Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV protection 2012 and Smart Fortress 2012


  • This topic is locked This topic is locked
23 replies to this topic

#1 nirvanaandy

nirvanaandy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 05 May 2012 - 07:07 PM

Followed tutorial on bleeping computer to remove AV protection 2012 and smart fotress 2012 and ran malwarebytes anti-malware and restarted the computer. But Still AV protection 2012 popup shows up after restart/startup

Alos GMER Log is bigger to attch so i will split in two parts and post part 2 in followup.

Attached Files



BC AdBot (Login to Remove)

 


#2 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 05 May 2012 - 07:14 PM

part 2 of GMER log.
Please rename .txt to winrar and extract.

I had to do this because the post wont allow to attach part 2 due to file size.

Attached Files



#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 PM

Posted 05 May 2012 - 07:43 PM

Hello nirvanaandy,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


2.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 06 May 2012 - 01:21 AM

Please see requested logs as below,

OTL logfile created on: 5/5/2012 10:45:43 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Rakesh\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 60.92% Memory free
4.54 Gb Paging File | 3.99 Gb Available in Paging File | 87.81% Paging File free
Paging file location(s): C:\pagefile.sys 2877 2877 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 15.58 Gb Free Space | 16.73% Space Free | Partition Type: NTFS

Computer Name: TTS-23143E21703 | User Name: Rakesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/05 22:44:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rakesh\Desktop\OTL.exe
PRC - [2012/03/18 19:34:25 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Rakesh\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 17:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/05/05 06:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
PRC - [2010/05/05 06:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/04/14 13:45:21 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeacoms.exe
PRC - [2010/04/14 13:45:14 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeaserv.exe
PRC - [2008/01/09 16:33:48 | 000,427,384 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2007/12/11 19:31:52 | 000,710,000 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2007/12/11 19:31:04 | 000,808,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2007/12/11 19:31:00 | 000,779,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2007/08/21 13:20:16 | 001,019,904 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LDISCN32.EXE
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/31 00:38:14 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
PRC - [2007/05/30 07:55:56 | 000,221,184 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2007/05/25 09:20:48 | 000,356,352 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2007/04/27 20:35:28 | 000,575,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2007/04/27 05:53:44 | 000,266,240 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2007/04/13 07:01:28 | 000,237,568 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2007/01/09 12:03:10 | 000,122,880 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2007/01/05 17:12:58 | 000,258,048 | ---- | M] (SONIX) -- C:\WINDOWS\tsnp2std.exe
PRC - [2007/01/05 08:18:24 | 000,114,688 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2006/11/01 08:06:20 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\WebPortal\SDClientMonitor.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2006/08/14 06:37:32 | 000,086,016 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2006/06/05 12:49:26 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2006/01/19 19:27:40 | 000,294,912 | ---- | M] (iPass Inc) -- C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
PRC - [2006/01/19 19:06:22 | 000,090,112 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPCAgent.exe
PRC - [2005/02/17 09:50:20 | 001,040,384 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcmntray.EXE
PRC - [2004/09/02 16:52:04 | 000,098,304 | ---- | M] (Courion Corporation) -- C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
PRC - [2004/06/30 14:33:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/01/08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2003/11/12 15:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/04/30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) -- c:\oracle\ora92\bin\omtsreco.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/18 19:34:24 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/14 21:05:25 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/06/23 18:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 18:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 18:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 18:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 17:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/05/05 06:18:46 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
MOD - [2010/05/05 06:18:43 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/04/05 03:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2010/04/05 03:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epstring.dll
MOD - [2010/04/05 03:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/05 03:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epwizard.dll
MOD - [2010/04/05 03:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\customui.dll
MOD - [2010/04/05 03:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\epfunct.dll
MOD - [2010/04/05 03:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\eputil.dll
MOD - [2010/04/05 03:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\imagutil.dll
MOD - [2010/04/01 10:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 10:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/11/04 06:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeadrpp.dll
MOD - [2009/05/27 05:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeadatr.dll
MOD - [2009/05/06 09:04:36 | 000,466,944 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2009/05/06 09:03:44 | 000,372,736 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2009/04/07 12:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/09 22:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 07:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 01:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\LXEAsmr.dll
MOD - [2009/02/20 01:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEAsm.dll
MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/19 16:40:28 | 000,106,567 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\ThinstallManageApi.dll
MOD - [2007/04/10 18:44:10 | 000,136,720 | ---- | M] () -- C:\Program Files\Trend Micro\OfficeScan Client\tmdbg.dll
MOD - [2007/01/23 10:13:54 | 000,122,880 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\ldredirect.dll
MOD - [2006/06/16 03:43:14 | 000,090,112 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\uncauthentication.dll
MOD - [2006/01/19 19:44:40 | 000,528,384 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\IPassUICfgDLL.dll
MOD - [2006/01/19 17:04:30 | 000,651,264 | ---- | M] () -- C:\Program Files\iPass\iPassConnect\downloader\libeay32.dll
MOD - [2004/05/15 22:27:54 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll
MOD - [2002/04/29 14:04:08 | 000,246,032 | ---- | M] () -- c:\oracle\ora92\bin\oratrace9.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rnadiagnosticsservice.dll -- (Xyz777s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symwsc.dll -- (s3savagemx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bc_tdi_f.dll -- (R300)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASDR.dll -- (mwsarcpkt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GameConsoleService.dll -- (MTsensor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Memctl.dll -- (msftpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atiavaiw.dll -- (LXARScan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ROCKEYNT.dll -- (lvprcsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mysqlinventime.dll -- (bc_prt_f)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfusvc.dll -- (acdservice)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/04/14 13:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeacoms.exe -- (lxea_device)
SRV - [2010/04/14 13:45:14 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2007/12/11 19:31:04 | 000,808,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2007/12/11 19:31:00 | 000,779,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2007/05/31 00:38:14 | 000,241,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
SRV - [2007/05/25 09:20:48 | 000,356,352 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2007/04/27 20:35:28 | 000,575,064 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2007/04/27 05:53:44 | 000,266,240 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\SoftMon.exe -- (Softmon) LANDesk®
SRV - [2007/04/13 03:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/01/09 12:03:10 | 000,122,880 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe -- (CBA8) LANDesk®
SRV - [2007/01/05 08:18:24 | 000,114,688 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2006/08/14 06:37:32 | 000,086,016 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2006/06/05 12:49:26 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2006/01/20 11:08:24 | 001,089,536 | ---- | M] (iPass) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2006/01/19 19:06:22 | 000,090,112 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPCAgent.exe -- (iPCAgent)
SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2003/11/12 15:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/07/29 08:46:14 | 000,135,242 | R--- | M] (WRQ, Inc.) [On_Demand | Stopped] -- C:\Program Files\Reflection\lpdserv.exe -- (Reflection Line Printer Daemon)
SRV - [2002/04/30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oracle\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | System | Stopped] -- system32\drivers\tsk1.tmp -- (MRxSmb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Rakesh\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\17409645.sys -- (75718378)
DRV - [2011/07/12 10:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011/07/12 10:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 10:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/06/23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/04/13 03:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/01/20 11:31:42 | 012,027,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006/11/14 12:14:04 | 000,073,288 | ---- | M] (Trend Micro Incorporated.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/05/18 14:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 14:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/02/09 02:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/09 02:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2006/01/23 10:49:04 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/11/16 11:57:48 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2005/11/16 11:54:39 | 000,664,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2005/08/18 17:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/07/28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/21 15:07:18 | 000,376,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/07/20 19:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 19:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005/07/01 16:48:34 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2005/07/01 16:48:34 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2005/07/01 16:48:34 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2005/05/17 02:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/04 16:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/01/26 04:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/12/16 22:52:58 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/12/14 13:59:42 | 000,851,341 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mosuport.sys -- (mosuport)
DRV - [2004/10/08 16:02:34 | 000,049,972 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rch.sys -- (Intel Remote Control Helper)
DRV - [2004/09/10 08:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/15 22:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/04/26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/14 18:52:22 | 000,005,632 | R--- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/12/17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/10/07 12:42:40 | 000,067,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/04/23 16:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atisgkaf.SYS -- (caboagp)
DRV - [2002/09/20 11:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2361: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Rakesh\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Rakesh\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Rakesh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Rakesh\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 19:34:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/21 21:54:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{88319AAC-9490-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Rakesh\Local Settings\Application Data\{88319AAC-9490-11E1-826D-B8AC6F996F26}\ [2012/05/02 12:55:24 | 000,000,000 | ---D | M]

[2011/05/14 22:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rakesh\Application Data\Mozilla\Extensions
[2012/05/01 16:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rakesh\Application Data\Mozilla\Firefox\Profiles\o7xicm7t.default\extensions
[2012/03/18 19:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/15 18:30:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/18 19:40:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/05/02 12:55:24 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\RAKESH\LOCAL SETTINGS\APPLICATION DATA\{88319AAC-9490-11E1-826D-B8AC6F996F26}
[2012/03/18 19:34:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/18 19:39:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 18:26:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/19 18:01:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/02 21:18:36 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe (Courion Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SDClientMonitor] C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe (LANDesk Software, Ltd.)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKCU..\Run: [AV Protection 2012] C:\Documents and Settings\Rakesh\Application Data\AV Protection 2012\AntivirusProtection2012.exe (VarenSoft)
O4 - HKCU..\Run: [Kecoro] C:\Documents and Settings\Rakesh\Application Data\Utbu\ovogf.exe ()
O4 - Startup: C:\Documents and Settings\Rakesh\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Rakesh\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: employee.com ([t-mobile] https in Trusted sites)
O15 - HKLM\..Trusted Domains: gsm1900.org ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: t-mobile.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: tmomail.net ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: voicestream.com ([]* in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gsm1900.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52FD0316-3774-471E-9DAF-EF486DD48700}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (ginastub.dll) - C:\WINDOWS\System32\ginastub.dll (Courion Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/15 10:55:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Xyz777s - %systemroot%\system32\rnadiagnosticsservice.dll File not found
NetSvcs: s3savagemx - %systemroot%\system32\symwsc.dll File not found
NetSvcs: MTsensor - %systemroot%\system32\GameConsoleService.dll File not found
NetSvcs: msftpsvc - %systemroot%\system32\Memctl.dll File not found
NetSvcs: acdservice - %systemroot%\system32\sfusvc.dll File not found
NetSvcs: REVOSENS - File not found
NetSvcs: LXARScan - %systemroot%\system32\atiavaiw.dll File not found
NetSvcs: R300 - %systemroot%\system32\bc_tdi_f.dll File not found
NetSvcs: mwsarcpkt - %systemroot%\system32\ASDR.dll File not found
NetSvcs: lvprcsrv - %systemroot%\system32\ROCKEYNT.dll File not found
NetSvcs: bc_prt_f - %systemroot%\system32\mysqlinventime.dll File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/05/05 22:43:59 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rakesh\Desktop\OTL.exe
[2012/05/05 22:39:21 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rakesh\Desktop\aswMBR.exe
[2012/05/05 13:47:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rakesh\My Documents\My Videos
[2012/05/05 13:47:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rakesh\Start Menu\Programs\Administrative Tools
[2012/05/05 13:36:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rakesh\Desktop\dds.scr
[2012/05/03 22:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/05/03 20:28:46 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\FixExec.com
[2012/05/02 20:25:51 | 010,063,024 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rakesh\Desktop\mbam-setup.exe
[2012/05/02 20:19:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/02 20:17:19 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rakesh\Desktop\tdsskiller.exe
[2012/05/02 13:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Start Menu\Programs\Smart Fortress 2012
[2012/05/02 12:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\529C53690004660E69E5EBA92830AC72
[2012/05/02 12:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Start Menu\Programs\AV Protection 2012
[2012/05/02 12:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Application Data\AV Protection 2012
[2012/05/02 12:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\{88319AAC-9490-11E1-826D-B8AC6F996F26}
[2012/05/02 12:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\Identities
[2012/05/02 12:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Application Data\Itkya
[2012/05/02 12:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Application Data\Apbi
[2012/05/02 12:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WMI
[2012/05/02 12:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Application Data\Uflo
[2012/05/02 12:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Application Data\Xuibim
[2012/05/02 12:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Application Data\Utbu
[2012/05/02 12:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Application Data\Ilve
[2012/04/17 16:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\Application Data\AdobeUM
[2012/04/17 16:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rakesh\My Documents\My eBooks
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/05 22:44:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rakesh\Desktop\OTL.exe
[2012/05/05 22:43:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Rakesh\Desktop\MBR.dat
[2012/05/05 22:39:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rakesh\Desktop\aswMBR.exe
[2012/05/05 22:39:02 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1292428093-839522115-1003UA.job
[2012/05/05 22:32:23 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2012/05/05 22:31:27 | 000,408,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/05 22:31:27 | 000,064,302 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/05 22:28:46 | 000,000,467 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2012/05/05 22:27:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/05 22:27:15 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2012/05/05 22:27:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/05 14:39:33 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1292428093-839522115-1003Core.job
[2012/05/05 13:53:44 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Rakesh\Desktop\sqcbcr5b.exe
[2012/05/05 13:36:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rakesh\Desktop\dds.scr
[2012/05/05 00:11:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/05 00:11:09 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/03 23:16:16 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Rakesh\defogger_reenable
[2012/05/03 23:14:07 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Rakesh\Desktop\Defogger.exe
[2012/05/03 22:42:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rakesh\Desktop\KillBox.exe
[2012/05/03 20:53:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/03 20:46:36 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Rakesh\Desktop\iExplore.exe
[2012/05/02 22:49:52 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\FixExec.com
[2012/05/02 21:18:36 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/02 21:08:56 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Rakesh\Desktop\hosts-perm.bat
[2012/05/02 20:26:10 | 010,063,024 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rakesh\Desktop\mbam-setup.exe
[2012/05/02 20:14:48 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rakesh\Desktop\tdsskiller.exe
[2012/05/02 20:13:51 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/05/02 12:55:27 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\Rakesh\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Protection 2012.lnk
[2012/05/02 12:54:10 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Rakesh\uz.dat
[2012/04/23 14:33:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/05 22:43:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Rakesh\Desktop\MBR.dat
[2012/05/05 13:53:44 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Rakesh\Desktop\sqcbcr5b.exe
[2012/05/03 23:15:46 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Rakesh\defogger_reenable
[2012/05/03 23:14:05 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Rakesh\Desktop\Defogger.exe
[2012/05/03 22:42:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rakesh\Desktop\KillBox.exe
[2012/05/02 21:14:38 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Rakesh\Desktop\hosts-perm.bat
[2012/05/02 12:55:58 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/05/02 12:55:27 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\Rakesh\Start Menu\Programs\AV Protection 2012.lnk
[2012/05/02 12:55:27 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\Rakesh\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Protection 2012.lnk
[2012/05/02 12:54:10 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Rakesh\uz.dat
[2012/04/23 21:14:28 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/02 20:12:24 | 000,006,134 | -HS- | C] () -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\2d63yw5u88q858
[2011/12/02 20:12:24 | 000,006,134 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2d63yw5u88q858
[2011/10/21 22:44:20 | 000,030,216 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/27 21:01:17 | 000,013,246 | -HS- | C] () -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\t656p5fd0qyo14a4u3x3f8l6nplu
[2011/07/27 21:01:17 | 000,013,246 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t656p5fd0qyo14a4u3x3f8l6nplu
[2011/07/27 21:01:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xbdh.exe
[2011/07/27 21:01:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\vxqj.exe
[2011/07/27 21:01:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vjyo.exe
[2011/07/27 21:01:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\taaa.exe
[2011/07/27 21:01:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\lflo.exe
[2011/07/27 21:01:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\ersg.exe
[2011/07/27 21:01:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dxfl.exe
[2011/06/27 14:41:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/15 21:31:45 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2011/06/15 21:31:45 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2011/06/15 21:31:43 | 012,027,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2011/06/15 21:31:42 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2011/06/15 21:31:42 | 000,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2011/06/15 18:31:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/10 15:47:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeavs.dll
[2011/06/10 15:46:56 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoin.dll
[2011/06/10 15:46:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeagcfg.dll
[2011/06/10 15:46:39 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeacui.dll
[2011/06/10 15:46:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeacuir.dll
[2011/06/10 15:42:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxearwrd.ini
[2011/06/10 15:42:07 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEAinst.dll
[2011/06/10 15:42:06 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEAhcp.dll
[2011/06/10 15:42:05 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeausb1.dll
[2011/06/10 15:42:05 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeainpa.dll
[2011/06/10 15:42:05 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaiesc.dll
[2011/06/10 15:42:04 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaserv.dll
[2011/06/10 15:42:03 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeapmui.dll
[2011/06/10 15:42:03 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxealmpm.dll
[2011/06/10 15:42:02 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeains.dll
[2011/06/10 15:42:02 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeainsb.dll
[2011/06/10 15:42:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeainsr.dll
[2011/06/10 15:42:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeajswr.dll
[2011/06/10 15:42:01 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeahbn3.dll
[2011/06/10 15:42:01 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeaih.exe
[2011/06/10 15:42:00 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeacu.dll
[2011/06/10 15:42:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeagrd.dll
[2011/06/10 15:42:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeacub.dll
[2011/06/10 15:42:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeacur.dll
[2011/06/10 15:41:59 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomc.dll
[2011/06/10 15:41:59 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacoms.exe
[2011/06/10 15:41:59 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacomm.dll
[2011/06/10 15:41:58 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeacfg.exe
[2011/06/10 15:41:08 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEAsm.dll
[2011/06/10 15:41:08 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEAsmr.dll
[2011/05/15 01:41:49 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Rakesh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 20:19:11 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE

========== LOP Check ==========

[2006/07/17 11:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E
[2012/05/02 12:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C53690004660E69E5EBA92830AC72
[2011/06/11 12:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2007/07/11 13:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICAClient
[2011/06/10 22:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark S300-S400 Series
[2005/12/19 11:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LPDLPR
[2006/07/13 16:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo
[2006/01/11 18:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2005/11/21 16:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflection
[2006/02/16 20:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2007/06/15 12:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/05/05 22:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/05/15 00:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/02 12:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Apbi
[2012/05/02 12:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\AV Protection 2012
[2012/04/27 22:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Azureus
[2012/05/05 22:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Dropbox
[2007/07/11 13:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\ICAClient
[2012/05/02 12:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Ilve
[2012/03/19 22:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\InterVideo
[2012/05/02 12:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Itkya
[2011/09/04 23:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\TP
[2012/05/02 21:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Uflo
[2012/05/02 12:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Utbu
[2012/05/02 12:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Xuibim

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >
[2006/07/17 11:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E
[2012/05/02 12:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C53690004660E69E5EBA92830AC72
[2011/09/05 21:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/06/11 12:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/10/17 22:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/05/15 00:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/10/29 13:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2007/07/11 13:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICAClient
[2011/06/10 22:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark S300-S400 Series
[2005/12/19 11:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LPDLPR
[2011/06/21 20:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/07/13 16:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo
[2006/05/11 15:34:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/01/11 18:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2010/04/14 10:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2005/11/21 16:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflection
[2006/02/16 20:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2011/06/15 18:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/06/23 13:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/14 22:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2005/11/15 14:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/06/15 12:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/05/05 22:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2005/11/15 11:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/09/20 10:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2011/05/15 00:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2011/07/27 21:01:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dxfl.exe
[2011/07/27 21:01:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vjyo.exe
[2011/07/27 21:01:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xbdh.exe
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2011/10/21 21:20:09 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.0.142\SetupAdmin.exe
[2012/04/23 21:13:59 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2002/07/29 08:45:46 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Reflection\nopenico.exe
[2005/04/05 12:08:32 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\Message.exe
[2005/04/05 12:17:26 | 000,079,504 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\setup.exe
[2005/01/21 22:30:58 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\Message.exe
[2005/01/21 23:32:16 | 000,079,504 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\setup.exe

< %APPDATA%\*. >
[2011/05/19 09:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Adobe
[2012/04/17 16:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\AdobeUM
[2012/05/02 12:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Apbi
[2011/10/21 22:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Apple Computer
[2012/05/02 12:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\AV Protection 2012
[2012/04/27 22:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Azureus
[2012/05/05 22:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Dropbox
[2007/07/11 13:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\ICAClient
[2011/05/14 21:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Identities
[2012/05/02 12:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Ilve
[2011/06/15 21:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\InstallShield
[2012/03/19 22:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\InterVideo
[2012/05/02 12:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Itkya
[2011/05/14 22:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Macromedia
[2011/06/21 20:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Malwarebytes
[2011/09/23 19:40:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Rakesh\Application Data\Microsoft
[2012/04/03 14:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Mozilla
[2011/11/22 11:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Real
[2011/06/23 14:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Skype
[2011/06/23 13:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\skypePM
[2011/05/14 22:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Sun
[2011/09/04 23:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\TP
[2012/05/02 21:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Uflo
[2012/05/02 12:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Utbu
[2011/09/30 19:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\vlc
[2011/05/16 12:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\WinRAR
[2012/05/02 12:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rakesh\Application Data\Xuibim
[2011/06/11 12:34:08 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Rakesh\Application Data\yahoo!

< %APPDATA%\*.exe /s >
[2012/05/02 11:02:57 | 002,320,896 | ---- | M] (VarenSoft) -- C:\Documents and Settings\Rakesh\Application Data\AV Protection 2012\AntivirusProtection2012.exe
[2011/05/14 23:21:33 | 004,177,856 | ---- | M] () -- C:\Documents and Settings\Rakesh\Application Data\Azureus\plugins\azemp\vuzeplayer.exe
[2011/05/14 21:55:30 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Documents and Settings\Rakesh\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
[2012/04/27 20:44:54 | 009,739,704 | ---- | M] (Vuze Inc.) -- C:\Documents and Settings\Rakesh\Application Data\Azureus\tmp\AZU4271506469708116735.tmp\Vuze_4.7.0.2d_win32.exe
[2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Rakesh\Application Data\Dropbox\bin\Dropbox.exe
[2012/02/14 16:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Rakesh\Application Data\Dropbox\bin\Uninstall.exe
[2011/06/21 14:29:03 | 000,236,544 | ---- | M] () -- C:\Documents and Settings\Rakesh\Application Data\Utbu\ovogf.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/11/15 02:19:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/11/15 02:19:15 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/11/15 02:19:14 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/05/02 20:20:13 | 000,453,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

< End of report >



OTL Extras logfile created on: 5/5/2012 10:45:43 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Rakesh\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 60.92% Memory free
4.54 Gb Paging File | 3.99 Gb Available in Paging File | 87.81% Paging File free
Paging file location(s): C:\pagefile.sys 2877 2877 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 15.58 Gb Free Space | 16.73% Space Free | Partition Type: NTFS

Computer Name: TTS-23143E21703 | User Name: Rakesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\LANDesk\LDCLient\AdvanceAgent.exe" = C:\Program Files\LANDesk\LDCLient\AdvanceAgent.exe:*:Enabled:LANDesk Advance Agent
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Program Files\LeechFTP\Leechftp.exe" = C:\Program Files\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent -- (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast -- (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:Common Base Agent -- (LANDesk Software Ltd.)
"C:\LDClient\Wuser32.exe" = C:\LDClient\Wuser32.exe:*:Enabled:Remote Control
"C:\LDClient\tmcsvc.exe" = C:\LDClient\tmcsvc.exe:*:Enabled:Targeted Multicasting
"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\PSPad\PSPad.exe" = C:\Program Files\PSPad\PSPad.exe:*:Enabled:PSPad editor -- (Prog-Soft s.r.o.)
"C:\Program Files\Nokia\NED 5.3\Javasoft\JRE\bin\NED53J.exe" = C:\Program Files\Nokia\NED 5.3\Javasoft\JRE\bin\NED53J.exe:*:Enabled:NED53J
"C:\Program Files\Nokia\NED 5.2\Javasoft\JRE\1.3.1_04\bin\NED52J.exe" = C:\Program Files\Nokia\NED 5.2\Javasoft\JRE\1.3.1_04\bin\NED52J.exe:*:Enabled:NED52J
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:CBA -- Message System -- (LANDesk Software Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module -- (Yahoo! Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\WINDOWS\system32\lxeacoms.exe" = C:\WINDOWS\system32\lxeacoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Documents and Settings\Rakesh\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Rakesh\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{127060BE-182D-491A-8C13-167BC8189C6F}" = Agilent E6474A
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2F221920-DB3B-4A74-A010-26ABDBA07AC2}" = SMS Advanced Client
"{309AFCC1-C343-40A0-B23A-568073036409}" = MapInfo Professional 8.0
"{32103A2A-ED13-4913-ABF9-BD5FF67F1D93}" = MDAC 2.8
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32A3C2BF-F2F2-470F-B091-4A62E2162B16}" = Flash Player 9.0.16
"{332C4D4B-E595-405D-9C32-26AC38464BC3}" = Identity Management Suite DIRECT!
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40C2D00A-9235-4EA2-8AB9-2CAB7A842B49}" = Skill Builder DX
"{449EA334-C3F0-4E54-AAFF-6FCBC3F9A1DE}" = SnagIt 6
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk® Common Base Agent 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{7098b27b-c254-44ff-ad8e-c9c8fa94e36d}" = Local OMT R30_4
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = ENVISION V-CAM
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E85840D-3E9C-456F-896A-417982F344D7}" = iPassConnect
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{807B1E65-FF69-4170-A835-E4B2C8A1D389}" = WRQ Reflection X 10.0
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006 with GPS Locator
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{993E0D64-AB90-4338-9AE7-CA3CD27999C4}" = WIND Tunnel
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B360F766-73DA-4474-AE50-D5EBD227C72A}" = LANDesk Advance Agent
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA1A15DD-4663-4B0C-A64E-17604E0FC52D}" = Aqua Data Studio 4.5
"{C39F243A-8D14-499A-A8F5-16019C1F71F7}" = AR System User 6.00.01.1373
"{C938C876-25C0-40B4-B20B-25D454C68C27}" = WIND Catcher
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D88A7919-C81E-4F6A-8B77-D1B2E42EE0CD}" = One Button
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"23C892DBF52DDAF3C9BD2BB6E9805E79FCD09A67" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"8461-7759-5462-8226" = Vuze
"A2E63BDAC649E514867CB43CE0B4F9DB111206C2" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"AC3Filter" = AC3Filter (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced PDF Password Recovery Pro" = Advanced PDF Password Recovery Pro
"Advanced VBA Password Recovery PRO" = Advanced VBA Password Recovery PRO
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ALEX 4.1" = Active Library Explorer 4.1
"ALEX 8.1" = Active Library Explorer 8.1
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Broadcom 802.11 Application" = Broadcom Wireless Utility
"BSPlayer1" = BSPlayer
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Google Desktop" = Google Desktop
"InstallShield_{127060BE-182D-491A-8C13-167BC8189C6F}" = Agilent E6474A
"InterActual Player" = InterActual Player
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MapBasic 8.0" = MapBasic 8.0
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"OfficeScanNT" = Trend Micro OfficeScan Client
"PL/SQL Developer [80687277]" = PL/SQL Developer
"PSPad editor_is1" = PSPad editor
"RealPlayer 6.0" = RealPlayer
"SmartFTP Client 2.0 (x64) Setup Files" = SmartFTP Client Setup Files 2.0 (x64) (remove only)
"SnagIt32" = SnagIt32 v4.3
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"USB Compound Device" = USB Compound Device
"VLC media player" = VLC media player 1.1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2012 1:58:45 AM | Computer Name = TTS-23143E21703 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 5/5/2012 3:28:44 AM | Computer Name = TTS-23143E21703 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 5/5/2012 4:30:17 PM | Computer Name = TTS-23143E21703 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 5/5/2012 4:30:17 PM | Computer Name = TTS-23143E21703 | Source = UserInit | ID = 1000
Description = Could not execute the following script contractorstartup.bat. The
system cannot find the file specified. .

Error - 5/5/2012 4:31:19 PM | Computer Name = TTS-23143E21703 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x80070836). The workstation driver is not installed. Enrollment
will not be performed.

Error - 5/5/2012 6:03:36 PM | Computer Name = TTS-23143E21703 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 5/5/2012 7:52:36 PM | Computer Name = TTS-23143E21703 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 5/6/2012 1:27:24 AM | Computer Name = TTS-23143E21703 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 5/6/2012 1:27:34 AM | Computer Name = TTS-23143E21703 | Source = UserInit | ID = 1000
Description = Could not execute the following script contractorstartup.bat. The
system cannot find the file specified. .

Error - 5/6/2012 1:28:28 AM | Computer Name = TTS-23143E21703 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x80070836). The workstation driver is not installed. Enrollment
will not be performed.

[ System Events ]
Error - 5/6/2012 1:27:39 AM | Computer Name = TTS-23143E21703 | Source = Service Control Manager | ID = 7023
Description = The Spcflt service terminated with the following error: %%126

Error - 5/6/2012 1:27:39 AM | Computer Name = TTS-23143E21703 | Source = Service Control Manager | ID = 7023
Description = The Compaq_rba service terminated with the following error: %%126

Error - 5/6/2012 1:27:39 AM | Computer Name = TTS-23143E21703 | Source = Service Control Manager | ID = 7023
Description = The Zumbus service terminated with the following error: %%126

Error - 5/6/2012 1:27:39 AM | Computer Name = TTS-23143E21703 | Source = Service Control Manager | ID = 7023
Description = The AEAudioService service terminated with the following error: %%126

Error - 5/6/2012 1:27:39 AM | Computer Name = TTS-23143E21703 | Source = Service Control Manager | ID = 7023
Description = The SE26mgmt service terminated with the following error: %%126

Error - 5/6/2012 1:27:39 AM | Computer Name = TTS-23143E21703 | Source = Service Control Manager | ID = 7023
Description = The SRS_SSCFilter service terminated with the following error: %%126

Error - 5/6/2012 1:27:39 AM | Computer Name = TTS-23143E21703 | Source = Service Control Manager | ID = 7023
Description = The Inotask service terminated with the following error: %%126

Error - 5/6/2012 1:27:39 AM | Computer Name = TTS-23143E21703 | Source = Service Control Manager | ID = 7023
Description = The Smapint service terminated with the following error: %%126

Error - 5/6/2012 1:27:39 AM | Computer Name = TTS-23143E21703 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MRxSmb

Error - 5/6/2012 1:27:41 AM | Computer Name = TTS-23143E21703 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.


< End of report >

Attached Files



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 PM

Posted 06 May 2012 - 11:57 AM

Hello,

Please run the following and post there logs.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 06 May 2012 - 10:57 PM

Please see requested logs.

The computer has av protection in quick launch.

Attached Files



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 PM

Posted 06 May 2012 - 11:35 PM

Hello,

1.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder::
c:\documents and settings\Rakesh\Application Data\Apbi
c:\documents and settings\Rakesh\Application Data\Uflo
c:\documents and settings\Rakesh\Application Data\Xuibim
c:\documents and settings\Rakesh\Application Data\Utbu
c:\documents and settings\All Users\Application Data\529C53690004660E69E5EBA92830AC72

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kecoro"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-

Driver::
75718378


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


Things to include in your next reply::
Combofix.txt
MBAM log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 08 May 2012 - 12:31 AM

hi, please see requested logs.
On computer restart the AV protection pop up does not show, but still have that on the quick launch.

Attached Files



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 PM

Posted 09 May 2012 - 09:34 PM

hi, please see requested logs.
On computer restart the AV protection pop up does not show, but still have that on the quick launch.

Can you please right click on that icon and see what if any options it gives you. Don't do any of them just trying to see whats going on.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 May 2012 - 10:13 PM

Hello,
It gives me normal windows right click options such as "Run As", "Add to Archive",cut,copy create shortcut etc.

Thanks.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 PM

Posted 10 May 2012 - 04:48 PM

Does it give you the option to delete it?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 10 May 2012 - 10:20 PM

Hi,
Yes it gave me that option and i deleted it and it went to recycle bin.

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 PM

Posted 11 May 2012 - 04:48 PM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Things to include in your next reply::
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 nirvanaandy

nirvanaandy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 12 May 2012 - 10:00 PM

Hi,

The ESET online scanner gives below error.
"can not get update. Is Proxy configured?"

Please advise. I am using FireFox.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:43 PM

Posted 13 May 2012 - 10:18 AM

We will skip Eset for now. Please try the following.


Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users