Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Failed to Save all the components cascading dialog boxes/Windows Delayed Write Failed - Virus - All files are hidden


  • This topic is locked This topic is locked
63 replies to this topic

#1 Digitalspidey

Digitalspidey

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 March 2012 - 02:51 AM

I get the following error messages
"Failed to Save all the components cascading dialog boxes"
"Windows Delayed Write Failed"
"Windows detected a hard drive problem"
"Ram memory reliability is extremely low "

I did a quick scan of MIcrosoft Security essentials after starting in the normal mode but it did not find any infected files.
I also restarted the computer in Safe mode and ran the Malaware bytes MBAM scan.
I ran the MBAM scan from a flash drive , It also did not find any infected files.
In the safe mode I ran "Unhide" and the files came back. Below is log from unhide
***************
"Finished processing C:\drive 73656 files processed
Finished processing E:\drive 15550 files processed
Restoring the start menu. 209 Shortcuts and Dektop items were restored

Searching for Windows Registry Changes made by FakeHDD rogues.
-Checking HKLM\SOFTWARE\Windows\CurrentVersion\policies\Explorer
-Checking HKCU\SOFTWARE\Windows\CurrentVersion\policies\Explorer
* NoDesktop policy was found and deleted!
-Checking HKCU\SOFTWARE\Windows\CurrentVersion\policies\Explorer\Advanced

Program finished at 3/3/2012 11:36:46 PM
Execution time : 0 hour(s), 9 minutes(s), and 46 seconds(s)
***************

Once I restarted in the regular mode , after about 5 minutes are so all the files are hidden again and the cascading windows started appearing and am getting all of the error messages listed above.

I reviewed the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and have downloaded the DDS.scr and GMER in the flash drive.
DO I need to run the steps in order Defogger, DDS, and GMER ?
Can I run from flash drive or do I need to install it in desktop?
Can I run them after starting in the safe mode or Do I need to run only from the regular mode
Should I run the unhide first before running the DDS and the GMER?
Or based on the information you have so far is there an easier fix ?

Appreciate your help

BC AdBot (Login to Remove)

 


#2 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 March 2012 - 02:54 AM

posted the question in the virus removal forum - http://www.bleepingcomputer.com/forums/topic444994.html .
This post can be inactivated if the other forum is the more appropriate forum to post this kind of question


=================================

===========

Hello

I have removed the topic you made in the XP forum as it was a duplicate of this one, which already is in the right place. It will be two, three days before you will receive a reply most likely as oldest topics are picked up first. In the mean time please follow the steps in the preparation guide to run DDS/GMER and post the logs as a reply to this topic.

Thank you for understanding.

Elise

Edited by elise025, 04 March 2012 - 05:00 AM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 09 March 2012 - 02:53 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 12 March 2012 - 01:46 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 13 March 2012 - 08:33 AM

Yes I still need help
I downloaded both DDS.SCR and Defogger
I ran the DDS.SCR without the defogger it took moren than 15 minutes and the system froze (I couldn't get taskmgr or close the window ).
So I powered down. ( I didn't run the defogger hope that didn't cause this problem)

I had not taken a complete backup , I have an external hard drive now and am copying files onto it , so need a bit more time.
I will run the Defogger and the DDS.SCR as soon as I take the backup. I will try and upload before friday.

Please let me know if I need to do anything differently
Thank you.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 13 March 2012 - 01:05 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 16 March 2012 - 01:56 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 17 March 2012 - 12:55 PM

Just need a bit more time, will try and get the otl test by today
Backing up the files in a safe mode is taking a bit more time than I expected.

Thanks for your help, follow-up and interest
Really appreciate it.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 17 March 2012 - 01:35 PM

no problem I will check on you in a couple of days if I have not heard from you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 20 March 2012 - 12:19 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 20 March 2012 - 11:36 AM

OTL logfile created on: 3/20/2012 6:53:03 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Adhithi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 73.26% Memory free
4.35 Gb Paging File | 3.70 Gb Available in Paging File | 85.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 60.66 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 397.83 Gb Free Space | 28.47% Space Free | Partition Type: NTFS
Drive F: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.62% Space Free | Partition Type: FAT

Computer Name: TT-E42F00183518 | User Name: Adhithi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adhithi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Red Chair Software\Deubox Explorer\deumgr.exe (Red Chair Software, Inc.)
PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl ()


========== Win32 Services (SafeList) ==========

SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (tgsrvc_verizondm) SupportSoft Repair Service (verizondm) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MpKslc3d51b2a) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E520E0A-B6C2-41A3-985C-28E07268BE10}\MpKslc3d51b2a.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SUSTUCAP) -- C:\WINDOWS\system32\drivers\sustucap.sys (Susteen, Inc.)
DRV - (SUSTUCAM) -- C:\WINDOWS\system32\drivers\sustucam.sys (Susteen, Inc.)
DRV - (SUSTUCAU) -- C:\WINDOWS\system32\drivers\sustucau.sys (Susteen, Inc.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (SI3112) -- C:\WINDOWS\system32\drivers\SI3112.sys (Silicon Image, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..\SearchScopes,DefaultScope = {0448688B-AEF2-4E04-B9AB-E65EC3E16628}
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..\SearchScopes\{0448688B-AEF2-4E04-B9AB-E65EC3E16628}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Adhithi\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Adhithi\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Adhithi\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Adhithi\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/24 21:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 21:08:19 | 000,000,000 | ---D | M]

[2010/01/09 19:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adhithi\Application Data\Mozilla\Extensions
[2012/02/24 18:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adhithi\Application Data\Mozilla\Firefox\Profiles\1bez65g9.default\extensions
[2010/03/23 07:18:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adhithi\Application Data\Mozilla\Firefox\Profiles\1bez65g9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/24 18:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/25 21:04:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/02/06 17:22:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/07 16:43:41 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006/02/28 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1003..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1\GOTOME~1\366\logA.SH! c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1\GOTOME~1\366.SH! c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1\GOTOME~1.SH! c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1.SH! File not found
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1003..\Run: [ihanotify] C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Adhithi\Start Menu\Programs\Startup\Deubox Manager.lnk = C:\Program Files\Red Chair Software\Deubox Explorer\deumgr.exe (Red Chair Software, Inc.)
O4 - Startup: C:\Documents and Settings\Adhithi\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1214440339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-789336058-1214440339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230528025703 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309842942687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://intercall.webex.com/client/T27L10NSP11EP5/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Adhithi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adhithi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 19:33:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within (All) ==========

[2012/03/20 06:50:59 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adhithi\Desktop\OTL.exe
[2012/03/11 18:38:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Adhithi\Start Menu\Programs\Administrative Tools
[2012/03/11 16:43:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Adhithi\Desktop\dds.scr
[2012/03/10 14:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/03/08 08:03:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/07 08:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/07 08:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/06 05:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\Application Data\SUPERAntiSpyware.com
[2012/03/06 05:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/03 17:11:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Adhithi\Recent
[2012/03/03 14:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/03 14:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/03 07:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/03/01 16:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
[2012/02/05 14:35:02 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/04 08:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\Amma
[2012/01/25 21:04:46 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/25 21:04:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/25 21:04:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/25 21:04:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/27 14:40:05 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2011/11/17 23:19:30 | 000,000,000 | ---D | C] -- C:\My Video
[2011/11/17 23:18:24 | 000,991,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCoreM.dll
[2011/11/17 23:18:24 | 000,356,352 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoDxPlayer.dll
[2011/11/17 23:18:24 | 000,294,912 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAVIFile.dll
[2011/11/17 23:18:24 | 000,282,624 | ---- | C] (Online Media Technologies Company Ltd.) -- C:\WINDOWS\System32\NCTQuickTimeFile.dll
[2011/11/17 23:18:24 | 000,196,608 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMVFile.dll
[2011/11/17 23:18:24 | 000,139,264 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoFile.dll
[2011/11/17 23:18:24 | 000,090,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioFormatSettings3.dll
[2011/11/17 23:18:23 | 002,658,304 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress3.dll
[2011/11/17 23:18:23 | 002,260,992 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCompress.dll
[2011/11/17 23:18:23 | 001,810,432 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress2.dll
[2011/11/17 23:18:22 | 000,793,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpcdcs8.exe
[2011/11/17 23:18:22 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2011/11/09 23:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\AppaAmmaPictures
[2011/10/08 15:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\Ananya 6th Grade
[2011/08/19 20:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\BlackBerry
[2011/08/19 19:54:57 | 000,027,136 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2011/08/18 21:12:19 | 000,047,360 | ---- | C] (Susteen, Inc.) -- C:\WINDOWS\System32\drivers\sustucap.sys
[2011/08/18 21:12:19 | 000,047,360 | ---- | C] (Susteen, Inc.) -- C:\WINDOWS\System32\drivers\sustucam.sys
[2011/08/18 21:12:19 | 000,028,032 | ---- | C] (Susteen, Inc.) -- C:\WINDOWS\System32\drivers\sustucau.sys
[2011/08/18 21:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\DataPilot
[2011/06/05 01:25:51 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/04 22:59:37 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adhithi\My Documents\mbam-setup-1.50.1.1100.exe
[2011/06/04 22:29:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/17 20:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\DownloadBackups
[2011/05/07 11:31:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\FIOS
[2011/04/30 23:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/04/30 23:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/04/30 22:59:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2011/04/30 22:56:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2011/04/30 22:56:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2011/04/30 22:56:30 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/04/30 22:56:30 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2011/04/19 07:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/04/19 07:03:10 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011/04/19 07:03:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011/04/19 07:03:10 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011/04/16 16:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/04/16 16:03:46 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon.dll
[2011/04/16 16:03:46 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui.dll
[2011/04/15 07:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\AnyBizSoft PDF Password Remover
[2011/04/15 07:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\TurboTax
[2011/03/21 11:17:56 | 000,068,928 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\NLSSRV32.EXE
[2011/03/19 23:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\My Scans
[2011/02/25 05:16:54 | 001,716,297 | ---- | C] (Intuit Inc.) -- C:\WINDOWS\System32\InetClnt.dll
[2011/02/12 19:04:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/02 00:58:35 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011/01/27 04:57:06 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/01/21 07:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2010/12/18 00:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\OneNote Notebooks
[2010/12/15 14:45:06 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 14:44:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/11/18 11:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/14 08:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\AdhithiProjects
[2010/11/09 07:52:35 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/11/09 07:52:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
[2010/11/09 07:52:35 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/11/09 07:52:35 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/11/09 07:52:35 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/11/09 07:52:35 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/11/08 05:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/11/08 05:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/11/08 05:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/11/08 05:41:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/11/08 05:41:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/10/24 21:25:38 | 000,165,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2010/10/14 23:31:32 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2010/10/13 16:50:38 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 16:50:37 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 16:50:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/09/26 16:43:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/09/26 16:43:13 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/09/23 15:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\Ananyaprojects
[2010/09/18 20:05:19 | 000,016,496 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2010/09/18 20:05:15 | 000,049,920 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2010/09/18 20:05:11 | 000,021,568 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZius12.sys
[2010/09/18 20:04:41 | 000,267,864 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/09/18 20:04:38 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5ha.dll
[2010/09/18 20:04:18 | 000,958,464 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotiop4.dll
[2010/09/18 20:04:18 | 000,675,840 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax4.dll
[2010/09/18 20:04:18 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/09/18 20:04:18 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/09/18 20:04:18 | 000,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2010/09/18 20:04:17 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2010/09/18 20:04:17 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/09/18 20:03:12 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2010/09/18 20:03:12 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/09/18 20:03:02 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/18 20:02:50 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2010/09/18 20:02:50 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/09/18 12:23:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010/08/26 22:57:43 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010/08/17 06:17:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010/08/11 12:44:12 | 000,507,904 | R--- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\btwapi.dll
[2010/07/16 05:05:55 | 001,288,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2010/07/14 07:10:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/06/18 10:45:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010/05/13 07:02:33 | 000,000,000 | ---D | C] -- C:\WTablet
[2010/04/19 22:30:08 | 000,290,432 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/04/16 08:36:56 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010/03/31 00:16:34 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010/03/31 00:10:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010/03/30 12:24:40 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll
[2010/03/21 21:24:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/03/21 21:23:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/03/21 21:23:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/03/21 21:23:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/03/21 21:23:39 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2010/03/21 21:23:39 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/03/21 21:23:39 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/03/21 21:23:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/03/20 14:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\Vegas Movie Studio HD 9.0 Projects
[2010/03/20 14:02:24 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/03/20 14:01:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/03/10 07:12:41 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/05 07:37:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
OTL logfile created on: 3/20/2012 6:53:03 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Adhithi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 73.26% Memory free
4.35 Gb Paging File | 3.70 Gb Available in Paging File | 85.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 60.66 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 397.83 Gb Free Space | 28.47% Space Free | Partition Type: NTFS
Drive F: | 1.88 Gb Total Space | 1.88 Gb Free Space | 99.62% Space Free | Partition Type: FAT

Computer Name: TT-E42F00183518 | User Name: Adhithi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Adhithi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Red Chair Software\Deubox Explorer\deumgr.exe (Red Chair Software, Inc.)
PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl ()


========== Win32 Services (SafeList) ==========

SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (tgsrvc_verizondm) SupportSoft Repair Service (verizondm) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MpKslc3d51b2a) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E520E0A-B6C2-41A3-985C-28E07268BE10}\MpKslc3d51b2a.sys (Microsoft Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SUSTUCAP) -- C:\WINDOWS\system32\drivers\sustucap.sys (Susteen, Inc.)
DRV - (SUSTUCAM) -- C:\WINDOWS\system32\drivers\sustucam.sys (Susteen, Inc.)
DRV - (SUSTUCAU) -- C:\WINDOWS\system32\drivers\sustucau.sys (Susteen, Inc.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\WINDOWS\system32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (SI3112) -- C:\WINDOWS\system32\drivers\SI3112.sys (Silicon Image, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..\SearchScopes,DefaultScope = {0448688B-AEF2-4E04-B9AB-E65EC3E16628}
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..\SearchScopes\{0448688B-AEF2-4E04-B9AB-E65EC3E16628}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1214440339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Adhithi\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Adhithi\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Adhithi\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Adhithi\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/24 21:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 21:08:19 | 000,000,000 | ---D | M]

[2010/01/09 19:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adhithi\Application Data\Mozilla\Extensions
[2012/02/24 18:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adhithi\Application Data\Mozilla\Firefox\Profiles\1bez65g9.default\extensions
[2010/03/23 07:18:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adhithi\Application Data\Mozilla\Firefox\Profiles\1bez65g9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/24 18:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/25 21:04:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010/02/06 17:22:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/07 16:43:41 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006/02/28 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1003..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1\GOTOME~1\366\logA.SH! c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1\GOTOME~1\366.SH! c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1\GOTOME~1.SH! c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1.SH! File not found
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1003..\Run: [ihanotify] C:\Program Files\Verizon\FiOS\ihs\IHANotify.exe (COLLABERA)
O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Adhithi\Start Menu\Programs\Startup\Deubox Manager.lnk = C:\Program Files\Red Chair Software\Deubox Explorer\deumgr.exe (Red Chair Software, Inc.)
O4 - Startup: C:\Documents and Settings\Adhithi\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1214440339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-789336058-1214440339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230528025703 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309842942687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://intercall.webex.com/client/T27L10NSP11EP5/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Adhithi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adhithi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 19:33:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within (All) ==========

[2012/03/20 06:50:59 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adhithi\Desktop\OTL.exe
[2012/03/11 18:38:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Adhithi\Start Menu\Programs\Administrative Tools
[2012/03/11 16:43:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Adhithi\Desktop\dds.scr
[2012/03/10 14:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/03/08 08:03:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/07 08:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/07 08:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/06 05:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\Application Data\SUPERAntiSpyware.com
[2012/03/06 05:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/03 17:11:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Adhithi\Recent
[2012/03/03 14:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/03 14:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/03 07:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/03/01 16:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
[2012/02/05 14:35:02 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/04 08:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\Amma
[2012/01/25 21:04:46 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/01/25 21:04:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/01/25 21:04:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/01/25 21:04:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/27 14:40:05 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2011/11/17 23:19:30 | 000,000,000 | ---D | C] -- C:\My Video
[2011/11/17 23:18:24 | 000,991,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCoreM.dll
[2011/11/17 23:18:24 | 000,356,352 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoDxPlayer.dll
[2011/11/17 23:18:24 | 000,294,912 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAVIFile.dll
[2011/11/17 23:18:24 | 000,282,624 | ---- | C] (Online Media Technologies Company Ltd.) -- C:\WINDOWS\System32\NCTQuickTimeFile.dll
[2011/11/17 23:18:24 | 000,196,608 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMVFile.dll
[2011/11/17 23:18:24 | 000,139,264 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoFile.dll
[2011/11/17 23:18:24 | 000,090,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioFormatSettings3.dll
[2011/11/17 23:18:23 | 002,658,304 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress3.dll
[2011/11/17 23:18:23 | 002,260,992 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCompress.dll
[2011/11/17 23:18:23 | 001,810,432 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress2.dll
[2011/11/17 23:18:22 | 000,793,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpcdcs8.exe
[2011/11/17 23:18:22 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2011/11/09 23:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\AppaAmmaPictures
[2011/10/08 15:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\Ananya 6th Grade
[2011/08/19 20:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\BlackBerry
[2011/08/19 19:54:57 | 000,027,136 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2011/08/18 21:12:19 | 000,047,360 | ---- | C] (Susteen, Inc.) -- C:\WINDOWS\System32\drivers\sustucap.sys
[2011/08/18 21:12:19 | 000,047,360 | ---- | C] (Susteen, Inc.) -- C:\WINDOWS\System32\drivers\sustucam.sys
[2011/08/18 21:12:19 | 000,028,032 | ---- | C] (Susteen, Inc.) -- C:\WINDOWS\System32\drivers\sustucau.sys
[2011/08/18 21:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\DataPilot
[2011/06/05 01:25:51 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/06/04 22:59:37 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Adhithi\My Documents\mbam-setup-1.50.1.1100.exe
[2011/06/04 22:29:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/17 20:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\DownloadBackups
[2011/05/07 11:31:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\FIOS
[2011/04/30 23:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/04/30 23:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/04/30 22:59:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2011/04/30 22:56:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2011/04/30 22:56:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2011/04/30 22:56:30 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/04/30 22:56:30 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2011/04/19 07:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/04/19 07:03:10 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011/04/19 07:03:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011/04/19 07:03:10 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011/04/16 16:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/04/16 16:03:46 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon.dll
[2011/04/16 16:03:46 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui.dll
[2011/04/15 07:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\AnyBizSoft PDF Password Remover
[2011/04/15 07:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\TurboTax
[2011/03/21 11:17:56 | 000,068,928 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\NLSSRV32.EXE
[2011/03/19 23:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\My Scans
[2011/02/25 05:16:54 | 001,716,297 | ---- | C] (Intuit Inc.) -- C:\WINDOWS\System32\InetClnt.dll
[2011/02/12 19:04:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/02 00:58:35 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011/01/27 04:57:06 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/01/21 07:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2010/12/18 00:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\OneNote Notebooks
[2010/12/15 14:45:06 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 14:44:28 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/11/18 11:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/14 08:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\AdhithiProjects
[2010/11/09 07:52:35 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/11/09 07:52:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
[2010/11/09 07:52:35 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/11/09 07:52:35 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/11/09 07:52:35 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/11/09 07:52:35 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/11/08 05:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/11/08 05:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/11/08 05:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/11/08 05:41:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/11/08 05:41:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/10/24 21:25:38 | 000,165,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2010/10/14 23:31:32 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2010/10/13 16:50:38 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 16:50:37 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 16:50:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/09/26 16:43:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/09/26 16:43:13 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/09/23 15:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\Ananyaprojects
[2010/09/18 20:05:19 | 000,016,496 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2010/09/18 20:05:15 | 000,049,920 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2010/09/18 20:05:11 | 000,021,568 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZius12.sys
[2010/09/18 20:04:41 | 000,267,864 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2010/09/18 20:04:38 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5ha.dll
[2010/09/18 20:04:18 | 000,958,464 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotiop4.dll
[2010/09/18 20:04:18 | 000,675,840 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax4.dll
[2010/09/18 20:04:18 | 000,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2010/09/18 20:04:18 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2010/09/18 20:04:18 | 000,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2010/09/18 20:04:17 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2010/09/18 20:04:17 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/09/18 20:03:12 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2010/09/18 20:03:12 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/09/18 20:03:02 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/18 20:02:50 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2010/09/18 20:02:50 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/09/18 12:23:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010/08/26 22:57:43 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010/08/17 06:17:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010/08/11 12:44:12 | 000,507,904 | R--- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\btwapi.dll
[2010/07/16 05:05:55 | 001,288,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2010/07/14 07:10:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/06/18 10:45:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010/05/13 07:02:33 | 000,000,000 | ---D | C] -- C:\WTablet
[2010/04/19 22:30:08 | 000,290,432 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/04/16 08:36:56 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010/03/31 00:16:34 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010/03/31 00:10:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010/03/30 12:24:40 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdecd.dll
[2010/03/21 21:24:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/03/21 21:23:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/03/21 21:23:39 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/03/21 21:23:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/03/21 21:23:39 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2010/03/21 21:23:39 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/03/21 21:23:39 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/03/21 21:23:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/03/20 14:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adhithi\My Documents\Vegas Movie Studio HD 9.0 Projects
[2010/03/20 14:02:24 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/03/20 14:01:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/03/10 07:12:41 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/05 07:37:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
========== Files Created - No Company Name ==========

[2012/03/11 16:41:00 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\Defogger.exe
[2012/03/07 23:18:13 | 000,253,120 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\Backup of Sas.wbk
[2012/03/07 13:48:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/07 08:53:01 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/03 16:51:26 | 000,420,859 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\AVGInstLog.cab
[2012/03/03 16:28:35 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTake Presenter.lnk
[2012/03/03 16:28:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/03/03 16:28:34 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2012/03/03 16:28:34 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DataPilot 7.lnk
[2012/03/03 16:28:33 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/03/03 16:28:27 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/11 19:13:44 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012/02/11 19:11:33 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/02/11 19:04:37 | 000,139,858 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2012/02/11 19:04:37 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2011/12/31 09:06:21 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Adhithi\My Documents\ChatLog Meet Now 2011_12_31 08_06.rtf
[2011/12/30 22:42:07 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/27 14:41:01 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Adhithi\Application Data\qtake.prf
[2011/11/27 14:39:31 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\CA Grade 6 Learning.lnk
[2011/11/17 23:18:32 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySMPEG2AVI.dat
[2011/11/17 23:18:25 | 000,001,043 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\EZ MPEG TO AVI Converter.lnk
[2011/11/17 23:18:24 | 000,316,640 | ---- | C] () -- C:\WINDOWS\System32\WMSysPr9.prx
[2011/11/17 23:18:24 | 000,156,910 | ---- | C] () -- C:\WINDOWS\System32\WMSysPr8.prx
[2011/11/17 23:18:23 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2011/08/18 21:45:10 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Winsus0.dat
[2011/07/04 14:00:20 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/06/05 02:22:25 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\Adhithi\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/06/05 02:22:25 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Adhithi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/05 02:22:25 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Adhithi\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/05 02:22:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Adhithi\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/05 02:22:24 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Adhithi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/05 02:22:24 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/05 02:22:24 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Product Registration.lnk
[2011/06/05 02:22:24 | 000,001,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Player for AVCHD.lnk
[2011/06/05 02:22:24 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/06/05 02:22:24 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/06/05 02:22:24 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB - Picture Motion Browser.lnk
[2011/06/05 02:22:24 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Handycam Utility.lnk
[2011/06/05 02:22:24 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Movie Studio HD 9.0.lnk
[2011/06/05 02:22:24 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZENcast Organizer.lnk
[2011/06/05 02:22:24 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Guide.lnk
[2011/06/05 02:22:24 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/05 02:22:24 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/05 02:22:24 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/05 02:22:24 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/06/05 02:22:24 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero ShowTime.lnk
[2011/06/05 02:22:24 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\Adhithi\Application Data\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk
[2011/06/05 02:22:24 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Adhithi\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk
[2011/06/05 02:22:24 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Adhithi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/05 02:22:24 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2011/06/05 02:22:24 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZEN Vision M Series Media Explorer.lnk
[2011/06/05 01:35:11 | 000,013,562 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k8i3q71q51h81vhjxx5wo4b17xcuc12s0hgfgk3p8i8c8
[2011/06/05 01:35:11 | 000,013,562 | -HS- | C] () -- C:\Documents and Settings\Adhithi\Local Settings\Application Data\k8i3q71q51h81vhjxx5wo4b17xcuc12s0hgfgk3p8i8c8
[2011/06/05 01:28:23 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/05 01:24:43 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/04 23:11:29 | 001,890,895 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\WINXPViruses.rtf
[2011/05/28 07:03:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~23387940r
[2011/05/28 07:03:24 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~23387940
[2011/05/28 07:01:49 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23387940
[2011/05/17 23:21:52 | 000,139,146 | ---- | C] () -- C:\WINDOWS\hpoins15.dat.temp
[2011/05/17 23:21:52 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat.temp
[2011/05/07 11:31:35 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\Resume FiOS Activation.lnk
[2011/05/07 11:31:14 | 009,811,968 | ---- | C] () -- C:\WINDOWS\VerizonDM.msi
[2011/05/07 11:23:04 | 000,002,031 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\FiOS Information.lnk
[2011/05/07 11:23:03 | 000,002,060 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\Install Verizon Media Manager.lnk
[2011/05/01 07:37:39 | 000,023,100 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2011/04/15 07:53:57 | 002,494,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/09 16:54:04 | 000,312,688 | ---- | C] () -- C:\Documents and Settings\Adhithi\My Documents\Backup of Doc1.wbk
[2011/04/09 16:42:06 | 001,611,412 | ---- | C] () -- C:\Documents and Settings\Adhithi\My Documents\Backup of Swami Vivakananda pics.wbk
[2011/03/19 22:40:55 | 000,072,168 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2011/02/09 06:53:52 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/02/09 06:53:52 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/01/20 23:21:21 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Adhithi\Desktop\MWSnap 3.lnk

#12 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 20 March 2012 - 11:54 AM

I have posted the output of OTL.txt. I seemed to have run for all files and hence the output was huge.
Deleted manually in the "files created/updated section" entries older than 2011 and posted the rest.

Another thing I ran into before running the OTL.
I rebooted the machine in safe mode with command prompt (m/c was unplugged from network).
Ran an Xcopy from my C drive and E drive into an external hard drive.
All the files copied, I am also able to verify that, by the free disk space available in the external drive.
But I'm not able to seem them in explorer or by executing "Dir" command in Command prompt, even when the External hard drive is connected to a different computer.
I am still able to cd into those directories and then if I execute a dir command I can see the files.
At the end of the Xcopy there was an error message saying "Windows Delayed write failed and all contents may not have been saved?
Any insights on this pls ? I would like to know, how can I make them visible in the external hard drive in the explorer, since this is the only backup I have (it is about 2 Terabytes of data).

Thanks much

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 20 March 2012 - 01:17 PM

Hello


try running this - http://download.bleepingcomputer.com/grinler/unhide.exe and see if they are hidden


upload the otl scan to mediafire.com and send me the link here - I would like to see the whole report - malware can changed the dates in properties



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Digitalspidey

Digitalspidey
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 20 March 2012 - 11:51 PM

http://www.mediafire.com/?ugxavf2lprhydbx

Above is the filed uploaded in Mediafire.

Unhide didn't seem to have helped
Any particular arguments, I need to run it with.

Thanks

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 23 March 2012 - 04:58 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    O3 - HKU\S-1-5-21-789336058-1214440339-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-21-789336058-1214440339-839522115-1003..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1\GOTOME~1\366\logA.SH! c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1\GOTOME~1\366.SH! c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1\GOTOME~1.SH! c:\DOCUME~1\adhithi\LOCALS~1\temp\CITRIX~1.SH! File not found
    [2011/06/05 01:47:08 | 000,013,562 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\k8i3q71q51h81vhjxx5wo4b17xcuc12s0hgfgk3p8i8c8
    [2011/06/05 01:47:08 | 000,013,562 | -HS- | M] () -- C:\Documents and Settings\Adhithi\Local Settings\Application Data\k8i3q71q51h81vhjxx5wo4b17xcuc12s0hgfgk3p8i8c8
    [2011/05/28 07:04:49 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\23387940
    [2011/05/28 07:03:25 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~23387940
    [2011/05/28 07:03:24 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~23387940r
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users