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/24 19:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Application Data\SUPERAntiSpyware.com
[2010/04/24 19:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/24 16:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\avG
[2010/04/24 16:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/24 10:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\PoivY.com
[2010/04/23 16:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Legion 2010 BRRip 720p H264-3Li
[2010/04/23 15:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Veer 2010 Hindi DVDRip XviD E-SuB xRG
[2010/04/23 13:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Virgin Broadband
[2010/04/23 12:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2010/04/23 12:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/19 16:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Prash's Playlist
[2010/04/19 12:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/19 12:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/19 11:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2010/04/17 02:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/17 00:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/17 00:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/17 00:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Application Data\Uniblue
[2010/04/17 00:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/04/13 11:25:10 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Rsrc32.dll
[2010/04/13 11:25:10 | 000,001,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsrc16.dll
[2010/04/13 11:25:09 | 001,937,408 | ---- | C] (FreeImage) -- C:\WINDOWS\System32\FreeImage.dll
[2010/04/13 11:25:09 | 000,434,252 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.DLL
[2010/04/12 17:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Nima Pics
[2010/04/09 15:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\MiniDump
[2010/04/07 15:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Digital Certificate
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 19:22:11 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/05 19:22:11 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/05 19:20:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\prashant.vara\Desktop\OTL.exe
[2010/05/05 19:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/05/05 19:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/05 19:11:34 | 000,519,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/05 19:11:34 | 000,100,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/05 19:11:33 | 000,630,746 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/05 19:11:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 19:09:18 | 000,209,539 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/05/05 19:09:16 | 000,021,021 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/05/05 19:08:51 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/05 19:05:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/05 19:04:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 19:04:51 | 3756,130,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/05 19:04:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/05/05 19:04:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/05/04 22:12:45 | 018,087,936 | -H-- | M] () -- C:\Documents and Settings\prashant.vara\NTUSER.DAT
[2010/05/04 22:12:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\prashant.vara\ntuser.ini
[2010/05/04 22:11:45 | 009,157,964 | -H-- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\IconCache.db
[2010/05/04 21:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/05/04 21:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 20:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/05/04 20:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 18:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/05/04 18:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/04 18:06:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/04 17:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/05/04 17:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/04 16:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/05/04 16:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/04 15:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/05/04 15:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/04 14:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/05/04 14:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/04 13:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/05/04 13:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/04 12:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/05/04 12:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/04 11:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/05/04 11:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/04 10:32:19 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010/05/04 10:22:02 | 000,002,357 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Operational Rating Toolkit.lnk
[2010/05/04 10:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/05/04 10:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/04 09:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 09:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/05/04 09:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/03 22:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/05/03 22:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/03 12:46:40 | 000,087,768 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/05/03 01:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/05/03 01:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/03 00:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/05/03 00:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/02 23:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/05/02 23:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/02 19:03:05 | 002,203,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/02 15:34:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\prashant.vara\defogger_reenable
[2010/05/01 21:31:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/30 20:04:13 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/30 20:03:49 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 14:45:20 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/30 12:57:34 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/04/30 12:20:55 | 000,209,539 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/04/30 11:49:48 | 003,153,920 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb
[2010/04/29 15:38:16 | 000,000,752 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 15:38:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/29 15:38:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/29 14:35:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/29 10:12:45 | 000,095,744 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/04/29 09:52:43 | 000,095,744 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/04/28 19:14:55 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Shortcut to AWC .lnk
[2010/04/28 17:11:05 | 1205,562,947 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\ACROBAT.rar
[2010/04/28 16:54:41 | 007,216,224 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Jordan Sparks Ft. Chris Brown - No Air.mp3
[2010/04/27 12:31:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 12:15:58 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\fix.reg
[2010/04/27 12:07:57 | 000,014,718 | -HS- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\c7vdif
[2010/04/27 12:07:57 | 000,014,718 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\c7vdif
[2010/04/26 17:51:13 | 000,010,752 | -HS- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\b08620CF7A25y
[2010/04/26 17:51:13 | 000,010,752 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b08620CF7A25y
[2010/04/26 11:41:00 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Shortcut to Weekly Activity Sheet.lnk
[2010/04/25 03:17:15 | 000,000,128 | ---- | M] () -- C:\WINDOWS\System32\perf.dat
[2010/04/25 03:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/04/25 03:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/25 03:06:30 | 000,015,296 | -HS- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\miOVLH
[2010/04/25 03:06:30 | 000,015,296 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\miOVLH
[2010/04/25 02:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/04/25 02:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/25 01:59:54 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vs6t10115.dat
[2010/04/24 09:58:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\WavXMapDrive.bat
[2010/04/23 15:26:14 | 000,326,093 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\ESTA_2020vision_Delegate_Pack_2010_04_28_BRADFORD.pdf
[2010/04/23 13:24:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/04/23 13:24:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/04/23 13:24:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/04/23 13:24:49 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/04/23 13:24:49 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/04/23 11:17:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/23 11:17:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/23 11:16:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/23 11:16:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/23 11:16:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/19 18:55:05 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2010/04/19 17:09:55 | 008,895,304 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\01 Forever.mp3
[2010/04/19 12:29:15 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/19 11:40:22 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2010/04/19 11:39:43 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/04/19 11:39:37 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Perfect Uninstaller.lnk
[2010/04/17 15:18:17 | 000,001,152 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8nIWg
[2010/04/17 00:09:44 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2010/04/14 21:39:57 | 000,017,802 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\competency (Autosaved).docx
[2010/04/13 12:46:39 | 000,435,242 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\ht_install_extractorfan.pdf
[2010/04/13 11:26:06 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DesignBuilder.lnk
[2010/04/09 17:55:34 | 000,000,074 | ---- | M] () -- C:\WINDOWS\webica.ini
[2010/04/08 14:16:41 | 000,025,529 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Uncertainty and lack of understanding greet official launch of CRC scheme.pdf
[2010/04/06 16:22:36 | 002,202,195 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Application Data\vso_ts_preview.xml
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 10:32:19 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010/05/02 15:34:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\prashant.vara\defogger_reenable
[2010/04/30 11:49:46 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb
[2010/04/29 17:38:41 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/04/29 17:38:41 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/04/29 10:12:45 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/04/29 09:52:43 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/04/28 19:14:55 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Shortcut to AWC .lnk
[2010/04/28 16:47:39 | 1205,562,947 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\ACROBAT.rar
[2010/04/27 12:31:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 12:17:00 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\fix.reg
[2010/04/27 12:05:51 | 000,014,718 | -HS- | C] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\c7vdif
[2010/04/27 12:05:51 | 000,014,718 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c7vdif
[2010/04/26 17:49:07 | 000,010,752 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b08620CF7A25y
[2010/04/26 17:49:06 | 000,010,752 | -HS- | C] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\b08620CF7A25y
[2010/04/26 11:41:00 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Shortcut to Weekly Activity Sheet.lnk
[2010/04/25 03:17:15 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\perf.dat
[2010/04/24 16:37:59 | 000,015,296 | -HS- | C] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\miOVLH
[2010/04/24 16:37:59 | 000,015,296 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\miOVLH
[2010/04/23 15:26:14 | 000,326,093 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\ESTA_2020vision_Delegate_Pack_2010_04_28_BRADFORD.pdf
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/04/23 13:24:50 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/04/23 13:24:49 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/04/23 13:24:49 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/04/23 13:24:49 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/04/23 13:24:49 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/04/23 13:24:49 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/04/23 13:24:47 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/04/23 13:24:47 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/04/23 13:24:46 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/04/23 13:24:46 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/04/23 13:24:44 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/04/23 13:24:44 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/04/23 13:24:44 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/04/23 11:20:10 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vs6t10115.dat
[2010/04/23 11:17:06 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/23 11:17:06 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/23 11:17:06 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/23 11:17:05 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/23 11:17:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/23 11:17:03 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/23 11:17:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/23 11:17:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/23 11:17:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/23 11:17:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/23 11:17:02 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/23 11:17:00 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/23 11:16:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/23 11:16:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/23 11:16:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/23 11:16:57 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/23 11:16:56 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/23 11:16:56 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/23 11:16:56 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/23 11:16:55 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/23 11:16:54 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/23 11:16:54 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/23 11:16:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/23 11:16:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/04/19 17:04:50 | 008,895,304 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\01 Forever.mp3
[2010/04/19 17:04:40 | 007,216,224 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Jordan Sparks Ft. Chris Brown - No Air.mp3
[2010/04/19 11:40:22 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2010/04/19 11:39:43 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/04/19 11:39:37 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Perfect Uninstaller.lnk
[2010/04/17 02:17:07 | 000,001,152 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\8nIWg
[2010/04/17 02:17:07 | 000,001,152 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8nIWg
[2010/04/17 00:09:44 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2010/04/14 21:39:57 | 000,017,802 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\competency (Autosaved).docx
[2010/04/13 12:46:39 | 000,435,242 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\ht_install_extractorfan.pdf
[2010/04/13 11:26:06 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DesignBuilder.lnk
[2010/04/13 11:25:10 | 002,903,023 | ---- | C] () -- C:\WINDOWS\System32\pdfnet.res
[2010/04/13 11:25:10 | 000,002,544 | ---- | C] () -- C:\WINDOWS\System32\pdf2image.lib
[2010/04/13 11:25:09 | 002,899,968 | ---- | C] () -- C:\WINDOWS\System32\pdf2image.dll
[2010/04/08 14:16:41 | 000,025,529 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Uncertainty and lack of understanding greet official launch of CRC scheme.pdf
[2010/02/24 22:11:46 | 000,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini
[2010/02/10 19:31:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/01/29 22:40:48 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/29 22:40:29 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/26 13:29:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/08/01 20:36:18 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/26 17:39:42 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/01/12 17:08:20 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/25 14:41:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/10/20 23:22:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/10/20 22:44:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/20 22:44:31 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/10/20 22:44:31 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/10/20 22:44:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/09/30 13:45:35 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/07/25 14:47:17 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/05/25 18:04:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/11 17:29:38 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/04/08 21:43:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/08 16:27:54 | 000,152,624 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFS.DLL
[2008/04/08 16:27:53 | 000,021,552 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFM.DLL
[2008/04/02 10:11:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2008/04/02 10:09:29 | 000,002,252 | ---- | C] () -- C:\WINDOWS\1way.ini
[2008/04/02 10:04:01 | 000,008,759 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2008/03/29 21:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/03/29 21:33:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/29 21:21:57 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/29 21:15:03 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/03/29 21:12:29 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/03/29 21:12:29 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/03/29 21:06:31 | 000,131,062 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/03/29 20:40:34 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/29 20:40:34 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/29 20:40:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/03/29 20:40:33 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/03/29 20:40:17 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/03/29 20:38:39 | 000,001,205 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 01:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/03/08 04:31:56 | 000,183,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2009/03/08 04:32:04 | 000,611,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstime.dll
[2008/04/14 01:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

< >
< End of report >

----------------------
Extras.Txt

OTL Extras logfile created on: 05/05/2010 19:25:16 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\prashant.vara\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): E:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 8.90 Gb Free Space | 5.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.64 Gb Total Space | 443.50 Gb Free Space | 95.24% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LT021
Current User Name: prashant.vara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [open] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
wshfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Force Uninstall] -- C:\Program Files\Perfect Uninstaller\PU.exe "%1" ()
Directory [Jessops] -- "C:\Program Files\jessops\Jessops\Jessops.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:HTTP
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\VoipCheapCom\voipcheapcom.exe" = C:\Program Files\VoipCheapCom\voipcheapcom.exe:*:Enabled:Client to make VoIP calls. -- File not found
"C:\Program Files\PoivY.com\PoivY\poivy.exe" = C:\Program Files\PoivY.com\PoivY\poivy.exe:*:Enabled:Client to make VoIP calls. -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Documents and Settings\prashant.vara\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\prashant.vara\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\PoivY.com\PoivY\PoivY .exe" = C:\Program Files\PoivY.com\PoivY\PoivY .exe:*:Enabled:PoivY -- (PoivY)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{059D6814-73F9-480B-B0B2-D6428F1C1F99}" = SolidWorks eDrawings 2010
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{06FE635A-BE8C-4208-91A9-FB6E641A4F52}" = ArcSoft Panorama Maker 4 Pro
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08333C2F-8219-48E8-8569-E53D4C761882}" = Network Recording Player
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{287419D8-E7A6-4310-8E5B-4258B4FFC580}" = SystemsLink Operational Rating Toolkit
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{473D5B21-D7AD-42A7-A585-014728D0BFFB}" = ORCalc
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53921274-924B-11D4-9583-00D05CFFAAFA}" = DEC
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}" = Nokia PC Suite
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7335D14A-7843-4168-B053-DB16D8496501}" = Virgin Media Broadband Help
"{764FBCE2-1593-11D4-A51F-0800460222F0}" = Callserve Internet Telephone
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C306D70-8A6C-11D5-8CDF-00D0B78FC575}" = DesignBuilder
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}" = Mouse Suite for Laptop Computers
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DD30C2FD-F485-46A8-8153-88EC2650BC79}" = Sky Anytime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"225af9a1-b556-11d5-94aa-0010b5426419" = MyDSC_CIF
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"4U WMA MP3 Converter_is1" = 4U WMA MP3 Converter 5.6.0
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Any DWG DXF Converter_is1" = Any DWG DXF Converter 2010
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Citrix ICA Web Client" = Citrix ICA Web Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 7.15.7.8
"DC-Bass Source" = DC-Bass Source 1.1.1
"Diino_is1" = Diino 4.2.1.2
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"Foxit Reader" = Foxit Reader
"GearDrivers" = GearDrivers
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"IObit Security 360_is1" = IObit Security 360
"Jessops" = Jessops
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Magic ISO Maker v5.4 (build 0247)" = Magic ISO Maker v5.4 (build 0247)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PRJPRO" = Microsoft Project Professional 2010
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.5
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"Picasa 3" = Picasa 3
"PoivY_is1" = PoivY
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel® PROSet/Wireless Software
"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.14
"RealMedia" = RealMedia (remove only)
"Registry Mechanic_is1" = Registry Mechanic 7.0
"SearchAssist" = SearchAssist
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Size It 2006" = Size It 2006
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Dell Touchpad
"SystemRequirementsLab" = System Requirements Lab
"Tesco Photobook Creator_is1" = Tesco Photobook Creator
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uconeer 2.4_is1" = Uconeer 2.4
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vitamin D Video_is1" = Vitamin D Video 1.1.1
"VLC media player" = VLC media player 1.0.0
"VoipCheapCom_is1" = VoipCheapCom
"VSO ConvertXtoDVD_is1" = ConvertXtoDVD 2.1.8.191
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Win2PDF_is1" = Win2PDF 3.30
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6a8c0ab469b49934" = Company Management
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/04/2010 07:19:46 | Computer Name = LT021 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 30/04/2010 07:19:46 | Computer Name = LT021 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 30/04/2010 08:16:18 | Computer Name = LT021 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 30/04/2010 08:16:19 | Computer Name = LT021 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 30/04/2010 08:16:40 | Computer Name = LT021 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 30/04/2010 08:17:44 | Computer Name = LT021 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 30/04/2010 08:55:27 | Computer Name = LT021 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 30/04/2010 08:55:30 | Computer Name = LT021 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 30/04/2010 08:55:46 | Computer Name = LT021 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 30/04/2010 08:56:49 | Computer Name = LT021 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

[ OSession Events ]
Error - 13/04/2010 06:48:01 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/04/2010 11:20:00 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/04/2010 11:21:25 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/04/2010 11:21:36 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/04/2010 11:22:43 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/04/2010 11:23:12 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/04/2010 11:23:23 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/04/2010 11:29:53 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/04/2010 11:30:07 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/04/2010 11:32:15 | Computer Name = LT021 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6323.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/05/2010 14:05:09 | Computer Name = LT021 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001C233EEEEB has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/05/2010 14:05:28 | Computer Name = LT021 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain TEAMANALYSIS due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 05/05/2010 14:06:44 | Computer Name = LT021 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 05/05/2010 14:06:44 | Computer Name = LT021 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 05/05/2010 14:06:51 | Computer Name = LT021 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 05/05/2010 14:06:51 | Computer Name = LT021 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Remote Packet Capture
Protocol v.0 (experimental) service to connect.

Error - 05/05/2010 14:06:51 | Computer Name = LT021 | Source = Service Control Manager | ID = 7000
Description = The Remote Packet Capture Protocol v.0 (experimental) service failed
to start due to the following error: %%1053

Error - 05/05/2010 14:08:18 | Computer Name = LT021 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 05/05/2010 14:16:00 | Computer Name = LT021 | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402

Error - 05/05/2010 14:16:00 | Computer Name = LT021 | Source = Schedule | ID = 7901
Description = The At44.job command failed to start due to the following error: %%2147942402


< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:33 PM

Posted 05 May 2010 - 06:23 PM

Hi djprash,

Can you tell me if you put the following entries in your hosts file?

O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.84 _sip._tls.abcd.winnerip.com


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
    SRV - File not found [Auto | Stopped] -- -- (Roxio Upnp Server 9)
    SRV - File not found [On_Demand | Stopped] -- -- (Roxio UPnP Renderer 9)
    SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-061008-081103)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
    O4 - HKLM..\Run: [PMX Daemon] File not found
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
    MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found
    [2010/05/05 19:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2010/05/05 19:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010/05/04 21:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
    [2010/05/04 21:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2010/05/04 20:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
    [2010/05/04 20:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2010/05/04 18:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
    [2010/05/04 18:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2010/05/04 17:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
    [2010/05/04 17:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2010/05/04 16:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
    [2010/05/04 16:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2010/05/04 15:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
    [2010/05/04 15:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2010/05/04 14:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2010/05/04 14:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2010/05/04 13:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2010/05/04 13:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2010/05/04 12:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2010/05/04 12:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2010/05/04 11:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2010/05/04 11:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2010/05/04 10:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2010/05/04 10:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2010/05/04 09:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2010/05/04 09:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2010/05/03 22:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
    [2010/05/03 22:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2010/05/03 01:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2010/05/03 01:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2010/05/03 00:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2010/05/03 00:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2010/05/02 23:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
    [2010/05/02 23:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2010/04/29 10:12:45 | 000,095,744 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2010/04/29 09:52:43 | 000,095,744 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/04/27 12:07:57 | 000,014,718 | -HS- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\c7vdif
    [2010/04/27 12:07:57 | 000,014,718 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\c7vdif
    [2010/04/26 17:51:13 | 000,010,752 | -HS- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\b08620CF7A25y
    [2010/04/26 17:51:13 | 000,010,752 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b08620CF7A25y
    [2010/04/25 03:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2010/04/25 03:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2010/04/25 03:06:30 | 000,015,296 | -HS- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\miOVLH
    [2010/04/25 03:06:30 | 000,015,296 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\miOVLH
    [2010/04/25 02:16:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2010/04/25 02:16:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2010/04/23 13:24:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2010/04/23 13:24:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2010/04/23 13:24:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2010/04/23 13:24:49 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2010/04/23 13:24:49 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2010/04/23 11:17:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2010/04/23 11:17:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2010/04/23 11:16:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2010/04/23 11:16:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2010/04/23 11:16:58 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2010/04/23 11:20:10 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vs6t10115.dat
    [2010/04/17 02:17:07 | 000,001,152 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\8nIWg
    [2010/04/17 02:17:07 | 000,001,152 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8nIWg
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.

unite.jpg


#5 djprash

djprash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 06 May 2010 - 11:58 AM

Thank You Syler.

I have run what you requested. And the log is pasted below. I have also re run the OTL as instructed and included the OTL log.

To the question you asked regarding host files. I dont understand what you mean by that but callserve and phoneserve are VOIP softwares that I have used in the past. I have no idea what winnerip is.

Thanks again.

All processes killed
========== OTL ==========
Service stllssvr stopped successfully!
Service stllssvr deleted successfully!
Service Roxio Upnp Server 9 stopped successfully!
Service Roxio Upnp Server 9 deleted successfully!
Service Roxio UPnP Renderer 9 stopped successfully!
Service Roxio UPnP Renderer 9 deleted successfully!
Service GoogleDesktopManager-061008-081103 stopped successfully!
Service GoogleDesktopManager-061008-081103 deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PMX Daemon deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\HP Software Update\ deleted successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\Documents and Settings\prashant.vara\Local Settings\Application Data\c7vdif moved successfully.
C:\Documents and Settings\All Users\Application Data\c7vdif moved successfully.
C:\Documents and Settings\prashant.vara\Local Settings\Application Data\b08620CF7A25y moved successfully.
C:\Documents and Settings\All Users\Application Data\b08620CF7A25y moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\Documents and Settings\prashant.vara\Local Settings\Application Data\miOVLH moved successfully.
C:\Documents and Settings\All Users\Application Data\miOVLH moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\Documents and Settings\All Users\Application Data\vs6t10115.dat moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\8nIWg moved successfully.
C:\Documents and Settings\All Users\Application Data\8nIWg moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 65709 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: administrator.TEAMANALYSIS
->Temp folder emptied: 97012223 bytes
->Temporary Internet Files folder emptied: 63233459 bytes
->Java cache emptied: 2096 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: install
->Temp folder emptied: 874276 bytes
->Temporary Internet Files folder emptied: 194079 bytes
->Flash cache emptied: 321 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1130538 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6416207 bytes
->Java cache emptied: 17901 bytes
->Flash cache emptied: 4291 bytes

User: prashant.vara
->Temp folder emptied: 158555254 bytes
->Temporary Internet Files folder emptied: 63612051 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42125035 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 18607409 bytes
->Flash cache emptied: 42620 bytes

User: PRASHA~1~VAR

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 109681 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26774768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 33320 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 457.00 mb


[EMPTYFLASH]

User: Administrator

User: administrator.TEAMANALYSIS
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: install
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: prashant.vara
->Flash cache emptied: 0 bytes

User: PRASHA~1~VAR

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05062010_163548

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\prashant.vara\Local Settings\Temp\~DF5610.tmp not found!
File\Folder C:\Documents and Settings\prashant.vara\Local Settings\Temp\~DF56D0.tmp not found!
File\Folder C:\Documents and Settings\prashant.vara\Local Settings\Temp\~DF5945.tmp not found!
File\Folder C:\Documents and Settings\prashant.vara\Local Settings\Temp\~DF59D0.tmp not found!
C:\Documents and Settings\prashant.vara\Local Settings\Temporary Internet Files\Content.IE5\YOZHR6LJ\index[3].htm moved successfully.
C:\Documents and Settings\prashant.vara\Local Settings\Temporary Internet Files\Content.IE5\PI64LHVZ\virginmedia_com[1].htm moved successfully.
C:\Documents and Settings\prashant.vara\Local Settings\Temporary Internet Files\Content.IE5\D38T3JIC\activityi;src=2006560;type=landings;cat=mobil715;ord=4487838424963[1].htm moved successfully.
C:\Documents and Settings\prashant.vara\Local Settings\Temporary Internet Files\Content.IE5\7GSA5H6S\iframe[1].htm moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_878.dat moved successfully.

Registry entries deleted on Reboot...


-------------------------------

OTL log

OTL logfile created on: 06/05/2010 16:53:23 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\prashant.vara\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): E:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 9.21 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.64 Gb Total Space | 443.50 Gb Free Space | 95.24% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LT021
Current User Name: prashant.vara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 19:20:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\prashant.vara\Desktop\OTL.exe
PRC - [2010/04/26 13:06:18 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/04/26 13:06:08 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2010/04/14 12:19:58 | 000,059,160 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/12/24 18:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/12/09 17:35:11 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr .exe
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
PRC - [2008/07/04 13:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/06/12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/26 17:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/03 14:57:38 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset .exe
PRC - [2007/07/03 14:53:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/01/11 21:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/12/18 16:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/12/15 12:41:30 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/27 21:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/02/07 00:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/01/24 00:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2006/01/18 11:45:02 | 000,090,112 | ---- | M] () -- C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
PRC - [2002/12/02 20:55:10 | 000,106,496 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 19:20:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\prashant.vara\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/01 11:07:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/26 13:28:56 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/12/24 18:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/12/09 17:35:11 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/01/14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [On_Demand | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/04 13:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/05/26 17:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/05/26 17:07:16 | 000,086,016 | ---- | M] (CACE Technologies) [Auto | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/07/03 14:53:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007/02/10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - [2010/04/30 12:57:34 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/09 17:35:14 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2009/12/09 17:35:05 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2009/12/09 17:35:04 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/12/09 17:34:25 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/09 02:14:18 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/12/17 07:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 07:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/12/17 07:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 07:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/06/06 13:13:56 | 000,018,816 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsoms.sys -- (GTUHSOMS)
DRV - [2008/06/04 17:53:56 | 000,058,880 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2008/06/04 17:38:58 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2008/06/04 17:32:34 | 000,106,112 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2008/05/26 17:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/05/26 17:07:16 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 05:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/12/05 21:07:36 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/26 13:57:18 | 000,216,800 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/10 10:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 10:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/08/17 13:31:26 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/07/17 20:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/17 20:46:10 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/17 20:46:08 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/17 15:16:36 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/07/16 20:39:42 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/01 13:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/24 16:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/04/26 15:29:30 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/04/26 15:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/04/26 15:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/04/26 15:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/26 15:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007/04/26 15:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/26 15:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/04/26 15:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/11/29 06:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2005/11/14 14:59:00 | 000,007,424 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2003/01/29 15:01:08 | 000,057,328 | R--- | M] (TechnoTrend AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TTDVBSTB.sys -- (TTDVBSTB)
DRV - [2003/01/29 14:49:38 | 000,039,124 | R--- | M] (TechnoTrend AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ttndistb.sys -- (TTNDISTB)
DRV - [2002/07/17 11:05:10 | 000,016,512 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2002/05/06 14:00:10 | 000,024,511 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=5080330
IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.virginmedia.com/ [binary data]
IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-412668190-725345543-2737\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6a
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {97B41313-261A-46CE-BC29-C022974F7767}:1.9.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..network.proxy.backup.ftp: "84.108.148.75"
FF - prefs.js..network.proxy.backup.ftp_port: 11055
FF - prefs.js..network.proxy.backup.gopher: "84.108.148.75"
FF - prefs.js..network.proxy.backup.gopher_port: 11055
FF - prefs.js..network.proxy.backup.socks: "84.108.148.75"
FF - prefs.js..network.proxy.backup.socks_port: 11055
FF - prefs.js..network.proxy.backup.ssl: "84.108.148.75"
FF - prefs.js..network.proxy.backup.ssl_port: 11055
FF - prefs.js..network.proxy.ftp: "190.161.67.237"
FF - prefs.js..network.proxy.ftp_port: 11033
FF - prefs.js..network.proxy.gopher: "190.161.67.237"
FF - prefs.js..network.proxy.gopher_port: 11033
FF - prefs.js..network.proxy.http: "190.161.67.237"
FF - prefs.js..network.proxy.http_port: 11033
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "190.161.67.237"
FF - prefs.js..network.proxy.socks_port: 11033
FF - prefs.js..network.proxy.ssl: "190.161.67.237"
FF - prefs.js..network.proxy.ssl_port: 11033

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/06/26 21:39:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{97B41313-261A-46CE-BC29-C022974F7767}: C:\Documents and Settings\prashant.vara\Local Settings\Application Data\{97B41313-261A-46CE-BC29-C022974F7767} [2010/03/27 12:38:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 14:27:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/04 10:32:18 | 000,000,000 | ---D | M]

[2008/08/28 10:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Extensions
[2008/05/23 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/05/04 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions
[2010/04/25 22:44:38 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/02/11 10:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/01/27 11:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com
[2010/01/27 11:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com-trash
[2010/05/04 14:19:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/29 17:39:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/04/08 10:19:42 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/04/08 10:19:42 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/04/08 10:19:50 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/04/08 10:19:41 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/12/09 05:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2010/05/04 10:31:28 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2007/12/19 13:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2010/04/02 14:26:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/02 14:26:52 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/02 14:26:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/02 14:26:53 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/01/30 17:43:08 | 000,292,496 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.84 _sip._tls.abcd.winnerip.com
O1 - Hosts: 62.189.6.84 _sip._ssl.abcd.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._tls.efgh.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._ssl.efgh.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 10068 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1343024091-412668190-725345543-2737\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1343024091-412668190-725345543-2737\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe (Dell Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1343024091-412668190-725345543-2737..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1343024091-412668190-725345543-2737..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr .exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1343024091-412668190-725345543-2737..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1343024091-412668190-725345543-2737..\RunOnce: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1343024091-412668190-725345543-2737\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: buy-security-essentials.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://ms01.teamanalysis.local:4343/office...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://ms01.teamanalysis.local:4343/office...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://ms01.teamanalysis.local:4343/office.../RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1228736817437 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1228736751687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layou...PSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://landmarkinfo.webex.com/client/T27L/...ing/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = teamanalysis.local
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\prashant.vara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\prashant.vara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 15:37:32 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/05/30 09:31:56 | 000,000,054 | -H-- | M] () - E:\autorun.in_2.org -- [ FAT32 ]
O32 - AutoRun File - [2007/12/23 21:31:06 | 000,000,053 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{197f3d94-2b3e-11dd-905b-001c233eeeeb}\Shell - "" = AutoRun
O33 - MountPoints2\{197f3d94-2b3e-11dd-905b-001c233eeeeb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{197f3d94-2b3e-11dd-905b-001c233eeeeb}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{197f3d95-2b3e-11dd-905b-001c233eeeeb}\Shell - "" = AutoRun
O33 - MountPoints2\{197f3d95-2b3e-11dd-905b-001c233eeeeb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{197f3d95-2b3e-11dd-905b-001c233eeeeb}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{49f88506-74e2-11dd-9078-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{49f88506-74e2-11dd-9078-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49f88506-74e2-11dd-9078-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6059c1e0-6704-11de-90a9-001e37afc004}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{6059c1e0-6704-11de-90a9-001e37afc004}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{68f00dbf-3c7c-11dd-9067-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{68f00dbf-3c7c-11dd-9067-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{68f00dbf-3c7c-11dd-9067-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{7e9a0f9f-422e-11dd-9068-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{7e9a0f9f-422e-11dd-9068-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e9a0f9f-422e-11dd-9068-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{8aeae8f0-1111-11dd-bdec-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{8aeae8f0-1111-11dd-bdec-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8aeae8f0-1111-11dd-bdec-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{9ab01fe5-f132-11dd-9093-001c233eeeeb}\Shell - "" = AutoRun
O33 - MountPoints2\{9ab01fe5-f132-11dd-9093-001c233eeeeb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ab01fe5-f132-11dd-9093-001c233eeeeb}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{b9046354-071e-11dd-bdde-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{b9046354-071e-11dd-bdde-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9046354-071e-11dd-bdde-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{c397bbcd-2c9f-11dd-905c-001e37afc004}\Shell - "" = AutoRun
O33 - MountPoints2\{c397bbcd-2c9f-11dd-905c-001e37afc004}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c397bbcd-2c9f-11dd-905c-001e37afc004}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d135766f-5905-11de-90a4-001e37afc004}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{d135766f-5905-11de-90a4-001e37afc004}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 16:35:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/05 19:20:43 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\prashant.vara\Desktop\OTL.exe
[2010/05/04 10:56:51 | 000,000,000 | ---D | C] -- C:\temp
[2010/05/04 10:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/05/04 10:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Tools
[2010/04/29 17:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/04/29 17:36:18 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/04/29 17:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/04/29 17:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Kaspersky Anti-Virus 2010 with keys
[2010/04/29 17:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/29 17:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/04/29 15:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/29 15:19:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\prashant.vara\Recent
[2010/04/28 22:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\Temp
[2010/04/28 17:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\ACROBAT
[2010/04/28 17:22:16 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/04/27 12:31:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/27 12:31:19 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 12:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/26 13:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Windows Search
[2010/04/26 13:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/04/26 12:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/04/26 11:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\WD Sync Data
[2010/04/24 19:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/24 19:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Application Data\SUPERAntiSpyware.com
[2010/04/24 19:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/24 16:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\avG
[2010/04/24 16:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/24 10:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\PoivY.com
[2010/04/23 16:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Legion 2010 BRRip 720p H264-3Li
[2010/04/23 15:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Veer 2010 Hindi DVDRip XviD E-SuB xRG
[2010/04/23 13:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Virgin Broadband
[2010/04/23 12:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2010/04/23 12:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/19 16:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Prash's Playlist
[2010/04/19 12:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/19 12:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/19 11:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2010/04/17 02:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/17 00:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/17 00:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/17 00:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Application Data\Uniblue
[2010/04/17 00:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/04/13 11:25:10 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Rsrc32.dll
[2010/04/13 11:25:10 | 000,001,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsrc16.dll
[2010/04/13 11:25:09 | 001,937,408 | ---- | C] (FreeImage) -- C:\WINDOWS\System32\FreeImage.dll
[2010/04/13 11:25:09 | 000,434,252 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.DLL
[2010/04/12 17:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Nima Pics
[2010/04/09 15:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\MiniDump
[2010/04/07 15:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\prashant.vara\Desktop\Digital Certificate

========== Files - Modified Within 30 Days ==========

[2010/05/06 16:46:36 | 000,209,539 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/05/06 16:46:32 | 000,021,021 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2010/05/06 16:46:31 | 000,519,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/06 16:46:31 | 000,100,330 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/06 16:46:30 | 000,630,746 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/06 16:45:13 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 16:40:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 16:40:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 16:40:22 | 3756,130,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 16:40:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/05/06 16:40:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/05/06 16:39:35 | 018,087,936 | -H-- | M] () -- C:\Documents and Settings\prashant.vara\NTUSER.DAT
[2010/05/06 16:39:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\prashant.vara\ntuser.ini
[2010/05/05 22:15:46 | 009,159,218 | -H-- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\IconCache.db
[2010/05/05 22:11:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 19:22:11 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/05 19:22:11 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/05 19:20:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\prashant.vara\Desktop\OTL.exe
[2010/05/04 18:06:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/04 10:32:19 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010/05/04 10:22:02 | 000,002,357 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Operational Rating Toolkit.lnk
[2010/05/04 09:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/03 12:46:40 | 000,087,768 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/05/02 19:03:05 | 002,203,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/02 15:34:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\prashant.vara\defogger_reenable
[2010/05/01 21:31:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/30 20:04:13 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/30 20:03:49 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 14:45:20 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/30 12:57:34 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2010/04/30 12:20:55 | 000,209,539 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/04/30 11:49:48 | 003,153,920 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb
[2010/04/29 15:38:16 | 000,000,752 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 15:38:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/29 15:38:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/29 14:35:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/28 19:14:55 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Shortcut to AWC .lnk
[2010/04/28 17:11:05 | 1205,562,947 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\ACROBAT.rar
[2010/04/28 16:54:41 | 007,216,224 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Jordan Sparks Ft. Chris Brown - No Air.mp3
[2010/04/27 12:31:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 12:15:58 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\fix.reg
[2010/04/26 11:41:00 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Shortcut to Weekly Activity Sheet.lnk
[2010/04/25 03:17:15 | 000,000,128 | ---- | M] () -- C:\WINDOWS\System32\perf.dat
[2010/04/24 09:58:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Local Settings\Application Data\WavXMapDrive.bat
[2010/04/23 15:26:14 | 000,326,093 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\ESTA_2020vision_Delegate_Pack_2010_04_28_BRADFORD.pdf
[2010/04/19 18:55:05 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[2010/04/19 17:09:55 | 008,895,304 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\01 Forever.mp3
[2010/04/19 12:29:15 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/19 11:40:22 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2010/04/19 11:39:43 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/04/19 11:39:37 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Perfect Uninstaller.lnk
[2010/04/17 00:09:44 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2010/04/14 21:39:57 | 000,017,802 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\competency (Autosaved).docx
[2010/04/13 12:46:39 | 000,435,242 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\ht_install_extractorfan.pdf
[2010/04/13 11:26:06 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DesignBuilder.lnk
[2010/04/09 17:55:34 | 000,000,074 | ---- | M] () -- C:\WINDOWS\webica.ini
[2010/04/08 14:16:41 | 000,025,529 | ---- | M] () -- C:\Documents and Settings\prashant.vara\Desktop\Uncertainty and lack of understanding greet official launch of CRC scheme.pdf

========== Files Created - No Company Name ==========

[2010/05/04 10:32:19 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2010/05/02 15:34:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\prashant.vara\defogger_reenable
[2010/04/30 11:49:46 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb
[2010/04/29 17:38:41 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/04/29 17:38:41 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/04/28 19:14:55 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Shortcut to AWC .lnk
[2010/04/28 16:47:39 | 1205,562,947 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\ACROBAT.rar
[2010/04/27 12:31:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/27 12:17:00 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\fix.reg
[2010/04/26 11:41:00 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Shortcut to Weekly Activity Sheet.lnk
[2010/04/25 03:17:15 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\perf.dat
[2010/04/23 15:26:14 | 000,326,093 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\ESTA_2020vision_Delegate_Pack_2010_04_28_BRADFORD.pdf
[2010/04/19 17:04:50 | 008,895,304 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\01 Forever.mp3
[2010/04/19 17:04:40 | 007,216,224 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Jordan Sparks Ft. Chris Brown - No Air.mp3
[2010/04/19 11:40:22 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2010/04/19 11:39:43 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2010/04/19 11:39:37 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Perfect Uninstaller.lnk
[2010/04/17 00:09:44 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2010/04/14 21:39:57 | 000,017,802 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\competency (Autosaved).docx
[2010/04/13 12:46:39 | 000,435,242 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\ht_install_extractorfan.pdf
[2010/04/13 11:26:06 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DesignBuilder.lnk
[2010/04/13 11:25:10 | 002,903,023 | ---- | C] () -- C:\WINDOWS\System32\pdfnet.res
[2010/04/13 11:25:10 | 000,002,544 | ---- | C] () -- C:\WINDOWS\System32\pdf2image.lib
[2010/04/13 11:25:09 | 002,899,968 | ---- | C] () -- C:\WINDOWS\System32\pdf2image.dll
[2010/04/08 14:16:41 | 000,025,529 | ---- | C] () -- C:\Documents and Settings\prashant.vara\Desktop\Uncertainty and lack of understanding greet official launch of CRC scheme.pdf
[2010/02/24 22:11:46 | 000,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini
[2010/02/10 19:31:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/01/29 22:40:48 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/29 22:40:29 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/26 13:29:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/08/01 20:36:18 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/26 17:39:42 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/01/12 17:08:20 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/25 14:41:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/10/20 23:22:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/10/20 22:44:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/20 22:44:31 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/10/20 22:44:31 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/10/20 22:44:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/09/30 13:45:35 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/07/25 14:47:17 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/05/25 18:04:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/11 17:29:38 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/04/08 21:43:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/08 16:27:54 | 000,152,624 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFS.DLL
[2008/04/08 16:27:53 | 000,021,552 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFM.DLL
[2008/04/02 10:11:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2008/04/02 10:09:29 | 000,002,252 | ---- | C] () -- C:\WINDOWS\1way.ini
[2008/04/02 10:04:01 | 000,008,759 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2008/03/29 21:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/03/29 21:33:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/29 21:21:57 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/29 21:15:03 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/03/29 21:12:29 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/03/29 21:12:29 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/03/29 21:06:31 | 000,131,062 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/03/29 20:40:34 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/29 20:40:34 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/29 20:40:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/03/29 20:40:33 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/03/29 20:40:17 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/03/29 20:38:39 | 000,001,205 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/09/02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
< End of report >


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:33 PM

Posted 06 May 2010 - 05:18 PM

We will leave the voip entries alone then since they are doing no harm, winnerip seems to be related to them aswell so that's fine.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 djprash

djprash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 07 May 2010 - 04:02 AM

Thanks, Please find the ComboFix log below.

ComboFix 10-05-06.04 - prashant.vara 07/05/2010 9:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3058 [GMT 1:00]
Running from: c:\documents and settings\prashant.vara\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\prashant.vara\Application Data\.#
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1048@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1048@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1048@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1134@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1134@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1134@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1140@B141E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1140@B14218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1140@B14248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1154@B141E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1154@B14218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1154@B14248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@11A8@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@11A8@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@11A8@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@12CC@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@12CC@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@12CC@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@12D0@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@12D0@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@12D0@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@12D8@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@12D8@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@12D8@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1424@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1424@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1424@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1430@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1430@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1430@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1464@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1464@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1464@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@15BC@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@15BC@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@15BC@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@163C@B141E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@163C@B14218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@163C@B14248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@164C@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@164C@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@164C@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1670@B141E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1670@B14218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1670@B14248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1694@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1694@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1694@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@16FC@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@16FC@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@16FC@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@17A0@B141E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@17A0@B14218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@17A0@B14248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1804@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1804@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1804@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1830@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1830@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1830@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1864@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1864@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1864@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@18B4@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@18B4@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@18B4@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@18D4@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@18D4@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@18D4@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1954@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1954@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1954@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@19E0@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@19E0@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@19E0@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1A24@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1A24@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1A24@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1A28@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1A28@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1A28@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1A48@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1A48@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1A48@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1B74@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1B74@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1B74@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1C64@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1C64@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1C64@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1C98@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1C98@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1C98@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1CAC@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1CAC@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1CAC@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1CE0@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1CE0@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1CE0@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1D40@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1D40@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1D40@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1D9C@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1D9C@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1D9C@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1DF0@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1DF0@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1DF0@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E10@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E10@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E10@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E1C@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E1C@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E1C@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E34@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E34@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E34@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E54@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E54@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1E54@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1EB8@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1EB8@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1EB8@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1ED4@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1ED4@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1ED4@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1F1C@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1F1C@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1F1C@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1F30@3A41E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1F30@3A4218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1F30@3A4248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1F68@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1F68@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@1F68@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@325C@B141E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@325C@B14218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@325C@B14248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@3760@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@3760@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@3760@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@508@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@508@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@508@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@858@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@858@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@858@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@A60@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@A60@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@A60@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@B60@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@B60@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@B60@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@CE4@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@CE4@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@CE4@374248.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@F84@3741E8.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@F84@374218.###
c:\documents and settings\prashant.vara\Application Data\.#\MBX@F84@374248.###
c:\documents and settings\prashant.vara\Application Data\Adobe Photoshop CS4 for Photographers.exe
c:\documents and settings\prashant.vara\Application Data\ezpinst.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
E:\autorun.inf

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-06 15:35 . 2010-05-06 15:35 -------- d-----w- C:\_OTL
2010-05-04 09:56 . 2010-05-04 09:57 -------- d-----w- c:\temp\FixEngine
2010-05-04 09:56 . 2010-05-04 09:56 -------- d-----w- C:\temp
2010-05-04 09:32 . 2010-05-04 09:32 -------- d-----w- c:\program files\Foxit Software
2010-04-30 11:11 . 2010-04-30 11:11 -------- d-----w- c:\documents and settings\install\Application Data\Malwarebytes
2010-04-30 07:53 . 2010-04-30 07:53 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Identities
2010-04-30 07:52 . 2010-04-30 07:52 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Ahead
2010-04-30 07:52 . 2010-04-30 07:52 -------- d-----w- c:\documents and settings\install\Application Data\Windows Desktop Search
2010-04-29 16:38 . 2010-05-05 18:22 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-29 16:38 . 2010-05-05 18:22 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-29 16:36 . 2010-04-29 16:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-29 16:27 . 2010-04-29 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-29 16:05 . 2010-04-29 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-29 16:04 . 2010-04-29 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-29 14:28 . 2010-04-29 14:28 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-29 14:27 . 2010-04-29 14:27 -------- d-sh--w- c:\documents and settings\install\IETldCache
2010-04-28 21:11 . 2010-04-28 21:11 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\Temp
2010-04-28 16:22 . 2010-04-28 16:22 -------- d-----w- C:\spoolerlogs
2010-04-27 11:31 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 11:31 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 11:31 . 2010-04-27 11:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:00 . 2010-04-26 12:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2010-04-26 11:07 . 2010-04-26 11:07 -------- d-----w- c:\program files\Western Digital
2010-04-26 11:01 . 2010-04-26 11:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-26 10:14 . 2010-04-26 10:14 -------- d-----w- c:\documents and settings\prashant.vara\WD Sync Data
2010-04-25 02:17 . 2010-04-25 02:17 128 ----a-w- c:\windows\system32\perf.dat
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 18:33 . 2010-04-26 18:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\avG
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-24 09:11 . 2010-04-24 09:11 -------- d-----w- c:\program files\PoivY.com
2010-04-23 12:16 . 2010-04-23 12:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Virgin Broadband
2010-04-23 11:57 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
2010-04-23 11:56 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-19 11:05 . 2010-04-29 16:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-19 10:39 . 2010-04-19 10:39 -------- d-----w- c:\program files\Perfect Uninstaller
2010-04-16 23:09 . 2010-04-16 23:09 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Uniblue
2010-04-16 23:09 . 2010-04-16 23:09 -------- d-----w- c:\program files\Uniblue
2010-04-13 10:25 . 1999-04-23 22:22 1312 ----a-w- c:\windows\system32\rsrc16.dll
2010-04-13 10:25 . 1996-08-24 11:11 4608 ----a-w- c:\windows\system32\Rsrc32.dll
2010-04-13 10:25 . 2008-07-24 10:46 2899968 ----a-w- c:\windows\system32\pdf2image.dll
2010-04-13 10:25 . 2007-11-19 20:10 1937408 ----a-w- c:\windows\system32\FreeImage.dll
2010-04-13 10:25 . 2000-03-07 00:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 08:35 . 2008-04-28 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-07 08:29 . 2009-08-01 19:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-07 08:28 . 2009-08-01 19:35 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-04 09:55 . 2010-05-04 09:55 10134 ----a-r- c:\documents and settings\prashant.vara\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-05-04 09:36 . 2009-11-04 12:59 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SystemsLink
2010-05-03 11:46 . 2008-08-12 12:01 87768 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-02 18:04 . 2008-03-29 20:19 87768 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 17:59 . 2008-03-29 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-02 17:52 . 2008-09-30 13:16 -------- d-----w- c:\program files\Zoom Player
2010-05-02 16:56 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-02 12:53 . 2009-11-12 15:56 -------- d-----w- c:\program files\F-Secure
2010-05-02 12:44 . 2008-04-08 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-04-30 11:57 . 2010-04-30 11:57 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-30 11:57 . 2010-04-30 11:57 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-30 11:57 . 2010-04-30 11:57 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-30 11:57 . 2010-04-30 11:57 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-30 11:57 . 2010-04-30 11:57 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-30 11:57 . 2010-04-30 11:57 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-30 11:20 . 2008-03-29 19:46 209539 ----a-w- c:\windows\system32\nvModes.dat
2010-04-30 10:35 . 2008-03-29 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-29 16:29 . 2008-04-08 11:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\program files\Lavasoft
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-29 16:16 . 2008-04-02 09:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-29 16:05 . 2010-04-29 16:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-29 14:28 . 2010-04-29 14:28 3584 ----a-r- c:\documents and settings\install\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-29 14:27 . 2008-04-02 09:23 -------- d-----w- c:\program files\MSECache
2010-04-29 13:35 . 2009-05-08 12:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-28 16:31 . 2008-04-08 17:19 -------- d-----w- c:\program files\uTorrent
2010-04-28 16:29 . 2008-04-08 17:19 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\uTorrent
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----r- c:\program files\Skype
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-25 21:45 . 2009-09-28 11:53 181096 ----a-w- c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\FlashGot.exe
2010-04-25 02:10 . 2009-11-17 12:30 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-04-25 02:10 . 2009-11-17 12:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-04-25 02:10 . 2009-02-26 16:39 -------- d-----w- c:\program files\Virgin Broadband Wireless
2010-04-25 02:10 . 2008-08-07 16:12 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-25 02:10 . 2008-04-08 12:01 -------- d-----w- c:\program files\VoipCheapCom
2010-04-24 18:34 . 2010-04-24 18:34 52224 ----a-w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-24 18:34 . 2010-04-24 18:34 117760 ----a-w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-24 08:59 . 2008-03-29 20:12 -------- d-----w- c:\program files\Wave Systems Corp
2010-04-24 08:58 . 2008-04-02 09:57 0 ----a-w- c:\documents and settings\prashant.vara\Local Settings\Application Data\WavXMapDrive.bat
2010-04-23 10:13 . 2009-08-17 13:15 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\HpUpdate
2010-04-19 12:49 . 2008-07-30 13:42 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\U3
2010-04-19 11:29 . 2009-06-20 18:23 256 ----a-w- c:\windows\system32\pool.bin
2010-04-16 15:29 . 2009-07-28 20:07 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\vlc
2010-04-13 10:25 . 2008-04-08 09:18 -------- d-----w- c:\program files\DesignBuilder
2010-04-07 08:25 . 2009-10-16 09:20 -------- d-----w- c:\program files\QuickTime
2010-04-06 15:22 . 2008-06-08 18:26 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Vso
2010-04-02 13:30 . 2010-03-27 11:38 0 ----a-w- c:\windows\Bfikutilesolas.bin
2010-04-02 13:30 . 2010-03-27 11:38 120 ----a-w- c:\windows\Rhigofiwup.dat
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\program files\iTunes
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 08:57 . 2010-04-01 08:57 -------- d-----w- c:\program files\iPod
2010-04-01 08:56 . 2008-04-08 15:05 -------- d-----w- c:\program files\Common Files\Apple
2010-04-01 08:30 . 2010-04-01 08:30 -------- d-----w- c:\program files\Bonjour
2010-04-01 08:26 . 2010-04-01 08:26 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-31 16:04 . 2008-04-10 13:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-31 14:54 . 2010-03-31 14:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-31 14:53 . 2008-04-08 14:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-31 14:50 . 2010-03-31 14:50 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-03-30 10:33 . 2010-03-30 10:33 -------- d-----w- c:\program files\Any DWG DXF Converter
2010-03-30 10:19 . 2010-02-01 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-30 09:20 . 2010-03-30 09:19 -------- d-----w- c:\program files\Vitamin D Video
2010-03-30 08:37 . 2008-04-08 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DesignBuilder
2010-03-29 14:57 . 2010-03-29 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\sky
2010-03-25 15:24 . 2008-10-07 12:42 68156 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 10:00 . 2008-07-23 19:09 -------- d-----w- c:\program files\Safari
2010-03-16 09:56 . 2010-03-16 09:56 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-13 00:28 . 2010-03-13 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-13 00:28 . 2009-07-21 20:35 -------- d-----w- c:\program files\IObit
2010-03-10 13:45 . 2010-03-10 13:45 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\webex
2010-03-01 14:36 . 2010-03-01 14:36 14846 ----a-r- c:\documents and settings\prashant.vara\Application Data\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-07 14:26 . 2010-02-07 14:26 50354 ----a-w- c:\documents and settings\prashant.vara\Application Data\Facebook\uninstall.exe
2008-09-04 14:27 . 2008-09-04 14:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-08 09:19 . 2009-04-08 09:19 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-08 09:19 . 2009-04-08 09:19 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-04-08 09:19 . 2009-04-08 09:19 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
CODE
<pre>
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM          .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\F-Secure\Common\FSM32 .exe
c:\program files\F-Secure\FSGUI\TNBUtil .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\IObit\Advanced SystemCare 3\AWC .exe
c:\program files\IObit\IObit Security 360\IS360tray .exe
c:\program files\Logitech\QuickCam\Quickcam .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft IntelliPoint\ipoint .exe
c:\program files\Microsoft IntelliType Pro\itype .exe
c:\program files\Microsoft Office\Office14\BCSSync .exe
c:\program files\Nokia\Nokia PC Suite 7\PCSuite .exe
c:\program files\PoivY.com\PoivY\PoivY  .exe
c:\program files\Sigmatel\C-Major Audio\WDM\stsystra .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\TomTom HOME 2\TomTomHOMERunner .exe
c:\program files\Virgin Broadband\advisor\Broadbandadvisor .exe
c:\program files\Virgin Broadband Wireless\Wireless Manager .exe
c:\program files\VoipCheapCom\voipcheapcom  .exe
c:\program files\Wave Systems Corp\SecureUpgrade .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr .exe
c:\program files\Windows Live\Messenger\msnmsgr   .exe
c:\windows\system32\ICO .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe -scheduler" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-26 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-04-14 46376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset .exe c:\program files\Dell\QuickSet\quickset.exe" [N/A]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-04-26 126976]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
BounceBack Launcher.lnk - c:\program files\CMS Products\BounceBack Express\BBLauncher.exe [2008-4-10 90112]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-29 50688]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-4-17 106496]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-4-8 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\prashant.vara\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [12/9/2009 5:35 PM 902432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/9/2009 5:35 PM 2326920]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/13/2010 1:28 AM 311568]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [4/10/2008 4:15 PM 7424]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 1:52 PM 14336]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/9/2009 5:35 PM 159168]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1ca50974ef9adb0;Google Update Service (gupdate1ca50974ef9adb0);c:\program files\Google\Update\GoogleUpdate.exe [10/19/2009 9:36 AM 133104]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2/13/2009 1:51 PM 58880]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2/13/2009 1:51 PM 106112]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2/13/2009 1:52 PM 18816]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2/13/2009 1:51 PM 8064]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [4/1/2009 12:08 PM 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [4/1/2009 12:09 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 TTDVBSTB;TTDVBSTB driver;c:\windows\system32\drivers\TTDVBSTB.sys [4/17/2008 8:39 PM 57328]
S3 TTNDISTB;Virtual STB-S/-C/-T Network Adapter Driver;c:\windows\system32\drivers\ttndistb.sys [4/17/2008 8:39 PM 39124]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\WinSysClean 2008 Trial\UDManager\UDManager.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\prashant.vara\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: XULRunner: {97B41313-261A-46CE-BC29-C022974F7767} - c:\documents and settings\prashant.vara\Local Settings\Application Data\{97B41313-261A-46CE-BC29-C022974F7767}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 09:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\Not Active]
@DACL=(02 0000)
"Registry - All Users"="\"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"SunJavaUpdateSched"="\"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"IntelWireless"="\"c:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"IntelZeroConfig"="\"c:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1896)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1952)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(8492)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\program files\Uniblue\SpeedUpMyPC\sump.exe
.
**************************************************************************
.
Completion time: 2010-05-07 09:46:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-07 08:45

Pre-Run: 9,827,287,040 bytes free
Post-Run: 9,573,912,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 57CC3A450A4158A5CCDBD3332A11E4FF


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:33 PM

Posted 07 May 2010 - 09:10 AM

Looks like we got the rootkit but their is still quite a bit of malware left.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/314374/help-rootkitwin32tsssd/

Collect::
c:\windows\Bfikutilesolas.bin
c:\windows\Rhigofiwup.dat
RenV::
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM          .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\F-Secure\Common\FSM32 .exe
c:\program files\F-Secure\FSGUI\TNBUtil .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\IObit\Advanced SystemCare 3\AWC .exe
c:\program files\IObit\IObit Security 360\IS360tray .exe
c:\program files\Logitech\QuickCam\Quickcam .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft IntelliPoint\ipoint .exe
c:\program files\Microsoft IntelliType Pro\itype .exe
c:\program files\Microsoft Office\Office14\BCSSync .exe
c:\program files\Nokia\Nokia PC Suite 7\PCSuite .exe
c:\program files\PoivY.com\PoivY\PoivY  .exe
c:\program files\Sigmatel\C-Major Audio\WDM\stsystra .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\TomTom HOME 2\TomTomHOMERunner .exe
c:\program files\Virgin Broadband\advisor\Broadbandadvisor .exe
c:\program files\Virgin Broadband Wireless\Wireless Manager .exe
c:\program files\VoipCheapCom\voipcheapcom  .exe
c:\program files\Wave Systems Corp\SecureUpgrade .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr .exe
c:\program files\Windows Live\Messenger\msnmsgr   .exe
c:\windows\system32\ICO .exe
RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\Not Active]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • GooredFix.txt
  • Combofix.txt
  • MBAM log

Thanks

unite.jpg


#9 djprash

djprash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 07 May 2010 - 11:34 AM

Hi again

As instructed I have carried out all the above and the logs are pasted below.

GooredFix by jpshortstuff (08.01.10.1)
Log created at 16:21 on 07/05/2010 (prashant.vara)
Firefox version 3.5.9 (en-GB)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{97B41313-261A-46CE-BC29-C022974F7767} -> Success!
Deleting C:\Documents and Settings\prashant.vara\Local Settings\Application Data\{97B41313-261A-46CE-BC29-C022974F7767} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky.ru [16:39 29/04/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:11 12/11/2009]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [21:18 28/08/2008]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [09:48 04/12/2008]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [08:50 18/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [08:28 15/07/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [14:04 03/09/2009]

C:\Documents and Settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\
piclens@cooliris.com [10:07 27/01/2010]
piclens@cooliris.com-trash [10:07 27/01/2010]
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [21:44 25/04/2010]
{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [09:55 11/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"bkmrksync@nokia.com"="C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [20:39 26/06/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [08:50 18/03/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:48 18/09/2009]

-=E.O.F=-


ComboFix 10-05-06.05 - prashant.vara 07/05/2010 16:26:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2749 [GMT 1:00]
Running from: c:\documents and settings\prashant.vara\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\prashant.vara\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

file zipped: c:\windows\Bfikutilesolas.bin
file zipped: c:\windows\Rhigofiwup.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Bfikutilesolas.bin
c:\windows\Rhigofiwup.dat

.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 13:29 . 2010-05-07 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-07 11:10 . 2010-05-07 12:45 134189 ----a-w- c:\windows\hpwins10.dat
2010-05-07 11:10 . 2007-09-17 08:45 1042 ----a-w- c:\windows\hpwmdl10.dat
2010-05-07 10:40 . 2007-08-17 20:29 118272 ----a-w- c:\windows\system32\hpz3l4x6.dll
2010-05-07 10:40 . 2007-08-17 20:27 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4x6.dll
2010-05-07 10:36 . 2007-09-17 08:48 10385 ----a-w- c:\windows\hpwscr10.dat
2010-05-06 15:35 . 2010-05-06 15:35 -------- d-----w- C:\_OTL
2010-05-04 09:56 . 2010-05-04 09:57 -------- d-----w- c:\temp\FixEngine
2010-05-04 09:56 . 2010-05-04 09:56 -------- d-----w- C:\temp
2010-05-04 09:32 . 2010-05-04 09:32 -------- d-----w- c:\program files\Foxit Software
2010-04-30 11:11 . 2010-04-30 11:11 -------- d-----w- c:\documents and settings\install\Application Data\Malwarebytes
2010-04-30 07:53 . 2010-04-30 07:53 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Identities
2010-04-30 07:52 . 2010-04-30 07:52 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Ahead
2010-04-30 07:52 . 2010-04-30 07:52 -------- d-----w- c:\documents and settings\install\Application Data\Windows Desktop Search
2010-04-29 16:38 . 2010-05-05 18:22 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-29 16:38 . 2010-05-05 18:22 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-29 16:36 . 2010-04-29 16:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-29 16:27 . 2010-04-29 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-29 16:05 . 2010-04-29 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-29 16:04 . 2010-04-29 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-29 14:28 . 2010-04-29 14:28 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-29 14:27 . 2010-04-29 14:27 -------- d-sh--w- c:\documents and settings\install\IETldCache
2010-04-28 21:11 . 2010-04-28 21:11 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\Temp
2010-04-28 16:22 . 2010-04-28 16:22 -------- d-----w- C:\spoolerlogs
2010-04-27 11:31 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 11:31 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 11:31 . 2010-04-27 11:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:00 . 2010-04-26 12:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2010-04-26 11:07 . 2010-04-26 11:07 -------- d-----w- c:\program files\Western Digital
2010-04-26 11:01 . 2010-04-26 11:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-26 10:14 . 2010-04-26 10:14 -------- d-----w- c:\documents and settings\prashant.vara\WD Sync Data
2010-04-25 02:17 . 2010-04-25 02:17 128 ----a-w- c:\windows\system32\perf.dat
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 18:33 . 2010-05-07 15:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\avG
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-24 09:11 . 2010-04-24 09:11 -------- d-----w- c:\program files\PoivY.com
2010-04-23 12:16 . 2010-04-23 12:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Virgin Broadband
2010-04-23 11:57 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
2010-04-23 11:56 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-19 11:05 . 2010-04-29 16:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-19 10:39 . 2010-04-19 10:39 -------- d-----w- c:\program files\Perfect Uninstaller
2010-04-16 23:09 . 2010-04-16 23:09 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Uniblue
2010-04-16 23:09 . 2010-04-16 23:09 -------- d-----w- c:\program files\Uniblue
2010-04-13 10:25 . 1999-04-23 22:22 1312 ----a-w- c:\windows\system32\rsrc16.dll
2010-04-13 10:25 . 1996-08-24 11:11 4608 ----a-w- c:\windows\system32\Rsrc32.dll
2010-04-13 10:25 . 2008-07-24 10:46 2899968 ----a-w- c:\windows\system32\pdf2image.dll
2010-04-13 10:25 . 2007-11-19 20:10 1937408 ----a-w- c:\windows\system32\FreeImage.dll
2010-04-13 10:25 . 2000-03-07 00:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 15:42 . 2008-04-28 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-07 15:37 . 2009-08-01 19:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-07 15:37 . 2009-08-01 19:35 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-07 15:26 . 2008-03-29 20:12 -------- d-----w- c:\program files\Wave Systems Corp
2010-05-07 15:26 . 2009-02-26 16:39 -------- d-----w- c:\program files\Virgin Broadband Wireless
2010-05-07 15:26 . 2008-08-07 16:12 -------- d-----w- c:\program files\TomTom HOME 2
2010-05-07 15:26 . 2008-04-08 12:01 -------- d-----w- c:\program files\VoipCheapCom
2010-05-07 15:26 . 2009-11-17 12:30 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-05-07 15:26 . 2009-11-17 12:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-05-07 15:14 . 2009-11-04 12:59 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SystemsLink
2010-05-07 14:11 . 2009-07-28 20:07 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\vlc
2010-05-07 14:04 . 2008-04-08 20:44 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\DivX
2010-05-07 13:33 . 2008-04-08 13:06 -------- d-----w- c:\program files\DivX
2010-05-07 13:31 . 2009-04-01 20:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-03 11:46 . 2008-08-12 12:01 87768 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-02 18:04 . 2008-03-29 20:19 87768 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 17:59 . 2008-03-29 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-02 17:52 . 2008-09-30 13:16 -------- d-----w- c:\program files\Zoom Player
2010-05-02 16:56 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-02 12:53 . 2009-11-12 15:56 -------- d-----w- c:\program files\F-Secure
2010-05-02 12:44 . 2008-04-08 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-04-30 11:20 . 2008-03-29 19:46 209539 ----a-w- c:\windows\system32\nvModes.dat
2010-04-30 10:35 . 2008-03-29 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-29 16:29 . 2008-04-08 11:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\program files\Lavasoft
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-29 16:16 . 2008-04-02 09:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-29 14:27 . 2008-04-02 09:23 -------- d-----w- c:\program files\MSECache
2010-04-29 13:35 . 2009-05-08 12:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-28 16:31 . 2008-04-08 17:19 -------- d-----w- c:\program files\uTorrent
2010-04-28 16:29 . 2008-04-08 17:19 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\uTorrent
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----r- c:\program files\Skype
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-24 08:58 . 2008-04-02 09:57 0 ----a-w- c:\documents and settings\prashant.vara\Local Settings\Application Data\WavXMapDrive.bat
2010-04-23 10:13 . 2009-08-17 13:15 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\HpUpdate
2010-04-19 12:49 . 2008-07-30 13:42 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\U3
2010-04-19 11:29 . 2009-06-20 18:23 256 ----a-w- c:\windows\system32\pool.bin
2010-04-13 10:25 . 2008-04-08 09:18 -------- d-----w- c:\program files\DesignBuilder
2010-04-07 08:25 . 2009-10-16 09:20 -------- d-----w- c:\program files\QuickTime
2010-04-06 15:22 . 2008-06-08 18:26 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Vso
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\program files\iTunes
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 08:57 . 2010-04-01 08:57 -------- d-----w- c:\program files\iPod
2010-04-01 08:56 . 2008-04-08 15:05 -------- d-----w- c:\program files\Common Files\Apple
2010-04-01 08:30 . 2010-04-01 08:30 -------- d-----w- c:\program files\Bonjour
2010-03-31 16:04 . 2008-04-10 13:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-31 14:54 . 2010-03-31 14:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-31 14:53 . 2008-04-08 14:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-31 14:50 . 2010-03-31 14:50 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-03-31 01:58 . 2008-11-20 19:19 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-31 01:58 . 2007-05-01 16:48 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2006-09-14 16:13 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-03-30 10:33 . 2010-03-30 10:33 -------- d-----w- c:\program files\Any DWG DXF Converter
2010-03-30 10:19 . 2010-02-01 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-30 09:20 . 2010-03-30 09:19 -------- d-----w- c:\program files\Vitamin D Video
2010-03-30 08:37 . 2008-04-08 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DesignBuilder
2010-03-29 14:57 . 2010-03-29 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\sky
2010-03-25 15:24 . 2008-10-07 12:42 68156 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 10:00 . 2008-07-23 19:09 -------- d-----w- c:\program files\Safari
2010-03-13 00:28 . 2010-03-13 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-13 00:28 . 2009-07-21 20:35 -------- d-----w- c:\program files\IObit
2010-03-10 13:45 . 2010-03-10 13:45 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\webex
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-09-04 14:27 . 2008-09-04 14:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-08 09:19 . 2009-04-08 09:19 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-08 09:19 . 2009-04-08 09:19 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-04-08 09:19 . 2009-04-08 09:19 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
CODE
<pre>
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe -scheduler" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-04-26 126976]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
BounceBack Launcher.lnk - c:\program files\CMS Products\BounceBack Express\BBLauncher.exe [2008-4-10 90112]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-29 50688]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-4-17 106496]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-4-8 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\prashant.vara\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [12/9/2009 5:35 PM 902432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/9/2009 5:35 PM 2326920]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/13/2010 1:28 AM 311568]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [4/10/2008 4:15 PM 7424]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 1:52 PM 14336]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/9/2009 5:35 PM 159168]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1ca50974ef9adb0;Google Update Service (gupdate1ca50974ef9adb0);c:\program files\Google\Update\GoogleUpdate.exe [10/19/2009 9:36 AM 133104]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2/13/2009 1:51 PM 58880]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2/13/2009 1:51 PM 106112]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2/13/2009 1:52 PM 18816]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2/13/2009 1:51 PM 8064]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [4/1/2009 12:08 PM 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [4/1/2009 12:09 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 TTDVBSTB;TTDVBSTB driver;c:\windows\system32\drivers\TTDVBSTB.sys [4/17/2008 8:39 PM 57328]
S3 TTNDISTB;Virtual STB-S/-C/-T Network Adapter Driver;c:\windows\system32\drivers\ttndistb.sys [4/17/2008 8:39 PM 39124]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\WinSysClean 2008 Trial\UDManager\UDManager.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\prashant.vara\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 16:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1916)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1972)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(9088)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\CMS Products\BounceBack Express\BBReminder.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Completion time: 2010-05-07 16:52:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-07 15:52
ComboFix2.txt 2010-05-07 08:46

Pre-Run: 6,228,942,848 bytes free
Post-Run: 8,641,998,848 bytes free

- - End Of File - - C9CE11B1CCE84B1C54F01EADF947FC8F

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4075

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/05/2010 17:18:44
mbam-log-2010-05-07 (17-18-44).txt

Scan type: Quick scan
Objects scanned: 156810
Time elapsed: 13 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:33 PM

Posted 07 May 2010 - 06:42 PM

Hi djprash,

Please let me know how the computer is running and if you are having any more problems, in your next reply, thanks.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
RenV::
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=dword:00000000


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Combofix.txt
  • ESET report

Thanks

unite.jpg


#11 djprash

djprash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 08 May 2010 - 06:31 PM

Hi Thanks,

I believe the rootkot is now gone as when I did a quick virus scan using Kaspersky yesterday it didnt stop the scan and detect the rootkit as it did initially. However I was surprised why Kaspersky didnt pick of the viruses as ESET picked up 38 odd...hmmm! I have pasted the logs below as requested.


ComboFix 10-05-07.05 - prashant.vara 08/05/2010 2:55.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2738 [GMT 1:00]
Running from: c:\documents and settings\prashant.vara\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\prashant.vara\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-07 13:29 . 2010-05-07 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-07 11:10 . 2010-05-07 12:45 134189 ----a-w- c:\windows\hpwins10.dat
2010-05-07 11:10 . 2007-09-17 08:45 1042 ----a-w- c:\windows\hpwmdl10.dat
2010-05-07 10:40 . 2007-08-17 20:29 118272 ----a-w- c:\windows\system32\hpz3l4x6.dll
2010-05-07 10:40 . 2007-08-17 20:27 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4x6.dll
2010-05-07 10:36 . 2007-09-17 08:48 10385 ----a-w- c:\windows\hpwscr10.dat
2010-05-06 15:35 . 2010-05-06 15:35 -------- d-----w- C:\_OTL
2010-05-04 09:56 . 2010-05-04 09:57 -------- d-----w- c:\temp\FixEngine
2010-05-04 09:56 . 2010-05-04 09:56 -------- d-----w- C:\temp
2010-05-04 09:32 . 2010-05-04 09:32 -------- d-----w- c:\program files\Foxit Software
2010-04-30 11:11 . 2010-04-30 11:11 -------- d-----w- c:\documents and settings\install\Application Data\Malwarebytes
2010-04-30 07:53 . 2010-04-30 07:53 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Identities
2010-04-30 07:52 . 2010-04-30 07:52 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Ahead
2010-04-30 07:52 . 2010-04-30 07:52 -------- d-----w- c:\documents and settings\install\Application Data\Windows Desktop Search
2010-04-29 16:38 . 2010-05-05 18:22 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-29 16:38 . 2010-05-05 18:22 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-29 16:36 . 2010-04-29 16:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-29 16:27 . 2010-04-29 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-29 16:05 . 2010-04-29 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-29 16:04 . 2010-04-29 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-29 14:28 . 2010-04-29 14:28 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-29 14:27 . 2010-04-29 14:27 -------- d-sh--w- c:\documents and settings\install\IETldCache
2010-04-28 21:11 . 2010-04-28 21:11 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\Temp
2010-04-28 16:22 . 2010-04-28 16:22 -------- d-----w- C:\spoolerlogs
2010-04-27 11:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 11:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 11:31 . 2010-05-07 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:00 . 2010-04-26 12:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2010-04-26 11:07 . 2010-04-26 11:07 -------- d-----w- c:\program files\Western Digital
2010-04-26 11:01 . 2010-04-26 11:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-26 10:14 . 2010-04-26 10:14 -------- d-----w- c:\documents and settings\prashant.vara\WD Sync Data
2010-04-25 02:17 . 2010-04-25 02:17 128 ----a-w- c:\windows\system32\perf.dat
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 18:33 . 2010-05-07 15:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\avG
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-24 09:11 . 2010-04-24 09:11 -------- d-----w- c:\program files\PoivY.com
2010-04-23 12:16 . 2010-04-23 12:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Virgin Broadband
2010-04-23 11:57 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
2010-04-23 11:56 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-19 11:05 . 2010-04-29 16:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-19 10:39 . 2010-04-19 10:39 -------- d-----w- c:\program files\Perfect Uninstaller
2010-04-16 23:09 . 2010-04-16 23:09 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Uniblue
2010-04-16 23:09 . 2010-04-16 23:09 -------- d-----w- c:\program files\Uniblue
2010-04-13 10:25 . 1999-04-23 22:22 1312 ----a-w- c:\windows\system32\rsrc16.dll
2010-04-13 10:25 . 1996-08-24 11:11 4608 ----a-w- c:\windows\system32\Rsrc32.dll
2010-04-13 10:25 . 2008-07-24 10:46 2899968 ----a-w- c:\windows\system32\pdf2image.dll
2010-04-13 10:25 . 2007-11-19 20:10 1937408 ----a-w- c:\windows\system32\FreeImage.dll
2010-04-13 10:25 . 2000-03-07 00:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 02:12 . 2008-04-28 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-08 02:06 . 2009-08-01 19:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-08 02:06 . 2009-08-01 19:35 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-07 15:57 . 2010-05-07 15:57 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-07 15:26 . 2008-03-29 20:12 -------- d-----w- c:\program files\Wave Systems Corp
2010-05-07 15:26 . 2009-02-26 16:39 -------- d-----w- c:\program files\Virgin Broadband Wireless
2010-05-07 15:26 . 2008-08-07 16:12 -------- d-----w- c:\program files\TomTom HOME 2
2010-05-07 15:26 . 2008-04-08 12:01 -------- d-----w- c:\program files\VoipCheapCom
2010-05-07 15:26 . 2009-11-17 12:30 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-05-07 15:26 . 2009-11-17 12:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-05-07 15:14 . 2009-11-04 12:59 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SystemsLink
2010-05-07 14:11 . 2009-07-28 20:07 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\vlc
2010-05-07 14:04 . 2008-04-08 20:44 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\DivX
2010-05-07 13:34 . 2010-05-07 13:34 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-07 13:33 . 2008-04-08 13:06 -------- d-----w- c:\program files\DivX
2010-05-07 13:33 . 2010-05-07 13:33 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-07 13:33 . 2010-05-07 13:33 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-07 13:33 . 2010-05-07 13:33 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-07 13:33 . 2010-05-07 13:33 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-07 13:31 . 2010-05-07 13:31 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-07 13:31 . 2009-04-01 20:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-07 13:31 . 2010-05-07 13:31 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-07 13:29 . 2010-05-07 13:33 783656 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-07 13:29 . 2010-05-07 13:33 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-04 09:55 . 2010-05-04 09:55 10134 ----a-r- c:\documents and settings\prashant.vara\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-05-03 11:46 . 2008-08-12 12:01 87768 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-02 18:04 . 2008-03-29 20:19 87768 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 17:59 . 2008-03-29 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-02 17:52 . 2008-09-30 13:16 -------- d-----w- c:\program files\Zoom Player
2010-05-02 16:56 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-02 12:53 . 2009-11-12 15:56 -------- d-----w- c:\program files\F-Secure
2010-05-02 12:44 . 2008-04-08 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-04-30 11:57 . 2010-04-30 11:57 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-30 11:57 . 2010-04-30 11:57 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-30 11:57 . 2010-04-30 11:57 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-30 11:57 . 2010-04-30 11:57 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-30 11:57 . 2010-04-30 11:57 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-30 11:57 . 2010-04-30 11:57 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-30 11:20 . 2008-03-29 19:46 209539 ----a-w- c:\windows\system32\nvModes.dat
2010-04-30 10:35 . 2008-03-29 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-29 16:29 . 2008-04-08 11:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\program files\Lavasoft
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-29 16:16 . 2008-04-02 09:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-29 16:05 . 2010-04-29 16:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-29 14:28 . 2010-04-29 14:28 3584 ----a-r- c:\documents and settings\install\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-29 14:27 . 2008-04-02 09:23 -------- d-----w- c:\program files\MSECache
2010-04-29 13:35 . 2009-05-08 12:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-28 16:31 . 2008-04-08 17:19 -------- d-----w- c:\program files\uTorrent
2010-04-28 16:29 . 2008-04-08 17:19 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\uTorrent
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----r- c:\program files\Skype
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-25 21:45 . 2009-09-28 11:53 181096 ----a-w- c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\FlashGot.exe
2010-04-24 18:34 . 2010-04-24 18:34 52224 ----a-w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-24 18:34 . 2010-04-24 18:34 117760 ----a-w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-24 08:58 . 2008-04-02 09:57 0 ----a-w- c:\documents and settings\prashant.vara\Local Settings\Application Data\WavXMapDrive.bat
2010-04-23 10:13 . 2009-08-17 13:15 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\HpUpdate
2010-04-19 12:49 . 2008-07-30 13:42 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\U3
2010-04-19 11:29 . 2009-06-20 18:23 256 ----a-w- c:\windows\system32\pool.bin
2010-04-13 10:25 . 2008-04-08 09:18 -------- d-----w- c:\program files\DesignBuilder
2010-04-07 08:25 . 2009-10-16 09:20 -------- d-----w- c:\program files\QuickTime
2010-04-06 15:22 . 2008-06-08 18:26 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Vso
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\program files\iTunes
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 08:57 . 2010-04-01 08:57 -------- d-----w- c:\program files\iPod
2010-04-01 08:56 . 2008-04-08 15:05 -------- d-----w- c:\program files\Common Files\Apple
2010-04-01 08:30 . 2010-04-01 08:30 -------- d-----w- c:\program files\Bonjour
2010-04-01 08:26 . 2010-04-01 08:26 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-31 16:04 . 2008-04-10 13:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-31 14:54 . 2010-03-31 14:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-31 14:53 . 2008-04-08 14:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-31 14:50 . 2010-03-31 14:50 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-03-31 01:58 . 2008-11-20 19:19 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-31 01:58 . 2007-05-01 16:48 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2006-09-14 16:13 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-03-30 10:33 . 2010-03-30 10:33 -------- d-----w- c:\program files\Any DWG DXF Converter
2010-03-30 10:19 . 2010-02-01 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-30 09:20 . 2010-03-30 09:19 -------- d-----w- c:\program files\Vitamin D Video
2010-03-30 08:37 . 2008-04-08 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DesignBuilder
2010-03-29 14:57 . 2010-03-29 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\sky
2010-03-25 15:24 . 2008-10-07 12:42 68156 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 10:00 . 2008-07-23 19:09 -------- d-----w- c:\program files\Safari
2010-03-16 09:56 . 2010-03-16 09:56 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-13 00:28 . 2010-03-13 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-13 00:28 . 2009-07-21 20:35 -------- d-----w- c:\program files\IObit
2010-03-10 13:45 . 2010-03-10 13:45 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\webex
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-01 14:36 . 2010-03-01 14:36 14846 ----a-r- c:\documents and settings\prashant.vara\Application Data\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
2008-09-04 14:27 . 2008-09-04 14:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-08 09:19 . 2009-04-08 09:19 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-08 09:19 . 2009-04-08 09:19 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-04-08 09:19 . 2009-04-08 09:19 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
CODE
<pre>
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe -scheduler" [X]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-04-26 126976]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
BounceBack Launcher.lnk - c:\program files\CMS Products\BounceBack Express\BBLauncher.exe [2008-4-10 90112]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-29 50688]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-4-17 106496]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-4-8 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\prashant.vara\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [12/9/2009 5:35 PM 902432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/9/2009 5:35 PM 2326920]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/13/2010 1:28 AM 311568]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [4/10/2008 4:15 PM 7424]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 1:52 PM 14336]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/9/2009 5:35 PM 159168]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1ca50974ef9adb0;Google Update Service (gupdate1ca50974ef9adb0);c:\program files\Google\Update\GoogleUpdate.exe [10/19/2009 9:36 AM 133104]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2/13/2009 1:51 PM 58880]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2/13/2009 1:51 PM 106112]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2/13/2009 1:52 PM 18816]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2/13/2009 1:51 PM 8064]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [4/1/2009 12:08 PM 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [4/1/2009 12:09 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 TTDVBSTB;TTDVBSTB driver;c:\windows\system32\drivers\TTDVBSTB.sys [4/17/2008 8:39 PM 57328]
S3 TTNDISTB;Virtual STB-S/-C/-T Network Adapter Driver;c:\windows\system32\drivers\ttndistb.sys [4/17/2008 8:39 PM 39124]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\WinSysClean 2008 Trial\UDManager\UDManager.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 03:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1852)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1908)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(9292)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Completion time: 2010-05-08 03:22:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-08 02:22
ComboFix2.txt 2010-05-07 15:52
ComboFix3.txt 2010-05-07 08:46

Pre-Run: 8,599,769,088 bytes free
Post-Run: 8,595,750,912 bytes free

- - End Of File - - C76AC22B1980AB0239A80B85A3362B75

C:\Documents and Settings\prashant.vara\My Documents\Downloads\Completed\SpeedUpMyPC 2010 4.2.2.0 Automatically Optimize PC Software\SpeedUpMyPC_2010_.zip a variant of Win32/Olmarik.XB trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ftdisk.sys.vir Win32/Patched.EQ trojan deleted - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136655.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136656.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136657.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136658.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136659.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136660.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136661.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136662.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136663.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136664.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136665.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136666.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136668.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136672.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136674.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136676.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136681.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136687.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136688.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136689.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136690.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136691.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136692.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136693.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136694.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136695.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136696.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136697.EXE Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136698.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136699.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136700.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136701.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136702.exe Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP390\A0136704.com Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:33 PM

Posted 10 May 2010 - 08:24 AM

Hi,

The rootkit is gone but you still have one more thing hanging on in there, you don't need to worry about the
ESET results as most of what was found is in you restore point, which is usual, we will clean them out with
the last steps.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
RenV::
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=-
"msnmsgr"=-


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#13 djprash

djprash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 10 May 2010 - 01:35 PM

Hi

I have done as instructed. I have to say my laptop is running very fast since the scan over the weekend. Many Thanks. ComboFix log below:

ComboFix 10-05-09.08 - prashant.vara 10/05/2010 17:21:37.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2665 [GMT 1:00]
Running from: c:\documents and settings\prashant.vara\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\prashant.vara\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\st325602.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 08:30 . 2010-05-10 08:30 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-10 08:16 . 2010-05-10 08:34 136324 ----a-w- c:\windows\hpwins10.dat
2010-05-10 08:15 . 2007-09-17 08:45 1042 ----a-w- c:\windows\hpwmdl10.dat
2010-05-08 11:25 . 2010-05-08 11:25 -------- d-----w- c:\program files\ESET
2010-05-07 13:29 . 2010-05-07 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-07 10:40 . 2007-08-17 20:29 118272 ----a-w- c:\windows\system32\hpz3l4x6.dll
2010-05-07 10:40 . 2007-08-17 20:27 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4x6.dll
2010-05-07 10:36 . 2007-09-17 08:48 10385 ----a-w- c:\windows\hpwscr10.dat
2010-05-06 15:35 . 2010-05-06 15:35 -------- d-----w- C:\_OTL
2010-05-04 09:56 . 2010-05-04 09:57 -------- d-----w- c:\temp\FixEngine
2010-05-04 09:56 . 2010-05-04 09:56 -------- d-----w- C:\temp
2010-05-04 09:32 . 2010-05-04 09:32 -------- d-----w- c:\program files\Foxit Software
2010-04-30 11:11 . 2010-04-30 11:11 -------- d-----w- c:\documents and settings\install\Application Data\Malwarebytes
2010-04-30 07:53 . 2010-04-30 07:53 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Identities
2010-04-30 07:52 . 2010-04-30 07:52 -------- d-----w- c:\documents and settings\install\Local Settings\Application Data\Ahead
2010-04-30 07:52 . 2010-04-30 07:52 -------- d-----w- c:\documents and settings\install\Application Data\Windows Desktop Search
2010-04-29 16:38 . 2010-05-05 18:22 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-29 16:38 . 2010-05-05 18:22 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-29 16:36 . 2010-04-29 16:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-29 16:27 . 2010-04-29 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-29 16:05 . 2010-04-29 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-29 16:04 . 2010-04-29 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-29 14:28 . 2010-04-29 14:28 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-29 14:27 . 2010-04-29 14:27 -------- d-sh--w- c:\documents and settings\install\IETldCache
2010-04-28 21:11 . 2010-04-28 21:11 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\Temp
2010-04-28 16:22 . 2010-04-28 16:22 -------- d-----w- C:\spoolerlogs
2010-04-27 11:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 11:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 11:31 . 2010-05-07 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:00 . 2010-04-26 12:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2010-04-26 11:07 . 2010-04-26 11:07 -------- d-----w- c:\program files\Western Digital
2010-04-26 11:01 . 2010-04-26 11:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-26 10:14 . 2010-04-26 10:14 -------- d-----w- c:\documents and settings\prashant.vara\WD Sync Data
2010-04-25 02:17 . 2010-04-25 02:17 128 ----a-w- c:\windows\system32\perf.dat
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 18:33 . 2010-05-07 15:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\avG
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-24 09:11 . 2010-04-24 09:11 -------- d-----w- c:\program files\PoivY.com
2010-04-23 12:16 . 2010-04-23 12:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Virgin Broadband
2010-04-23 11:57 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
2010-04-23 11:56 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-19 11:05 . 2010-04-29 16:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-19 10:39 . 2010-04-19 10:39 -------- d-----w- c:\program files\Perfect Uninstaller
2010-04-16 23:09 . 2010-04-16 23:09 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Uniblue
2010-04-13 10:25 . 1999-04-23 22:22 1312 ----a-w- c:\windows\system32\rsrc16.dll
2010-04-13 10:25 . 1996-08-24 11:11 4608 ----a-w- c:\windows\system32\Rsrc32.dll
2010-04-13 10:25 . 2008-07-24 10:46 2899968 ----a-w- c:\windows\system32\pdf2image.dll
2010-04-13 10:25 . 2007-11-19 20:10 1937408 ----a-w- c:\windows\system32\FreeImage.dll
2010-04-13 10:25 . 2000-03-07 00:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 17:34 . 2008-04-28 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-10 16:31 . 2009-08-01 19:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-10 16:31 . 2009-08-01 19:35 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-10 15:28 . 2009-11-04 12:59 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SystemsLink
2010-05-07 15:26 . 2008-03-29 20:12 -------- d-----w- c:\program files\Wave Systems Corp
2010-05-07 15:26 . 2009-02-26 16:39 -------- d-----w- c:\program files\Virgin Broadband Wireless
2010-05-07 15:26 . 2008-08-07 16:12 -------- d-----w- c:\program files\TomTom HOME 2
2010-05-07 15:26 . 2008-04-08 12:01 -------- d-----w- c:\program files\VoipCheapCom
2010-05-07 15:26 . 2009-11-17 12:30 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-05-07 15:26 . 2009-11-17 12:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-05-07 14:11 . 2009-07-28 20:07 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\vlc
2010-05-07 14:04 . 2008-04-08 20:44 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\DivX
2010-05-07 13:33 . 2008-04-08 13:06 -------- d-----w- c:\program files\DivX
2010-05-07 13:31 . 2009-04-01 20:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-03 11:46 . 2008-08-12 12:01 87768 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-02 18:04 . 2008-03-29 20:19 87768 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 17:59 . 2008-03-29 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-02 17:52 . 2008-09-30 13:16 -------- d-----w- c:\program files\Zoom Player
2010-05-02 16:56 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-02 12:53 . 2009-11-12 15:56 -------- d-----w- c:\program files\F-Secure
2010-05-02 12:44 . 2008-04-08 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-04-30 11:20 . 2008-03-29 19:46 209539 ----a-w- c:\windows\system32\nvModes.dat
2010-04-30 10:35 . 2008-03-29 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-29 16:29 . 2008-04-08 11:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\program files\Lavasoft
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-29 16:16 . 2008-04-02 09:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-29 14:27 . 2008-04-02 09:23 -------- d-----w- c:\program files\MSECache
2010-04-29 13:35 . 2009-05-08 12:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-28 16:31 . 2008-04-08 17:19 -------- d-----w- c:\program files\uTorrent
2010-04-28 16:29 . 2008-04-08 17:19 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\uTorrent
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----r- c:\program files\Skype
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-24 08:58 . 2008-04-02 09:57 0 ----a-w- c:\documents and settings\prashant.vara\Local Settings\Application Data\WavXMapDrive.bat
2010-04-23 10:13 . 2009-08-17 13:15 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\HpUpdate
2010-04-19 12:49 . 2008-07-30 13:42 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\U3
2010-04-19 11:29 . 2009-06-20 18:23 256 ----a-w- c:\windows\system32\pool.bin
2010-04-13 10:25 . 2008-04-08 09:18 -------- d-----w- c:\program files\DesignBuilder
2010-04-07 08:25 . 2009-10-16 09:20 -------- d-----w- c:\program files\QuickTime
2010-04-06 15:22 . 2008-06-08 18:26 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Vso
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\program files\iTunes
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 08:57 . 2010-04-01 08:57 -------- d-----w- c:\program files\iPod
2010-04-01 08:56 . 2008-04-08 15:05 -------- d-----w- c:\program files\Common Files\Apple
2010-04-01 08:30 . 2010-04-01 08:30 -------- d-----w- c:\program files\Bonjour
2010-03-31 16:04 . 2008-04-10 13:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-31 14:54 . 2010-03-31 14:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-31 14:53 . 2008-04-08 14:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-31 14:50 . 2010-03-31 14:50 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-03-31 01:58 . 2008-11-20 19:19 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-31 01:58 . 2007-05-01 16:48 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2006-09-14 16:13 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-03-30 10:33 . 2010-03-30 10:33 -------- d-----w- c:\program files\Any DWG DXF Converter
2010-03-30 10:19 . 2010-02-01 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-30 09:20 . 2010-03-30 09:19 -------- d-----w- c:\program files\Vitamin D Video
2010-03-30 08:37 . 2008-04-08 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DesignBuilder
2010-03-29 14:57 . 2010-03-29 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\sky
2010-03-25 15:24 . 2008-10-07 12:42 68156 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 10:00 . 2008-07-23 19:09 -------- d-----w- c:\program files\Safari
2010-03-13 00:28 . 2010-03-13 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-13 00:28 . 2009-07-21 20:35 -------- d-----w- c:\program files\IObit
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-09-04 14:27 . 2008-09-04 14:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-08 09:19 . 2009-04-08 09:19 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-08 09:19 . 2009-04-08 09:19 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-04-08 09:19 . 2009-04-08 09:19 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
CODE
<pre>
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-04-26 126976]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
BounceBack Launcher.lnk - c:\program files\CMS Products\BounceBack Express\BBLauncher.exe [2008-4-10 90112]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-29 50688]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-4-17 106496]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-4-8 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\prashant.vara\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [12/9/2009 5:35 PM 902432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/9/2009 5:35 PM 2326920]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/13/2010 1:28 AM 311568]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [4/10/2008 4:15 PM 7424]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 1:52 PM 14336]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/9/2009 5:35 PM 159168]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1ca50974ef9adb0;Google Update Service (gupdate1ca50974ef9adb0);c:\program files\Google\Update\GoogleUpdate.exe [10/19/2009 9:36 AM 133104]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2/13/2009 1:51 PM 58880]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2/13/2009 1:51 PM 106112]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2/13/2009 1:52 PM 18816]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2/13/2009 1:51 PM 8064]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [4/1/2009 12:08 PM 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [4/1/2009 12:09 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 TTDVBSTB;TTDVBSTB driver;c:\windows\system32\drivers\TTDVBSTB.sys [4/17/2008 8:39 PM 57328]
S3 TTNDISTB;Virtual STB-S/-C/-T Network Adapter Driver;c:\windows\system32\drivers\ttndistb.sys [4/17/2008 8:39 PM 39124]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\WinSysClean 2008 Trial\UDManager\UDManager.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\prashant.vara\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 18:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1960)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(9896)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\CMS Products\BounceBack Express\BBReminder.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Completion time: 2010-05-10 18:44:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 17:44
ComboFix2.txt 2010-05-08 02:22
ComboFix3.txt 2010-05-07 15:52
ComboFix4.txt 2010-05-07 08:46

Pre-Run: 5,114,503,168 bytes free
Post-Run: 7,848,370,176 bytes free

- - End Of File - - E8824BBBECBCB8512DB6C98EA5B99EC9

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:33 PM

Posted 10 May 2010 - 02:26 PM

That's good that it's running better.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/314374/help-rootkitwin32tsssd/

Collect::
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#15 djprash

djprash
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 10 May 2010 - 04:24 PM

Ok I have done as instructed.

ComboFix 10-05-10.02 - prashant.vara 10/05/2010 22:05:51.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2654 [GMT 1:00]
Running from: c:\documents and settings\prashant.vara\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\prashant.vara\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

file zipped: c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 08:30 . 2010-05-10 08:30 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-10 08:16 . 2010-05-10 08:34 136324 ----a-w- c:\windows\hpwins10.dat
2010-05-10 08:15 . 2007-09-17 08:45 1042 ----a-w- c:\windows\hpwmdl10.dat
2010-05-08 11:25 . 2010-05-08 11:25 -------- d-----w- c:\program files\ESET
2010-05-07 13:34 . 2010-05-07 13:34 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-07 13:33 . 2010-05-07 13:29 783656 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-07 13:33 . 2010-05-07 13:29 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-07 13:33 . 2010-05-07 13:33 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-07 13:33 . 2009-10-19 08:39 530158 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-05-07 13:33 . 2009-10-19 08:38 530158 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-07 13:33 . 2010-05-07 13:33 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-07 13:33 . 2010-05-07 13:33 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-07 13:33 . 2010-05-07 13:33 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-07 13:32 . 2010-05-07 13:32 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-07 13:31 . 2010-05-07 13:31 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-07 13:31 . 2010-05-07 13:31 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-07 13:29 . 2010-05-07 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-07 10:40 . 2007-08-17 20:29 118272 ----a-w- c:\windows\system32\hpz3l4x6.dll
2010-05-07 10:40 . 2007-08-17 20:27 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4x6.dll
2010-05-07 10:36 . 2007-09-17 08:48 10385 ----a-w- c:\windows\hpwscr10.dat
2010-05-06 15:35 . 2010-05-06 15:35 -------- d-----w- C:\_OTL
2010-05-04 09:56 . 2010-05-04 09:57 -------- d-----w- c:\temp\FixEngine
2010-05-04 09:56 . 2010-05-04 09:56 -------- d-----w- C:\temp
2010-05-04 09:55 . 2010-05-04 09:55 10134 ----a-r- c:\documents and settings\prashant.vara\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-05-04 09:32 . 2010-05-04 09:32 -------- d-----w- c:\program files\Foxit Software
2010-04-30 11:57 . 2010-04-30 11:57 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-30 11:57 . 2010-04-30 11:57 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-30 11:57 . 2010-04-30 11:57 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-29 16:27 . 2010-04-29 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-04-29 16:05 . 2010-04-29 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-29 16:05 . 2010-04-29 16:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-29 16:04 . 2010-04-29 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-29 14:28 . 2010-04-29 14:28 3584 ----a-r- c:\documents and settings\install\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-29 14:28 . 2010-04-29 14:28 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-29 14:27 . 2010-04-29 14:27 -------- d-sh--w- c:\documents and settings\install\IETldCache
2010-04-28 21:11 . 2010-04-28 21:11 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\Temp
2010-04-28 16:22 . 2010-04-28 16:22 -------- d-----w- C:\spoolerlogs
2010-04-27 11:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 11:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 11:31 . 2010-05-07 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 12:00 . 2010-04-26 12:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2010-04-26 11:07 . 2010-04-26 11:07 -------- d-----w- c:\program files\Western Digital
2010-04-26 11:01 . 2010-04-26 11:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-26 10:14 . 2010-04-26 10:14 -------- d-----w- c:\documents and settings\prashant.vara\WD Sync Data
2010-04-25 02:17 . 2010-04-25 02:17 128 ----a-w- c:\windows\system32\perf.dat
2010-04-24 18:34 . 2010-04-24 18:34 52224 ----a-w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-24 18:34 . 2010-04-24 18:34 117760 ----a-w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 18:33 . 2010-05-07 15:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 18:33 . 2010-04-24 18:33 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SUPERAntiSpyware.com
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\prashant.vara\Local Settings\Application Data\avG
2010-04-24 15:37 . 2010-04-24 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-24 09:11 . 2010-04-24 09:11 -------- d-----w- c:\program files\PoivY.com
2010-04-23 12:16 . 2010-04-23 12:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Virgin Broadband
2010-04-23 11:57 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
2010-04-23 11:56 . 2010-04-23 11:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-19 11:05 . 2010-04-29 16:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-19 10:39 . 2010-04-19 10:39 -------- d-----w- c:\program files\Perfect Uninstaller
2010-04-16 23:09 . 2010-04-16 23:09 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Uniblue
2010-04-13 10:25 . 1999-04-23 22:22 1312 ----a-w- c:\windows\system32\rsrc16.dll
2010-04-13 10:25 . 1996-08-24 11:11 4608 ----a-w- c:\windows\system32\Rsrc32.dll
2010-04-13 10:25 . 2008-07-24 10:46 2899968 ----a-w- c:\windows\system32\pdf2image.dll
2010-04-13 10:25 . 2007-11-19 20:10 1937408 ----a-w- c:\windows\system32\FreeImage.dll
2010-04-13 10:25 . 2000-03-07 00:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 18:38 . 2008-04-08 17:19 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\uTorrent
2010-05-10 17:34 . 2008-04-28 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-10 16:31 . 2009-08-01 19:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-10 16:31 . 2009-08-01 19:35 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-10 15:28 . 2009-11-04 12:59 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\SystemsLink
2010-05-07 15:26 . 2008-03-29 20:12 -------- d-----w- c:\program files\Wave Systems Corp
2010-05-07 15:26 . 2009-02-26 16:39 -------- d-----w- c:\program files\Virgin Broadband Wireless
2010-05-07 15:26 . 2008-08-07 16:12 -------- d-----w- c:\program files\TomTom HOME 2
2010-05-07 15:26 . 2008-04-08 12:01 -------- d-----w- c:\program files\VoipCheapCom
2010-05-07 15:26 . 2009-11-17 12:30 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-05-07 15:26 . 2009-11-17 12:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-05-07 14:11 . 2009-07-28 20:07 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\vlc
2010-05-07 14:04 . 2008-04-08 20:44 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\DivX
2010-05-07 13:33 . 2008-04-08 13:06 -------- d-----w- c:\program files\DivX
2010-05-07 13:31 . 2009-04-01 20:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-05 18:22 . 2010-04-29 16:38 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-05 18:22 . 2010-04-29 16:38 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-03 11:46 . 2008-08-12 12:01 87768 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-02 18:04 . 2008-03-29 20:19 87768 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 17:59 . 2008-03-29 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-02 17:52 . 2008-09-30 13:16 -------- d-----w- c:\program files\Zoom Player
2010-05-02 16:56 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-02 12:53 . 2009-11-12 15:56 -------- d-----w- c:\program files\F-Secure
2010-05-02 12:44 . 2008-04-08 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-04-30 11:57 . 2010-04-30 11:57 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-30 11:57 . 2010-04-30 11:57 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-04-30 11:57 . 2010-04-30 11:57 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-04-30 11:20 . 2008-03-29 19:46 209539 ----a-w- c:\windows\system32\nvModes.dat
2010-04-30 11:11 . 2010-04-30 11:11 -------- d-----w- c:\documents and settings\install\Application Data\Malwarebytes
2010-04-30 10:35 . 2008-03-29 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 07:52 . 2010-04-30 07:52 -------- d-----w- c:\documents and settings\install\Application Data\Windows Desktop Search
2010-04-29 16:36 . 2010-04-29 16:36 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-29 16:29 . 2008-04-08 11:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\program files\Lavasoft
2010-04-29 16:29 . 2008-04-08 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-29 16:16 . 2008-04-02 09:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-29 14:27 . 2008-04-02 09:23 -------- d-----w- c:\program files\MSECache
2010-04-29 13:35 . 2009-05-08 12:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-28 16:31 . 2008-04-08 17:19 -------- d-----w- c:\program files\uTorrent
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----r- c:\program files\Skype
2010-04-26 11:04 . 2008-04-08 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-25 21:45 . 2009-09-28 11:53 181096 ----a-w- c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\FlashGot.exe
2010-04-24 08:58 . 2008-04-02 09:57 0 ----a-w- c:\documents and settings\prashant.vara\Local Settings\Application Data\WavXMapDrive.bat
2010-04-23 10:13 . 2009-08-17 13:15 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\HpUpdate
2010-04-19 12:49 . 2008-07-30 13:42 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\U3
2010-04-19 11:29 . 2009-06-20 18:23 256 ----a-w- c:\windows\system32\pool.bin
2010-04-13 10:25 . 2008-04-08 09:18 -------- d-----w- c:\program files\DesignBuilder
2010-04-07 08:25 . 2009-10-16 09:20 -------- d-----w- c:\program files\QuickTime
2010-04-06 15:22 . 2008-06-08 18:26 -------- d-----w- c:\documents and settings\prashant.vara\Application Data\Vso
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\program files\iTunes
2010-04-01 08:58 . 2010-04-01 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 08:57 . 2010-04-01 08:57 -------- d-----w- c:\program files\iPod
2010-04-01 08:56 . 2008-04-08 15:05 -------- d-----w- c:\program files\Common Files\Apple
2010-04-01 08:30 . 2010-04-01 08:30 -------- d-----w- c:\program files\Bonjour
2010-04-01 08:26 . 2010-04-01 08:26 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-31 16:04 . 2008-04-10 13:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-31 14:54 . 2010-03-31 14:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-31 14:53 . 2008-04-08 14:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-31 14:50 . 2010-03-31 14:50 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-03-31 01:58 . 2008-11-20 19:19 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-31 01:58 . 2007-05-01 16:48 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2006-09-14 16:13 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-03-30 10:33 . 2010-03-30 10:33 -------- d-----w- c:\program files\Any DWG DXF Converter
2010-03-30 10:19 . 2010-02-01 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-30 09:20 . 2010-03-30 09:19 -------- d-----w- c:\program files\Vitamin D Video
2010-03-30 08:37 . 2008-04-08 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DesignBuilder
2010-03-29 14:57 . 2010-03-29 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\sky
2010-03-25 15:24 . 2008-10-07 12:42 68156 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 10:00 . 2008-07-23 19:09 -------- d-----w- c:\program files\Safari
2010-03-16 09:56 . 2010-03-16 09:56 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-13 00:28 . 2010-03-13 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-13 00:28 . 2009-07-21 20:35 -------- d-----w- c:\program files\IObit
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-01 14:36 . 2010-03-01 14:36 14846 ----a-r- c:\documents and settings\prashant.vara\Application Data\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-09-04 14:27 . 2008-09-04 14:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-08 09:19 . 2009-04-08 09:19 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-08 09:19 . 2009-04-08 09:19 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-04-08 09:19 . 2009-04-08 09:19 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
CODE
<pre>
c:\program files\Google\Quick Search Box\GoogleQuickSearchBox .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [N/A]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
BounceBack Launcher.lnk - c:\program files\CMS Products\BounceBack Express\BBLauncher.exe [2008-4-10 90112]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-29 50688]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-4-17 106496]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-4-8 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 15:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\prashant.vara\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [12/9/2009 5:35 PM 902432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/9/2009 5:35 PM 2326920]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/13/2010 1:28 AM 311568]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [4/10/2008 4:15 PM 7424]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 1:52 PM 14336]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/9/2009 5:35 PM 159168]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1ca50974ef9adb0;Google Update Service (gupdate1ca50974ef9adb0);c:\program files\Google\Update\GoogleUpdate.exe [10/19/2009 9:36 AM 133104]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2/13/2009 1:51 PM 58880]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2/13/2009 1:51 PM 106112]
S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2/13/2009 1:52 PM 18816]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2/13/2009 1:51 PM 8064]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [4/1/2009 12:08 PM 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [4/1/2009 12:09 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 TTDVBSTB;TTDVBSTB driver;c:\windows\system32\drivers\TTDVBSTB.sys [4/17/2008 8:39 PM 57328]
S3 TTNDISTB;Virtual STB-S/-C/-T Network Adapter Driver;c:\windows\system32\drivers\ttndistb.sys [4/17/2008 8:39 PM 39124]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 08:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\WinSysClean 2008 Trial\UDManager\UDManager.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\prashant.vara\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\prashant.vara\Application Data\Mozilla\Firefox\Profiles\v8x1ojl6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(1960)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-05-10 22:16:01
ComboFix-quarantined-files.txt 2010-05-10 21:15
ComboFix2.txt 2010-05-10 17:44
ComboFix3.txt 2010-05-08 02:22
ComboFix4.txt 2010-05-07 15:52
ComboFix5.txt 2010-05-10 21:03

Pre-Run: 7,870,431,232 bytes free
Post-Run: 7,835,779,072 bytes free

- - End Of File - - A0CB5C12258630E2626D3B2AA9E9BF9B
Upload was successful





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users