TechSpot

Applications crashing often after running superantispyware

By niteshsingh_007
Jan 21, 2011
  1. Hi,

    I have been noticing crash of many applications in my laptop. I bought this laptop around 3 months back. Everything was fine and stable till I ran SuperAntiSpyware and cleaned the adware cookies. I also did latest windows updates. I am noticing following applications being hanged often and spoiling the whole experience.
    1. Google Chrome
    2. VLC media player
    3. Windows Update (does not start)
    4. In control pannel, (link "View network status and task" doesn't start)
    5. Few applications randomly crash at the startup

    Is there is virus, worm in my pc. AntiMalwareByte didn't report anything.

    Thanks a ton for helping.

    [HJT log removed - Broni]
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    Hi,

    I ran virus scan and did not find any issue.

    When I started running TFC (step 2), the application is crashing every time. Attaching the screenshot.
    TFC_Crash.jpg
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Skip it for now.
     
  5. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    I managed to run TFC.exe after several attempts. I am continuing with the next steps.

    FYI, event viewer displays following message when any program crashes.

    Faulting application name: TFC.exe, version: 3.1.7.0, time stamp: 0x2a425e19
    Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
    Exception code: 0xc0000005
    Fault offset: 0x0003b3d3
    Faulting process id: 0xa4c
    Faulting application start time: 0x01cbba5aa7f81a68
    Faulting application path: E:\Downloads\TFC.exe
    Faulting module path: C:\windows\SysWOW64\ntdll.dll
    Report Id: e7f2fa8c-264d-11e0-9bc9-c80aa9dbdeae
     
  6. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Malware completed in second attempt. It crashed in first attempt.

    Event Viewer log:
    Faulting application name: mbam.exe, version: 1.50.1.3, time stamp: 0x4d0fe807
    Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
    Exception code: 0xc0000005
    Fault offset: 0x0003b1c0
    Faulting process id: 0xabc
    Faulting application start time: 0x01cbba5d009865fc
    Faulting application path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    Faulting module path: C:\windows\SysWOW64\ntdll.dll
    Report Id: 3ea68947-2650-11e0-8fc2-c80aa9dbdeae

    Malwarebytes' Anti-Malware Log:
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5565

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    22-01-2011 11:25:06 PM
    mbam-log-2011-01-22 (23-25-06).txt

    Scan type: Quick scan
    Objects scanned: 159486
    Time elapsed: 3 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  7. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    Step 4: No log generated by GMER

    Step 5: DDS.txt
    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Nitesh at 0:00:30.45 on 23-01-2011
    Internet Explorer: 9.0.7930.16406
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3892.2092 [GMT 5.5:30]

    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ThreatFire\TFService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
    C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    C:\Program Files (x86)\ThreatFire\TFTray.exe
    C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\Minefield\firefox.exe
    C:\windows\explorer.exe
    C:\windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\Nitesh\Desktop\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
    mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    mRun: [UCam_Menu] "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
    mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
    mRun: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
    mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
    StartupFolder: C:\Users\Nitesh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SynBtnAsst] %ProgramFiles%\Synaptics\SynTP\SynBtnAsst.exe Utility_Window
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
    mRun-x64: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
    mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    mRun-x64: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    mRun-x64: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll

    ================= FIREFOX ===================

    FF - plugin: C:\Users\Nitesh\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\windows\system32\Macromed\Flash\NPSWF64_10_2_161.dll

    ============= SERVICES / DRIVERS ===============

    R?2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-1 136176]
    R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2010-8-29 39008]
    R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2010-10-31 65072]
    R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2010-10-31 59880]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-24 273488]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-17 202752]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-24 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-24 62032]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-16 40384]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-29 13336]
    R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2010-8-29 69568]
    R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2010-8-29 28176]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-5-17 6366720]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-17 186880]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-4 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-12-17 151936]
    R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-5-17 10322848]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-4-19 160880]
    R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\Windows\System32\drivers\jmccgp.sys [2010-8-29 17904]
    R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\Windows\System32\drivers\jmcam.sys [2010-8-29 56688]
    R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\Windows\System32\drivers\jmcam_lo.sys [2010-8-29 31088]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2010-10-31 41888]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
    R3 wdmirror;wdmirror;C:\Windows\System32\drivers\WDMirror.sys [2010-8-29 11280]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-29 2320920]
    S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-10-21 592120]
    S3 Bridge0;Bridge0;C:\Windows\System32\drivers\WDBridge.sys [2010-8-29 79376]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-2-25 53800]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-29 35104]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-30 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-15 38152]
    S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-8-29 509192]
    S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-8-29 575304]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
    S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
    S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2010-12-26 19936]
    S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2010-12-26 13280]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-31 1255736]
    S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2011-01-22 18:15:31 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{C5E08BA8-4847-4300-8422-30170DA91143}\mpengine.dll
    2011-01-22 17:01:12 -------- d-----w- C:\windows\pss
    2011-01-22 07:14:46 -------- d-----w- C:\Test
    2011-01-14 05:14:29 -------- d-----w- C:\Users\Nitesh\AppData\Roaming\Cisco
    2011-01-12 18:41:53 720896 ----a-w- C:\windows\System32\odbc32.dll
    2011-01-12 18:41:53 573440 ----a-w- C:\windows\SysWow64\odbc32.dll
    2011-01-12 18:41:53 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-01-12 18:41:52 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-01-12 18:41:52 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-01-12 18:41:52 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-01-12 18:41:52 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-01-12 18:41:51 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-01-12 18:41:51 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-12 18:41:51 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2010-12-26 12:14:23 -------- d-----w- C:\PROGRA~3\Codemasters
    2010-12-26 12:12:01 839680 ----a-w- C:\windows\SysWow64\mkl_vml_p4.dll
    2010-12-26 12:12:01 532480 ----a-w- C:\windows\SysWow64\mkl_vml_p3.dll
    2010-12-26 12:12:01 512000 ----a-w- C:\windows\SysWow64\mkl_vml_def.dll
    2010-12-26 12:12:01 3485696 ----a-w- C:\windows\SysWow64\mkl_p4.dll
    2010-12-26 12:12:00 872448 ----a-w- C:\windows\SysWow64\rapture3d_oal.dll
    2010-12-26 12:12:00 2793472 ----a-w- C:\windows\SysWow64\mkl_p3.dll
    2010-12-26 12:12:00 2441216 ----a-w- C:\windows\SysWow64\mkl_def.dll
    2010-12-26 12:12:00 2174976 ----a-w- C:\windows\SysWow64\mkl_lapack32.dll
    2010-12-26 12:12:00 2125824 ----a-w- C:\windows\SysWow64\mkl_lapack64.dll
    2010-12-26 12:12:00 184320 ----a-w- C:\windows\SysWow64\libguide40.dll
    2010-12-26 11:52:05 -------- d-----w- C:\Program Files (x86)\Codemasters
    2010-12-26 11:45:54 255552 ----a-w- C:\windows\SysWow64\drivers\mcdbus.sys
    2010-12-26 11:45:54 255552 ----a-w- C:\windows\System32\drivers\mcdbus.sys
    2010-12-26 11:45:53 -------- d-----w- C:\Program Files (x86)\MagicDisc
    2010-12-26 08:44:36 801352 ----a-w- C:\windows\System32\pwNative.exe
    2010-12-26 08:44:36 19936 ------w- C:\windows\System32\pwdrvio.sys
    2010-12-26 08:44:18 13280 ------w- C:\windows\System32\pwdspio.sys
    2010-12-24 17:09:43 -------- d-----w- C:\Users\Nitesh\AppData\Local\Cisco
    2010-12-24 17:06:42 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
    2010-12-24 17:06:42 -------- d-----w- C:\Program Files (x86)\Cisco Systems
    2010-12-24 17:04:54 -------- d-----w- C:\PROGRA~3\Cisco
    2010-12-23 20:10:35 62032 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
    2010-12-23 20:09:39 38848 ----a-w- C:\windows\avastSS.scr
    2010-12-23 20:09:35 -------- d-----w- C:\PROGRA~3\Alwil Software
    2010-12-23 19:53:49 -------- d-----w- C:\Users\Nitesh\AppData\Roaming\SUPERAntiSpyware.com
    2010-12-23 19:53:49 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
    2010-12-23 19:53:07 -------- d-----w- C:\PROGRA~3\!SASCORE
    2010-12-23 19:53:05 -------- d-----w- C:\Program Files\SUPERAntiSpyware

    ==================== Find3M ====================

    2010-12-26 12:11:41 466520 ----a-w- C:\windows\System32\wrap_oal.dll
    2010-12-26 12:11:41 445016 ----a-w- C:\windows\SysWow64\wrap_oal.dll
    2010-12-26 12:11:41 122968 ----a-w- C:\windows\System32\OpenAL32.dll
    2010-12-26 12:11:41 109144 ----a-w- C:\windows\SysWow64\OpenAL32.dll
    2010-12-20 12:38:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
    2010-11-09 03:55:57 1502208 ----a-w- C:\windows\System32\inetcpl.cpl
    2010-11-09 03:52:06 2381824 ----a-w- C:\windows\System32\mshtml.tlb
    2010-11-02 05:21:51 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
    2010-11-02 05:18:59 662528 ----a-w- C:\windows\System32\XpsPrint.dll
    2010-11-02 05:18:59 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
    2010-11-02 05:18:58 470016 ----a-w- C:\windows\System32\XpsGdiConverter.dll
    2010-11-02 05:18:33 1137664 ----a-w- C:\windows\System32\FntCache.dll
    2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
    2010-11-02 05:18:05 1544192 ----a-w- C:\windows\System32\DWrite.dll
    2010-11-02 05:17:48 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
    2010-11-02 05:17:48 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
    2010-11-02 05:17:47 902656 ----a-w- C:\windows\System32\d2d1.dll
    2010-11-02 05:17:47 197120 ----a-w- C:\windows\System32\d3d10_1.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
    2010-11-02 04:59:08 144384 ----a-w- C:\windows\System32\cdd.dll
    2010-11-02 04:41:36 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
    2010-11-02 04:41:36 283648 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
    2010-11-02 04:41:36 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
    2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
    2010-11-02 04:26:00 1076736 ----a-w- C:\windows\SysWow64\DWrite.dll
    2010-11-02 04:25:43 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
    2010-11-02 04:25:43 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
    2010-11-02 04:25:43 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
    2010-11-02 04:25:42 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
    2010-11-02 02:50:58 258048 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
    2010-11-01 23:03:02 1448448 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2010-11-01 22:59:07 2381824 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2010-10-30 17:54:17 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
    2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll

    ============= FINISH: 0:05:04.72 ===============
     
  8. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    Attach.txt


    ==== Installed Programs ======================


    ĀµTorrent
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.4.1
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    avast! Free Antivirus
    Bing Bar
    Bing Bar Platform
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco AnyConnect VPN Client
    Cisco IP Communicator 7.0.3
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Corel Graphics - Windows Shell Extension
    CorelDRAW Graphics Suite X5
    CorelDRAW Graphics Suite X5 - Capture
    CorelDRAW Graphics Suite X5 - Common
    CorelDRAW Graphics Suite X5 - Connect
    CorelDRAW Graphics Suite X5 - Custom Data
    CorelDRAW Graphics Suite X5 - Draw
    CorelDRAW Graphics Suite X5 - EN
    CorelDRAW Graphics Suite X5 - Filters
    CorelDRAW Graphics Suite X5 - FontNav
    CorelDRAW Graphics Suite X5 - IPM
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    CorelDRAW Graphics Suite X5 - Photozoom Plugin
    CorelDRAW Graphics Suite X5 - Redist
    CorelDRAW Graphics Suite X5 - Setup Files
    CorelDRAW Graphics Suite X5 - VBA
    CorelDRAW Graphics Suite X5 - VideoBrowser
    CorelDRAW Graphics Suite X5 - VSTA
    CorelDRAW Graphics Suite X5 - WT
    CorelDRAW(R) Graphics Suite X5
    CyberLink YouCam
    D3DX10
    DiRT2
    Energy Management
    Feedback Tool
    Fences
    Game Booster
    Google Earth
    Google Update Helper
    Grand Theft Auto IV
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    KeatProX 2.1.3.1
    Lenovo DirectShare
    Lenovo EasyCamera
    Lenovo MuteSync
    Lenovo OneKey Recovery
    Lenovo ReadyComm 5
    Lenovo ReadyComm 5.0 Service
    Lenovo SlideNav
    Lenovo SplitScreen
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    MiniTool Partition Wizard Home Edition 5.2
    MSVCRT
    MSVCRT_amd64
    Onekey Theater
    OpenAL
    PDF Settings
    Power2Go
    PowerXpressHybrid
    PX Profile Update
    Rapture3D 2.3.22 Game
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Security Update for CAPICOM (KB931906)
    Spelling Dictionaries Support For Adobe Reader 9
    ThreatFire
    VeriFace
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    VLC media player 1.1.5
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources

    ==== End Of File ===========================
     
  9. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    Just to add, after DDS scan completed, a message popped out.

    "Windows command processor has stopped working"
    Event viewer again displays same dll file as faulting module path.

    Faulting application name: cmd.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc19e
    Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
    Exception code: 0xc0000374
    Fault offset: 0x000cdc9b
    Faulting process id: 0xde4
    Faulting application start time: 0x01cbba6426a0be3d
    Faulting application path: C:\windows\SysWOW64\cmd.exe
    Faulting module path: C:\windows\SysWOW64\ntdll.dll
    Report Id: 6544d839-2657-11e0-93ea-c80aa9dbdeae

    Is the file corrupted? Thank you a lot for the help.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    A single error is usually meaningless. Don't worry about it.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Lenovo
    BIOS Manufacturer: LENOVO
    System Manufacturer: LENOVO
    System Product Name: IdeaPad Y560
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 176):
    0x0361D000 \SystemRoot\system32\ntoskrnl.exe
    0x03BF9000 \SystemRoot\system32\hal.dll
    0x00B9F000 \SystemRoot\system32\kdcom.dll
    0x00CDF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D23000 \SystemRoot\system32\PSHED.dll
    0x00D37000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E1E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EC2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00ED1000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F28000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F31000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F3B000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F6E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F7B000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F90000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00F99000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FA5000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D95000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FBA000 \SystemRoot\System32\drivers\mountmgr.sys
    0x010C3000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x012CD000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x012D6000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01300000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x0130B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x0131B000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01326000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01372000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01386000 \SystemRoot\system32\drivers\TfFsMon.sys
    0x0139A000 \SystemRoot\system32\drivers\TfSysMon.sys
    0x01420000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015C2000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01613000 \SystemRoot\System32\Drivers\cng.sys
    0x01686000 \SystemRoot\System32\drivers\pcw.sys
    0x01697000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016A1000 \SystemRoot\system32\drivers\ndis.sys
    0x01793000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0105E000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x013AB000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017F3000 \SystemRoot\System32\Drivers\spldr.sys
    0x01089000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01600000 \SystemRoot\System32\Drivers\mup.sys
    0x015DC000 \SystemRoot\System32\DRIVERS\LhdX64.sys
    0x015EA000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x018A1000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x018DB000 \SystemRoot\system32\DRIVERS\disk.sys
    0x018F1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x0425F000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x04289000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x042BA000 \SystemRoot\System32\Drivers\Null.SYS
    0x042C3000 \SystemRoot\System32\Drivers\Beep.SYS
    0x042CA000 \SystemRoot\System32\drivers\vga.sys
    0x042D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x042FD000 \SystemRoot\System32\drivers\watchdog.sys
    0x0430D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x04316000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0431F000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x04328000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04333000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02C01000 \SystemRoot\System32\drivers\tcpip.sys
    0x04344000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0438E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x043AC000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x043B9000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x0192F000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x01974000 \SystemRoot\system32\drivers\afd.sys
    0x043C9000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x043D3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x04000000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04026000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x043DC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x01800000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x043EB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0181B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x01825000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x0182F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x01880000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0188C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x01400000 \SystemRoot\System32\drivers\discache.sys
    0x00FD4000 \SystemRoot\System32\Drivers\dfsc.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
    0x0140F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03A1D000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x03A66000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03A8C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x048E9000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x05600000 \SystemRoot\system32\DRIVERS\igdpmd64.sys
    0x03AC0000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04F4D000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x05FD9000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x05FEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04F93000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04824000 \SystemRoot\system32\DRIVERS\jmcr.sys
    0x0484F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x06428000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
    0x06B88000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x06B95000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
    0x06400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x06BE6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0487E000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x06BF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x048D1000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04FE9000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
    0x03BB4000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x03BDA000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x06BF7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0641E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x03BF0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x044B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x044DA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x044E6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04515000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04530000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04551000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0456B000 \SystemRoot\system32\DRIVERS\WDMirror.sys
    0x04572000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0x045AF000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x045B1000 \SystemRoot\system32\DRIVERS\ks.sys
    0x04400000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04412000 \SystemRoot\system32\DRIVERS\WDKMD.sys
    0x04422000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0447C000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x07AD0000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x07D11000 \SystemRoot\system32\drivers\portcls.sys
    0x07D4E000 \SystemRoot\system32\drivers\drmk.sys
    0x07D70000 \SystemRoot\system32\drivers\ksthunk.sys
    0x07D76000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x07D84000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x07D9D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x07DA6000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x07A00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x07A0E000 \SystemRoot\system32\DRIVERS\jmccgp.sys
    0x07A11000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x07A3B000 \SystemRoot\System32\Drivers\jmcam_lo.sys
    0x07A41000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x07A6F000 \SystemRoot\System32\Drivers\jmcam.sys
    0x00050000 \SystemRoot\System32\win32k.sys
    0x07A7C000 \SystemRoot\System32\drivers\Dxapi.sys
    0x07A88000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0403C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x07A96000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x07AA9000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005E0000 \SystemRoot\System32\TSDDD.dll
    0x007A0000 \SystemRoot\System32\cdd.dll
    0x00820000 \SystemRoot\System32\ATMFD.DLL
    0x04491000 \SystemRoot\system32\drivers\luafv.sys
    0x02206000 \??\C:\windows\system32\drivers\aswMonFlt.sys
    0x02240000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x02249000 \SystemRoot\system32\drivers\WudfPf.sys
    0x0226A000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0227F000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x022D2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x022E5000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02301000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x0230B000 \SystemRoot\system32\drivers\HTTP.sys
    0x023D3000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07AB7000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0945D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0948A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x094D8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x094FB000 \SystemRoot\system32\drivers\peauth.sys
    0x095A1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x095AC000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x095D9000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x09EC6000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x09F2D000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09FC3000 \??\C:\windows\system32\drivers\TfNetMon.sys
    0x09FD1000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    0x09FE6000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x09E00000 \SystemRoot\system32\drivers\spsys.sys
    0x77890000 \Windows\System32\ntdll.dll
    0x47AA0000 \Windows\System32\smss.exe
    0xFFBB0000 \Windows\System32\apisetschema.dll

    Processes (total 86):
    0 System Idle Process
    4 System
    316 C:\Windows\System32\smss.exe
    508 C:\Windows\System32\csrss.exe
    556 C:\Windows\System32\wininit.exe
    576 C:\Windows\System32\csrss.exe
    612 C:\Windows\System32\services.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    748 C:\Windows\System32\svchost.exe
    856 C:\Windows\System32\svchost.exe
    916 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    960 C:\Windows\System32\atiesrxx.exe
    120 C:\Windows\System32\winlogon.exe
    452 C:\Windows\System32\svchost.exe
    412 C:\Windows\System32\svchost.exe
    476 C:\Windows\System32\svchost.exe
    1092 C:\Windows\System32\audiodg.exe
    1136 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\atieclxx.exe
    1392 C:\Windows\System32\svchost.exe
    1532 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1540 C:\Windows\System32\wlanext.exe
    1548 C:\Windows\System32\conhost.exe
    1928 C:\Windows\System32\dwm.exe
    1940 C:\Windows\explorer.exe
    1692 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    1708 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    1684 C:\Windows\System32\igfxpers.exe
    1696 C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
    1756 C:\Program Files\Microsoft Security Client\msseces.exe
    1736 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    1720 C:\Windows\System32\igfxtray.exe
    1792 C:\Windows\System32\hkcmd.exe
    1316 C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    1268 C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    1996 C:\Program Files (x86)\uTorrent\uTorrent.exe
    696 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    1292 C:\Program Files\Windows Sidebar\sidebar.exe
    1820 C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    2284 C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    2472 C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
    2480 C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    2524 C:\Program Files (x86)\ThreatFire\TFTray.exe
    2540 C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
    2556 C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
    2564 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    2580 C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    2596 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2884 C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    3000 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3060 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3352 C:\Windows\System32\spoolsv.exe
    3392 C:\Windows\System32\svchost.exe
    3424 C:\Windows\System32\taskhost.exe
    3684 C:\Windows\System32\taskeng.exe
    3736 C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
    3508 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    3692 C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    848 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    4016 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2356 C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
    3308 C:\Windows\System32\svchost.exe
    3452 C:\Program Files (x86)\ThreatFire\TFService.exe
    3500 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    4132 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    4160 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    4224 C:\Windows\System32\wbem\WmiPrvSE.exe
    4540 C:\Windows\System32\svchost.exe
    4592 C:\Windows\System32\SearchIndexer.exe
    4696 C:\Windows\System32\wbem\unsecapp.exe
    4864 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    2144 C:\Windows\System32\svchost.exe
    3980 C:\Windows\System32\wbem\unsecapp.exe
    4004 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    5620 C:\Windows\System32\sppsvc.exe
    5332 C:\Program Files\Minefield\firefox.exe
    2248 C:\Program Files\Minefield\plugin-container.exe
    4268 C:\Windows\servicing\TrustedInstaller.exe
    5820 C:\Windows\System32\SearchProtocolHost.exe
    6104 C:\Windows\System32\SearchFilterHost.exe
    5272 C:\Windows\System32\svchost.exe
    6080 C:\Windows\System32\dllhost.exe
    2904 C:\Windows\System32\dllhost.exe
    4632 C:\Users\Nitesh\Desktop\MBRCheck.exe
    1236 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c900000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000069`21e00000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000025`8c22aa00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000BEVT-24A0RT0, Rev: 01.01A02

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  12. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    Combofix was crashing in normal mode. Had to run in safe mode.

    RKILL:
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 23-01-2011 at 10:09:55.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 23-01-2011 at 10:10:01.

    COMBOFIX:

    ComboFix 11-01-22.02 - Nitesh 23-01-2011 10:12:16.1.4 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3892.2974 [GMT 5.5:30]
    Running from: c:\users\Nitesh\Desktop\Nitesh.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\s.bat
    c:\windows\system32\twunk_32.exe
    c:\windows\SysWow64\twunk_32.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
    .

    2011-01-23 04:47 . 2011-01-23 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-23 04:40 . 2011-01-23 04:40 -------- d-----w- C:\32788R22FWJFW
    2011-01-23 04:15 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21D9B69F-48A6-4AB8-B9F5-189F43338861}\mpengine.dll
    2011-01-22 07:14 . 2011-01-22 07:48 -------- d-----w- C:\Test
    2011-01-16 07:22 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-14 05:14 . 2011-01-14 05:14 -------- d-----w- c:\users\Nitesh\AppData\Roaming\Cisco
    2011-01-12 18:41 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-12 18:41 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-12 18:41 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2011-01-12 18:41 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-12 18:41 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-12 18:41 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-12 18:41 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2011-01-12 18:41 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2011-01-12 18:41 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-12 18:41 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2010-12-26 12:14 . 2010-12-26 12:14 -------- d-----w- c:\programdata\Codemasters
    2010-12-26 12:12 . 2009-07-13 13:34 839680 ----a-w- c:\windows\SysWow64\mkl_vml_p4.dll
    2010-12-26 12:12 . 2009-07-13 13:34 532480 ----a-w- c:\windows\SysWow64\mkl_vml_p3.dll
    2010-12-26 12:12 . 2009-07-13 13:34 512000 ----a-w- c:\windows\SysWow64\mkl_vml_def.dll
    2010-12-26 12:12 . 2009-07-13 13:34 3485696 ----a-w- c:\windows\SysWow64\mkl_p4.dll
    2010-12-26 12:12 . 2009-10-16 05:49 872448 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
    2010-12-26 12:12 . 2009-07-13 13:34 2793472 ----a-w- c:\windows\SysWow64\mkl_p3.dll
    2010-12-26 12:12 . 2009-07-13 13:34 2441216 ----a-w- c:\windows\SysWow64\mkl_def.dll
    2010-12-26 12:12 . 2009-07-13 13:34 2174976 ----a-w- c:\windows\SysWow64\mkl_lapack32.dll
    2010-12-26 12:12 . 2009-07-13 13:34 2125824 ----a-w- c:\windows\SysWow64\mkl_lapack64.dll
    2010-12-26 12:12 . 2009-07-13 13:34 184320 ----a-w- c:\windows\SysWow64\libguide40.dll
    2010-12-26 11:52 . 2010-12-26 11:52 -------- d-----w- c:\program files (x86)\Codemasters
    2010-12-26 11:45 . 2009-02-24 13:05 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
    2010-12-26 11:45 . 2009-02-24 13:05 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-12-26 11:45 . 2010-12-26 11:46 -------- d-----w- c:\program files (x86)\MagicDisc
    2010-12-26 08:44 . 2010-08-16 10:01 19936 ------w- c:\windows\system32\pwdrvio.sys
    2010-12-26 08:44 . 2010-08-16 10:01 801352 ----a-w- c:\windows\system32\pwNative.exe
    2010-12-26 08:44 . 2010-08-16 10:01 13280 ------w- c:\windows\system32\pwdspio.sys
    2010-12-24 17:09 . 2010-12-24 17:09 -------- d-----w- c:\users\Nitesh\AppData\Local\Cisco
    2010-12-24 17:06 . 2010-12-24 17:06 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
    2010-12-24 17:06 . 2010-12-24 17:06 -------- d-----w- c:\program files (x86)\Cisco Systems
    2010-12-24 17:04 . 2010-12-24 17:06 -------- d-----w- c:\programdata\Cisco

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-21 15:49 . 2010-12-16 22:17 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2011-01-21 15:49 . 2010-12-11 13:59 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-01-18 18:10 . 2010-12-11 13:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2011-01-17 13:45 . 2010-12-16 22:17 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-01-13 10:20 . 2010-10-28 17:18 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-01-13 08:47 . 2010-12-23 20:09 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-01-13 08:41 . 2010-12-23 20:10 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2010-12-23 20:10 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2010-12-23 20:10 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2010-12-23 20:10 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2010-12-23 20:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-31 20:06 . 2010-12-23 20:09 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-20 12:39 . 2010-12-23 17:17 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-20 12:38 . 2010-12-23 17:17 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-18 00:13 . 2010-12-18 00:14 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A121D0E-9EE4-4B35-A759-E342994B3C37}\gapaengine.dll
    2010-11-10 05:35 . 2010-12-17 23:57 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2010-11-09 03:55 . 2010-11-26 05:30 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-09 03:52 . 2010-11-26 05:31 2381824 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 05:18 . 2010-12-17 01:44 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 05:17 . 2010-12-17 01:44 473600 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 05:17 . 2010-12-17 01:44 1169408 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 05:16 . 2010-12-17 01:44 1114624 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 05:10 . 2010-12-17 01:44 464384 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 05:10 . 2010-12-17 01:44 285696 ----a-w- c:\windows\system32\schtasks.exe
    2010-11-02 04:40 . 2010-12-17 01:44 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2010-11-02 04:40 . 2010-12-17 01:44 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2010-11-02 04:34 . 2010-12-17 01:44 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2010-11-02 04:34 . 2010-12-17 01:44 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2010-11-01 23:03 . 2010-11-26 05:30 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2010-11-01 22:59 . 2010-11-26 05:31 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2010-10-30 17:54 . 2010-10-30 17:54 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2010-10-27 05:06 . 2010-12-17 00:55 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-27 04:32 . 2010-12-17 00:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-11 395640]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-16 2988784]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-02-03 167008]
    "VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2010-08-29 3122528]
    "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
    "UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-05 98304]
    "MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
    "Lenovo SplitScreen"="c:\program files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe" [2010-06-23 778592]
    "Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [2009-12-30 318400]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]

    c:\users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-12-26 576000]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-1-12 1082656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 65072]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59880]
    R1 aswSP;aswSP; [x]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 202752]
    R2 aswFsBlk;aswFsBlk; [x]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
    R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
    R2 Slidebar Notifier Service;Slidebar Notifier Service;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2009-12-30 69568]
    R2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-10-21 592120]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-05-05 6366720]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 186880]
    R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
    R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
    R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
    R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
    R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-05-05 10322848]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-03-26 160880]
    R3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys [2010-02-05 56688]
    R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys [2010-02-05 31088]
    R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
    R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 19936]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 13280]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 41888]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1255736]
    R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
    R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys [2010-02-05 17904]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-17 7680512]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 05:11]

    2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 05:11]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
    @="{771C7324-DA80-49D3-8017-753B0AF60951}"
    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
    2010-08-29 15:09 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynBtnAsst"="%ProgramFiles%\Synaptics\SynTP\SynBtnAsst.exe Utility_Window" [X]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-13 10810912]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-13 2014752]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-05 413720]
    "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-05 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-05 391192]
    "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-03-11 4448704]
    "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-11 7056832]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    FF - ProfilePath - c:\users\Nitesh\AppData\Roaming\Mozilla\Firefox\Profiles\9dh3ri0t.default\
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
    Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
    "AlternateImagePath"=""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"

    [HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"

    [HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\SecuROM\License information*]
    "datasecu"=hex:8f,5e,3f,20,39,23,34,33,1c,77,23,db,43,a9,09,d8,e0,8f,1e,de,af,
    16,84,29,b3,30,9c,af,80,c7,e5,fe,2c,9c,f1,3a,6d,6e,14,17,ae,14,df,f2,c0,cc,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-23 10:18:23
    ComboFix-quarantined-files.txt 2011-01-23 04:48

    Pre-Run: 95,214,084,096 bytes free
    Post-Run: 95,040,360,448 bytes free

    - - End Of File - - 90E0C931632F7D267557A2306EED0230
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You're running two AV programs, Avast and Microsoft Security Essentials.
    One of them has to go.
    Your choice.

    Combofix log looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    While trying uninstalling the Avast, I received following. I will uninstall this in safe mode. And then will go ahead with next scan.

    [Window Title]
    Programs and Features

    [Content]
    An error occurred while trying to uninstall avast! Free Antivirus. It may have already been uninstalled.

    Would you like to remove avast! Free Antivirus from the Programs and Features list?

    [Yes] [No]
     
  15. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    OTL.txt
    =============
    OTL logfile created on: 1/23/2011 2:35:06 PM - Run 1
    OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Nitesh\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.99 Gb Total Space | 88.80 Gb Free Space | 59.20% Space Free | Partition Type: NTFS
    Drive D: | 30.48 Gb Total Space | 20.24 Gb Free Space | 66.42% Space Free | Partition Type: NTFS
    Drive E: | 270.34 Gb Total Space | 208.94 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
    Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 6.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: NKS | User Name: Nitesh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/23 14:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe
    PRC - [2011/01/20 16:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
    PRC - [2010/12/11 23:13:45 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2010/10/21 12:33:58 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2010/08/29 20:39:12 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    PRC - [2010/03/04 01:46:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/03/04 01:46:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/02/04 04:18:12 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
    PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
    PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
    PRC - [2009/12/19 08:22:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    PRC - [2009/11/05 03:15:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/11/05 03:15:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/23 14:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe
    MOD - [2010/10/26 00:44:43 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
    MOD - [2010/08/21 10:51:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFWAH.dll
    MOD - [2009/07/14 06:45:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
    MOD - [2009/07/14 06:45:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
    MOD - [2009/07/14 06:45:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
    MOD - [2009/07/14 06:39:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
    MOD - [2009/06/11 02:53:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/29 23:19:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/05/05 20:55:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/03/05 15:56:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/03/05 15:37:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/03/05 15:36:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/01/12 21:45:24 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/12/30 11:57:00 | 000,069,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe -- (Slidebar Notifier Service)
    SRV:64bit: - [2009/11/17 20:30:54 | 000,575,304 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
    SRV:64bit: - [2009/08/14 19:52:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
    SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/10/31 01:29:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/10/21 12:33:58 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/04 01:46:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
    SRV - [2009/11/05 03:15:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/11/05 03:15:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/07/15 10:57:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
    SRV - [2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
    SRV - [2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
    SRV - [2009/06/11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2010/10/21 12:20:40 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/30 03:51:44 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/08/30 03:51:44 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/08/30 03:47:30 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/08/16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
    DRV:64bit: - [2010/08/16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
    DRV:64bit: - [2010/05/05 21:36:04 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/05/05 20:01:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/05/05 19:28:02 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2010/05/05 19:28:02 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/05/03 16:49:40 | 000,317,488 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/04/16 17:15:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/03/26 12:33:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010/03/18 03:51:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2010/03/04 01:21:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/17 23:53:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 23:53:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/02/05 22:50:32 | 000,056,688 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam.sys -- (JmUsbVideo)
    DRV:64bit: - [2010/02/05 22:21:30 | 000,031,088 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam_lo.sys -- (JmUsbVideo2)
    DRV:64bit: - [2010/02/05 20:53:40 | 000,017,904 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmccgp.sys -- (JmUsbCcgp)
    DRV:64bit: - [2010/01/27 08:35:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2010/01/15 23:38:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
    DRV:64bit: - [2010/01/15 06:21:20 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/01/15 06:21:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/01/15 06:21:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/01/14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
    DRV:64bit: - [2010/01/14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
    DRV:64bit: - [2010/01/14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
    DRV:64bit: - [2009/12/14 13:33:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2009/10/26 10:09:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/10/19 06:10:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV:64bit: - [2009/10/16 09:02:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2009/09/18 02:24:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2009/07/21 19:50:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
    DRV:64bit: - [2009/07/16 17:25:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
    DRV:64bit: - [2009/07/16 09:08:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
    DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/11 02:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/11 02:05:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/07 12:03:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/08/06 18:02:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========



    [2010/10/26 23:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nitesh\AppData\Roaming\Mozilla\Extensions
    [2011/01/22 22:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nitesh\AppData\Roaming\Mozilla\Firefox\Profiles\9dh3ri0t.default\extensions
    File not found (No name found) --
    () (No name found) -- C:\USERS\NITESH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DH3RI0T.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}.XPI
    () (No name found) -- C:\USERS\NITESH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DH3RI0T.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

    O1 HOSTS File: ([2009/06/11 02:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SynBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
    O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
    O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
    O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
    O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 123.176.37.38 123.176.37.37 202.53.8.8
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/11/15 15:22:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2008/10/11 22:33:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
    O32 - AutoRun File - [2009/11/23 17:35:40 | 006,321,456 | R--- | M] (Codemasters Software Co.) - G:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2009/09/28 18:53:06 | 000,000,068 | R--- | M] () - G:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/23 14:14:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe
    [2011/01/23 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\Desktop\ShExView
    [2011/01/23 10:23:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/01/23 10:18:25 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2011/01/23 10:11:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2011/01/23 10:11:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2011/01/23 10:11:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2011/01/23 10:10:59 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2011/01/23 10:10:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/23 10:10:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
    [2011/01/23 10:10:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/01/22 22:31:12 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2011/01/22 12:44:46 | 000,000,000 | ---D | C] -- C:\Test
    [2011/01/16 12:52:19 | 000,237,168 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
    [2011/01/14 10:44:29 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\AppData\Roaming\Cisco
    [2011/01/10 18:27:57 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\Desktop\RUCHY
    [2010/12/26 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
    [2010/12/26 17:44:22 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\Documents\My Games
    [2010/12/26 17:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
    [2010/12/26 17:42:00 | 000,872,448 | ---- | C] (Blue Ripple Sound Limited) -- C:\windows\SysWow64\rapture3d_oal.dll
    [2010/12/26 17:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
    [2010/12/26 17:41:41 | 000,466,520 | ---- | C] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
    [2010/12/26 17:41:41 | 000,445,016 | ---- | C] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
    [2010/12/26 17:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
    [2010/12/26 17:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters
    [2010/12/26 17:16:15 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
    [2010/12/26 17:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
    [2010/12/26 17:15:54 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysWow64\drivers\mcdbus.sys
    [2010/12/26 17:15:54 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysNative\drivers\mcdbus.sys
    [2010/12/26 17:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
    [2010/12/24 22:39:43 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\AppData\Local\Cisco
    [2010/12/24 22:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco IP Communicator
    [2010/12/24 22:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
    [2010/12/24 22:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
    [2010/12/24 22:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
    [2010/12/24 22:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
    [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/23 14:19:20 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/23 14:19:20 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/23 14:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe
    [2011/01/23 14:12:43 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/23 14:11:45 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
    [2011/01/23 14:11:37 | 3061,166,080 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/23 13:47:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/23 12:13:54 | 000,184,900 | ---- | M] () -- C:\Users\Nitesh\Documents\backup_reg.reg
    [2011/01/23 11:45:54 | 000,466,520 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
    [2011/01/23 11:45:54 | 000,445,016 | ---- | M] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
    [2011/01/22 19:18:18 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2011/01/22 19:18:18 | 000,630,560 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2011/01/22 19:18:18 | 000,111,612 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2011/01/16 20:00:22 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
    [2011/01/16 17:07:13 | 000,001,986 | -H-- | M] () -- C:\Users\Nitesh\Documents\Default.rdp
    [2011/01/15 13:39:07 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
    [2011/01/15 13:39:06 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
    [2011/01/13 14:17:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
    [2011/01/09 17:43:32 | 000,004,292 | ---- | M] () -- C:\WirelessDiagLog.csv
    [2010/12/26 17:16:15 | 000,000,993 | ---- | M] () -- C:\Users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    [2010/12/26 17:16:15 | 000,000,957 | ---- | M] () -- C:\Users\Nitesh\Desktop\MagicDisc.lnk
    [2010/12/26 14:21:19 | 000,001,089 | ---- | M] () -- C:\windows\PWCMDLST.BAK
    [2010/12/25 00:10:51 | 002,374,456 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/23 12:13:54 | 000,184,900 | ---- | C] () -- C:\Users\Nitesh\Documents\backup_reg.reg
    [2011/01/23 10:11:05 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
    [2011/01/23 10:11:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2011/01/23 10:11:05 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
    [2011/01/23 10:11:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2011/01/23 10:11:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2011/01/22 23:07:12 | 000,000,993 | ---- | C] () -- C:\Users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    [2011/01/22 23:07:12 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2011/01/09 17:43:23 | 000,004,292 | ---- | C] () -- C:\WirelessDiagLog.csv
    [2010/12/26 17:16:15 | 000,000,957 | ---- | C] () -- C:\Users\Nitesh\Desktop\MagicDisc.lnk
    [2010/12/26 14:21:19 | 000,001,089 | ---- | C] () -- C:\windows\PWCMDLST.BAK
    [2010/12/26 14:14:36 | 000,801,352 | ---- | C] () -- C:\windows\SysNative\pwNative.exe
    [2010/12/26 14:14:36 | 000,019,936 | ---- | C] () -- C:\windows\SysNative\pwdrvio.sys
    [2010/12/26 14:14:18 | 000,013,280 | ---- | C] () -- C:\windows\SysNative\pwdspio.sys
    [2010/12/24 22:26:04 | 000,001,986 | -H-- | C] () -- C:\Users\Nitesh\Documents\Default.rdp
    [2010/12/18 05:27:43 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2010/10/31 11:10:19 | 000,000,000 | ---- | C] () -- C:\Users\Nitesh\AppData\Roaming\Stardockfences_debug_snapshot.dat
    [2010/10/26 11:36:28 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
    [2010/08/29 20:49:05 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
    [2010/08/29 20:39:17 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
    [2010/08/29 20:39:17 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
    [2010/08/29 20:39:09 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
    [2010/05/17 13:01:28 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
    [2010/05/17 13:01:28 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
    [2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2009/07/14 02:33:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2011/01/14 10:44:29 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\Cisco
    [2010/11/13 16:32:23 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\ICAClient
    [2010/11/07 09:57:56 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\IObit
    [2010/10/26 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\Lenovo
    [2010/10/25 21:50:10 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\ooVoo Details
    [2010/10/31 11:10:16 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\Stardock
    [2011/01/23 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\uTorrent
    [2011/01/21 20:15:10 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 13:01:13 | 000,229,447 | ---- | M] () -- C:\AnalysisLog.sr0
    [2010/11/20 13:02:02 | 000,180,928 | ---- | M] () -- C:\AnalysisLogApi.sr1
    [2011/01/23 10:18:24 | 000,025,088 | ---- | M] () -- C:\ComboFix.txt
    [2011/01/23 14:12:47 | 001,254,517 | ---- | M] () -- C:\FaceProv.log
    [2011/01/23 14:11:37 | 3061,166,080 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/02 05:07:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/08/29 20:18:27 | 000,000,032 | ---- | M] () -- C:\mute.log
    [2011/01/23 14:11:45 | 4081,557,504 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/29 20:11:15 | 000,003,238 | ---- | M] () -- C:\RHDSetup.log
    [2011/01/23 10:10:01 | 000,000,361 | ---- | M] () -- C:\rkill.log
    [2011/01/09 17:43:32 | 000,004,292 | ---- | M] () -- C:\WirelessDiagLog.csv

    < %systemroot%\Fonts\*.com >
    [2009/07/14 11:02:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 11:02:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 11:02:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 11:02:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 02:19:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 10:24:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/10/26 00:14:25 | 000,000,221 | -HS- | M] () -- C:\Users\Nitesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/23 14:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 02:50:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/08/29 20:18:08 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/08/29 20:18:08 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/08/29 20:18:08 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/08/29 20:18:08 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/08/29 20:18:08 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/08/29 20:18:08 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/10/26 00:40:38 | 000,000,402 | -HS- | M] () -- C:\Users\Nitesh\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/10/26 11:36:28 | 000,000,088 | ---- | M] () -- C:\ProgramData\profile.xml

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  16. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    OTL Extras logfile created on: 1/23/2011 2:35:06 PM - Run 1
    OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Nitesh\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.99 Gb Total Space | 88.80 Gb Free Space | 59.20% Space Free | Partition Type: NTFS
    Drive D: | 30.48 Gb Total Space | 20.24 Gb Free Space | 66.42% Space Free | Partition Type: NTFS
    Drive E: | 270.34 Gb Total Space | 208.94 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
    Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 6.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: NKS | User Name: Nitesh | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Minefield\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0D9917CE-1C77-4B58-A153-DCB5A854ED82}" = Intel(R) Wireless Display
    "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
    "{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{35FCDA3F-13F2-3786-A9A8-115A1FE7FFC1}" = ATI Catalyst Install Manager
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
    "{7579822E-65DD-0016-D4AA-E7028CA42996}" = ccc-utility64
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
    "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
    "DFEA59689C004DFD0378309F3A583EA32D78A1B3" = Windows Driver Package - Broadcom Bluetooth (01/06/2010 6.2.0.9416)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Minefield 4.0b10pre (x64 en-US)" = Minefield 4.0b10pre (x64 en-US)
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
    "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{031E99E6-CFB5-86D2-E781-ABB59FEFE7F9}" = ccc-core-static
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{087C73E4-1F5F-8076-C460-38FB0985C82E}" = CCC Help Dutch
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B12F597-F346-840F-923A-0D6C27739EA6}" = CCC Help Czech
    "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
    "{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
    "{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{15314AB9-AA3C-F93D-81F1-ACFDCC4FAF1E}" = CCC Help Greek
    "{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2022BA2B-0473-7494-13E9-B9DDCDDD6D56}" = CCC Help Swedish
    "{23166152-0968-047C-8B1C-9E26C029D132}" = CCC Help Spanish
    "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
    "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}" = Lenovo MuteSync
    "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2CA2332F-E8EE-50C9-7CCD-7514D318A734}" = CCC Help Norwegian
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4425901D-1347-04FB-C48C-040E4BDD98B2}" = PX Profile Update
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4DFE2035-FCC7-CCF9-6DA8-CA798CFC7CBD}" = CCC Help Chinese Standard
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
    "{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
    "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{54A8CEB5-43EB-69CD-72BE-A8BC11869FAE}" = Catalyst Control Center Graphics Previews Common
    "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
    "{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
    "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
    "{5A33AE1F-6F70-76BC-FE71-46EF2F592983}" = CCC Help Polish
    "{5B36F08E-DC81-E672-1472-A145CF499A73}" = CCC Help Finnish
    "{5CA178AC-08C9-57EE-928F-BFE8B7A85499}" = Catalyst Control Center Graphics Light
    "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{668842FC-6827-4B6F-82BF-3828BE6D3007}" = Cisco AnyConnect VPN Client
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6BC27278-28F6-D98A-587C-591FD8DDDC4C}" = PowerXpressHybrid
    "{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7D739CFA-F1E2-547F-A62D-7B64F3C38B5A}" = CCC Help Thai
    "{7D9CEBD0-0CAE-462D-8191-591ACC79E430}" = Catalyst Control Center - Branding
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
    "{833330D8-5751-7965-3B70-3FD0B36CBEE3}" = CCC Help Chinese Traditional
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D289B05-E91B-5470-68EF-488CC2899D5F}" = Catalyst Control Center Localization All
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8FB76CA4-B4EE-E837-0B24-7256A2144626}" = CCC Help English
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A2DCEC03-EC54-D9D1-B81E-CCEE6360EC51}" = CCC Help French
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{ABE960C6-8021-4CF5-0715-60585FBBCD62}" = Catalyst Control Center Graphics Previews Vista
    "{AC44D352-909B-846F-A217-2756902909D9}" = CCC Help Danish
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{ADFBBAF0-6C88-EF43-9B37-737C75FBE0F8}" = CCC Help German
    "{AF04EDB5-5624-196C-EE7C-AA2D788D3F5D}" = CCC Help Japanese
    "{AF959F87-4F17-C216-BA91-39669C2D8CE3}" = Catalyst Control Center InstallProxy
    "{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
    "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B8F589E9-2EAE-5EBD-5D59-E11F2BDA6E03}" = CCC Help Portuguese
    "{B914FC95-C386-A758-1006-DCCEE9AE360B}" = Catalyst Control Center Core Implementation
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BCA8A486-5FF7-F52B-EEF3-CB8C3EDBA6F8}" = CCC Help Italian
    "{C01A1083-0C1F-864E-8C47-A36E35C2072B}" = CCC Help Turkish
    "{C23DD57A-09D0-5322-26C9-7BBA08305CCF}" = CCC Help Hungarian
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C4919919-8D68-0F2A-0997-165291D1B71E}" = CCC Help Korean
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
    "{CA58DD20-49F6-F5F9-A87D-AC2FF5B56BE2}" = CCC Help Russian
    "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
    "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
    "{E4487C27-5F10-41BF-95BD-13856FE97CBC}" = Cisco IP Communicator 7.0.3
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
    "{EF000E82-0615-8FC0-631C-B120D4D1A618}" = Catalyst Control Center Graphics Full Existing
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5608FF7-17C0-440A-80C7-29C48363BD87}" = Lenovo EasyCamera
    "{F6E3D70F-A4FC-53C2-761B-7CE0648A7404}" = Catalyst Control Center Graphics Full New
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
    "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Fences" = Fences
    "Game Booster_is1" = Game Booster
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}" = Lenovo MuteSync
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
    "KeatProX" = KeatProX 2.1.3.1
    "Lenovo SlideNav2" = Lenovo SlideNav
    "Lenovo SplitScreen" = Lenovo SplitScreen
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "OpenAL" = OpenAL
    "uTorrent" = ĀµTorrent
    "VeriFace" = VeriFace
    "VLC media player" = VLC media player 1.1.5
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/22/2011 1:49:18 PM | Computer Name = nks | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
    0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
    0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
    0xfe4 Faulting application start time: 0x01cbba5cb136c4a3 Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\windows\SysWOW64\ntdll.dll Report Id: ef40252e-264f-11e0-8fc2-c80aa9dbdeae

    Error - 1/22/2011 1:49:37 PM | Computer Name = nks | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
    0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
    0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
    0x17d8 Faulting application start time: 0x01cbba5cba1cb9ec Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\windows\SysWOW64\ntdll.dll Report Id: fa7b93db-264f-11e0-8fc2-c80aa9dbdeae

    Error - 1/22/2011 1:49:50 PM | Computer Name = nks | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
    0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
    0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
    0x78 Faulting application start time: 0x01cbba5cc1ab3d2d Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\windows\SysWOW64\ntdll.dll Report Id: 02459983-2650-11e0-8fc2-c80aa9dbdeae

    Error - 1/22/2011 1:50:00 PM | Computer Name = nks | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
    0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
    0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
    0x16b0 Faulting application start time: 0x01cbba5cc9c8353e Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\windows\SysWOW64\ntdll.dll Report Id: 07d3f729-2650-11e0-8fc2-c80aa9dbdeae

    Error - 1/22/2011 1:50:19 PM | Computer Name = nks | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
    0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
    0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b2bd Faulting process id:
    0xee0 Faulting application start time: 0x01cbba5cd2f7494f Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\windows\SysWOW64\ntdll.dll Report Id: 1372b3c2-2650-11e0-8fc2-c80aa9dbdeae

    Error - 1/22/2011 1:50:44 PM | Computer Name = nks | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
    0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
    0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
    0x15d8 Faulting application start time: 0x01cbba5ce43d4a8e Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\windows\SysWOW64\ntdll.dll Report Id: 22490c7a-2650-11e0-8fc2-c80aa9dbdeae

    Error - 1/22/2011 1:51:23 PM | Computer Name = nks | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
    0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
    0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
    0xb20 Faulting application start time: 0x01cbba5cf80b7d9d Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\windows\SysWOW64\ntdll.dll Report Id: 395f8549-2650-11e0-8fc2-c80aa9dbdeae

    Error - 1/22/2011 1:51:32 PM | Computer Name = nks | Source = Application Error | ID = 1000
    Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
    0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
    0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b1c0 Faulting process id:
    0xabc Faulting application start time: 0x01cbba5d009865fc Faulting application path:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
    C:\windows\SysWOW64\ntdll.dll Report Id: 3ea68947-2650-11e0-8fc2-c80aa9dbdeae

    Error - 1/22/2011 1:55:03 PM | Computer Name = nks | Source = Application Error | ID = 1000
    Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc6b7 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
    stamp: 0x4ba9b29c Exception code: 0xc0000374 Fault offset: 0x000cdc9b Faulting process
    id: 0x7bc Faulting application start time: 0x01cbba5d7d464548 Faulting application
    path: C:\windows\SysWOW64\DllHost.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
    Report
    Id: bc877a17-2650-11e0-8fc2-c80aa9dbdeae

    Error - 1/22/2011 2:07:18 PM | Computer Name = nks | Source = Application Hang | ID = 1002
    Description = The program mmc.exe version 6.1.7600.16385 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1454 Start
    Time: 01cbba5b8c3d854f Termination Time: 15 Application Path: C:\windows\system32\mmc.exe

    Report
    Id:

    [ Cisco AnyConnect VPN Client Events ]
    Error - 1/23/2011 3:41:40 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    Error - 1/23/2011 3:41:40 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    Error - 1/23/2011 3:52:08 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    Error - 1/23/2011 3:52:08 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    Error - 1/23/2011 4:00:13 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    Error - 1/23/2011 4:00:13 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    Error - 1/23/2011 4:13:08 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    Error - 1/23/2011 4:13:08 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    Error - 1/23/2011 4:41:52 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    Error - 1/23/2011 4:41:52 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
    Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
    Line:
    538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
    ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

    [ Media Center Events ]
    Error - 1/19/2011 12:13:06 PM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 21:42:45 - Failed to retrieve MCEClientUX (Error: Unable to connect
    to the remote server)

    Error - 1/19/2011 12:13:31 PM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 21:43:27 - Failed to retrieve Broadband (Error: Unable to connect
    to the remote server)

    Error - 1/19/2011 1:14:27 PM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 22:44:27 - Failed to retrieve Directory (Error: Unable to connect
    to the remote server)

    Error - 1/19/2011 1:15:30 PM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 22:45:09 - Failed to retrieve MCESpotlight (Error: Unable to connect
    to the remote server)

    Error - 1/19/2011 1:16:12 PM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 22:45:51 - Failed to retrieve MCEClientUX (Error: Unable to connect
    to the remote server)

    Error - 1/19/2011 1:16:34 PM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 22:46:33 - Failed to retrieve Broadband (Error: Unable to connect
    to the remote server)

    Error - 1/20/2011 1:06:26 PM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 22:36:26 - Error connecting to the internet. 22:36:26 - Unable
    to contact server..

    Error - 1/20/2011 1:06:37 PM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 22:36:32 - Error connecting to the internet. 22:36:32 - Unable
    to contact server..

    Error - 1/21/2011 10:48:22 AM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 20:18:22 - Error connecting to the internet. 20:18:22 - Unable
    to contact server..

    Error - 1/21/2011 10:48:32 AM | Computer Name = nks | Source = MCUpdate | ID = 0
    Description = 20:18:28 - Error connecting to the internet. 20:18:28 - Unable
    to contact server..

    [ System Events ]
    Error - 1/22/2011 1:37:27 PM | Computer Name = nks | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
    Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll


    Error - 1/22/2011 1:38:43 PM | Computer Name = nks | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the vpnagent service.

    Error - 1/22/2011 1:40:15 PM | Computer Name = nks | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 1/22/2011 1:40:15 PM | Computer Name = nks | Source = Service Control Manager | ID = 7031
    Description = The Intel(R) Management and Security Application Local Management
    Service service terminated unexpectedly. It has done this 1 time(s). The following
    corrective action will be taken in 10000 milliseconds: Restart the service.

    Error - 1/22/2011 1:40:24 PM | Computer Name = nks | Source = Service Control Manager | ID = 7034
    Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

    Error - 1/22/2011 1:40:39 PM | Computer Name = nks | Source = Service Control Manager | ID = 7000
    Description = The Intel(R) Management and Security Application Local Management
    Service service failed to start due to the following error: %%109

    Error - 1/22/2011 1:42:23 PM | Computer Name = nks | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%109

    Error - 1/22/2011 1:42:23 PM | Computer Name = nks | Source = Service Control Manager | ID = 7000
    Description = The ReadyComm.DirectRouter service failed to start due to the following
    error: %%2

    Error - 1/22/2011 1:42:26 PM | Computer Name = nks | Source = Service Control Manager | ID = 7000
    Description = The Intel(R) Management and Security Application Local Management
    Service service failed to start due to the following error: %%109

    Error - 1/22/2011 1:42:26 PM | Computer Name = nks | Source = Service Control Manager | ID = 7001
    Description = The Intel(R) Management & Security Application User Notification Service
    service depends on the Intel(R) Management and Security Application Local Management
    Service service which failed to start because of the following error: %%109


    < End of report >
     
  17. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    Seems like Avast Antivirus was the problem. After uninstalling it in safe mode, I have not received any further crashes. Thanks a lot. I have been using two antivirus since long, but on 16th, I upgraded the Avast with latest software update and the problem seemed to have started after that.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2011/01/16 12:52:19 | 000,237,168 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
      [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Windows\SysNative\aswBoot.exe moved successfully.
    C:\windows\SysWow64\tmp8D12.tmp deleted successfully.
    C:\windows\SysWow64\tmp8D23.tmp deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Nitesh
    ->Temp folder emptied: 404145495 bytes
    ->Temporary Internet Files folder emptied: 8866963 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 73279774 bytes
    ->Google Chrome cache emptied: 12451413 bytes
    ->Flash cache emptied: 1219 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2596369 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 478.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Nitesh
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.5 log created on 01242011_230102

    Files\Folders moved on Reboot...
    C:\Users\Nitesh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH9O86V9\ads[3].htm moved successfully.
    C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZY9ZGBH\crosspixel-dest[1].htm moved successfully.
    C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZY9ZGBH\sh30[1].html moved successfully.
    C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4V34XL8B\topic160008[3].html moved successfully.
    C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
  20. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.1
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    ThreatFire TFTray.exe
    ThreatFire TFService.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
  21. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    ESET Online Scanner didn't produce any log. Thanks.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  23. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    Seems like OTL was not able to create restore point.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Nitesh
    ->Temp folder emptied: 680153 bytes
    ->Temporary Internet Files folder emptied: 20168263 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 53537983 bytes
    ->Google Chrome cache emptied: 8130989 bytes
    ->Flash cache emptied: 1235 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1943231 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 81.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Nitesh
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Error creating restore point.

    OTL by OldTimer - Version 3.2.20.5 log created on 01262011_205024

    Files\Folders moved on Reboot...
    C:\Users\Nitesh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\startupCache\startupCache.8.little moved successfully.
    C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\urlclassifier3.sqlite moved successfully.
    C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\XUL.mfl moved successfully.

    Registry entries deleted on Reboot...
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

  25. niteshsingh_007

    niteshsingh_007 TS Rookie Topic Starter Posts: 22

    I checked the system restore was already turned off. I turned it on.

    Thanks a lot for the help. I do not see any problems with my PC now.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...