also @ TechSpot: Weekend Open Forum: Imagining Google's own country

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Google Redirect Issue

Discussion in 'Virus and Malware Removal' started by oltraff, Nov 26, 2010.

Page 2 of 4

oltraff Newcomer, in training Posts: 38

It ran clean...even restarted the computer. Here's the log. Still looks incomplete.

ComboFix 10-11-26.07 - Ashish 11/27/2010 13:28:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3581.2711 [GMT -5:00]
Running from: C:\Users\Ashish\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

oltraff, Nov 27, 2010

#21
Broni Malware Annihilator Posts: 39,252 +175
Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
explorer.exe
winlogon.exe
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Nov 27, 2010

#22
oltraff Newcomer, in training Posts: 38

Here's the OTL Log. Extras.txt wasn't created. Thanks.

OTL logfile created on: 11/27/2010 1:48:27 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ashish\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 133.98 Gb Free Space | 46.93% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.28 Gb Free Space | 32.77% Space Free | Partition Type: NTFS

Computer Name: ASHISH-PC | User Name: Ashish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/07/05 13:26:18 | 000,025,936 | ---- | M] (Apple, Inc.) -- C:\Program Files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exe
PRC - [2008/07/05 13:23:16 | 000,007,168 | ---- | M] () -- C:\Program Files\Apple\iPhone Configuration Web Utility\ruby\bin\ruby.exe
PRC - [2008/04/03 12:54:15 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2007/12/02 23:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/04/16 23:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/07/09 18:45:27 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/05 13:26:18 | 000,025,936 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exe -- (Apple iPhone Configuration Web Utility)
SRV - [2008/04/03 20:29:26 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/04/03 13:12:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/03 12:54:15 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/15 09:28:20 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/12/02 23:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ashish\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/09/15 15:04:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2008/04/03 20:36:47 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/04/03 20:36:47 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/04/03 20:36:47 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/02 23:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/28 01:40:24 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/28 01:24:16 | 007,620,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/07 04:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007/09/07 04:22:34 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/07 03:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 01:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 01:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 01:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 00:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 00:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/07/16 10:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/04/16 22:44:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/03/21 14:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/06 20:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 18:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 18:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080404
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/06 16:05:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 21:20:36 | 000,000,000 | ---D | M]

[2008/06/17 18:59:27 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Extensions
[2010/11/27 02:42:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\extensions
[2010/08/16 22:47:37 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\extensions\vshareus@toolbar
[2010/11/27 02:42:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 01:56:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/03 19:55:51 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/11/27 12:54:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF6731.cfx File not found
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swetaswxxx.exe] C:\swetaswxxx.exe\swetaswxxx.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF6731.cfx File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://bollym4u.com/js/vjocx-ch.cab (Reg Error: Key error.)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 13:46:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
[2010/11/27 13:33:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/27 13:33:34 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\temp
[2010/11/27 13:27:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/27 12:41:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/27 12:41:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/27 12:41:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/27 12:41:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/27 12:41:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/27 02:47:52 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\Sunbelt Software
[2010/11/27 02:33:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/26 21:16:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 18:21:28 | 000,000,000 | ---D | C] -- C:\Users\Ashish\Desktop\Logs
[2010/11/26 18:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/20 13:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/20 13:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/11 23:03:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/11 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Roaming\Arlu
[2010/11/07 19:41:21 | 000,000,000 | ---D | C] -- C:\Users\Ashish\DoctorWeb
[2010/11/06 01:20:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/06 01:03:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/06 01:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/06 00:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/06 00:48:04 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Users\Ashish\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/05 23:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/11/05 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\NPE
[2010/11/03 21:27:42 | 006,565,383 | ---- | C] (McAfee Inc.) -- C:\Users\Ashish\Desktop\stinger10101096.exe
[2010/11/03 21:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/31 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/31 00:59:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2008/05/31 10:55:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ashish\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
[2010/11/27 13:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000UA.job
[2010/11/27 13:34:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 13:34:47 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 13:34:47 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 13:34:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/27 13:34:33 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 13:33:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/27 13:17:57 | 001,228,013 | ---- | M] () -- C:\Users\Ashish\Desktop\tdsskiller.zip
[2010/11/27 13:06:26 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/27 12:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/27 12:54:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/27 12:45:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000Core.job
[2010/11/27 12:40:47 | 003,910,097 | R--- | M] () -- C:\Users\Ashish\Desktop\ComboFix.exe
[2010/11/27 12:18:28 | 000,080,384 | ---- | M] () -- C:\Users\Ashish\Desktop\MBRCheck.exe
[2010/11/27 12:13:50 | 000,630,272 | ---- | M] () -- C:\Users\Ashish\Desktop\dds.scr
[2010/11/27 12:13:47 | 000,296,448 | ---- | M] () -- C:\Users\Ashish\Desktop\triqxjj5.exe
[2010/11/27 12:12:22 | 000,253,046 | ---- | M] () -- C:\Users\Ashish\AppData\Roaming\nvModes.001
[2010/11/27 11:52:25 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/11/27 02:34:40 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/27 02:34:40 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/27 02:22:14 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job
[2010/11/26 00:49:43 | 000,149,504 | ---- | M] () -- C:\Users\Ashish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/23 21:12:06 | 000,093,571 | ---- | M] () -- C:\Users\Ashish\Desktop\nfl-parity-2010.jpg
[2010/11/22 21:51:09 | 301,514,147 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/18 21:37:00 | 000,016,165 | ---- | M] () -- C:\Users\Ashish\Documents\Publications.docx
[2010/11/14 22:45:20 | 000,000,227 | ---- | M] () -- C:\Users\Ashish\Desktop\Sound - Shortcut.lnk
[2010/11/13 16:50:46 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/11/09 22:11:04 | 000,002,049 | ---- | M] () -- C:\Users\Ashish\Desktop\Google Chrome.lnk
[2010/11/09 22:11:04 | 000,002,011 | ---- | M] () -- C:\Users\Ashish\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/09 21:36:14 | 000,023,214 | ---- | M] () -- C:\Users\Ashish\Documents\Resume.docx
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 19:57:32 | 000,001,356 | ---- | M] () -- C:\Users\Ashish\AppData\Local\d3d9caps.dat
[2010/11/07 19:05:32 | 000,145,656 | ---- | M] () -- C:\Users\Ashish\AppData\Local\prvlcl.dat
[2010/11/06 00:48:12 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Users\Ashish\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/05 23:49:42 | 000,001,508 | ---- | M] () -- C:\Users\Ashish\AppData\Roaming\SMRResults130.dat
[2010/11/03 23:25:23 | 000,000,017 | ---- | M] () -- C:\Users\Ashish\Desktop\stinger10101096.opt
[2010/11/03 23:21:05 | 000,079,968 | ---- | M] () -- C:\Users\Ashish\Desktop\Heat.Jazz Tickets 11.9.10.pdf
[2010/11/03 21:28:17 | 006,565,383 | ---- | M] (McAfee Inc.) -- C:\Users\Ashish\Desktop\stinger10101096.exe
[2010/10/31 21:45:45 | 000,079,978 | ---- | M] () -- C:\Users\Ashish\Desktop\Heat.Celtics Tickets 11.11.10.pdf

========== Files Created - No Company Name ==========

[2010/11/27 12:41:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/27 12:41:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/27 12:41:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/27 12:41:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/27 12:41:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/27 12:40:40 | 003,910,097 | R--- | C] () -- C:\Users\Ashish\Desktop\ComboFix.exe
[2010/11/27 12:18:28 | 000,080,384 | ---- | C] () -- C:\Users\Ashish\Desktop\MBRCheck.exe
[2010/11/27 12:13:49 | 000,630,272 | ---- | C] () -- C:\Users\Ashish\Desktop\dds.scr
[2010/11/27 12:13:34 | 000,296,448 | ---- | C] () -- C:\Users\Ashish\Desktop\triqxjj5.exe
[2010/11/26 23:20:49 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/23 21:12:06 | 000,093,571 | ---- | C] () -- C:\Users\Ashish\Desktop\nfl-parity-2010.jpg
[2010/11/14 22:45:20 | 000,000,227 | ---- | C] () -- C:\Users\Ashish\Desktop\Sound - Shortcut.lnk
[2010/11/09 21:40:54 | 000,016,165 | ---- | C] () -- C:\Users\Ashish\Documents\Publications.docx
[2010/11/07 19:05:31 | 000,145,656 | ---- | C] () -- C:\Users\Ashish\AppData\Local\prvlcl.dat
[2010/11/06 00:25:33 | 001,228,013 | ---- | C] () -- C:\Users\Ashish\Desktop\tdsskiller.zip
[2010/11/05 23:49:42 | 000,001,508 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\SMRResults130.dat
[2010/11/03 23:25:23 | 000,000,017 | ---- | C] () -- C:\Users\Ashish\Desktop\stinger10101096.opt
[2010/11/03 23:21:05 | 000,079,968 | ---- | C] () -- C:\Users\Ashish\Desktop\Heat.Jazz Tickets 11.9.10.pdf
[2010/10/31 21:45:45 | 000,079,978 | ---- | C] () -- C:\Users\Ashish\Desktop\Heat.Celtics Tickets 11.11.10.pdf
[2010/10/19 20:42:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\io.ini
[2010/10/19 20:42:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\1rphcipg0fz62yxo23ox8gd3li86yuho.ini
[2010/08/29 16:29:24 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/07/14 22:58:40 | 000,000,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/03 07:12:30 | 000,000,120 | ---- | C] () -- C:\Users\Ashish\AppData\Local\Rlekozugi.dat
[2010/06/03 07:12:30 | 000,000,000 | ---- | C] () -- C:\Users\Ashish\AppData\Local\Rnajevamiku.bin
[2010/06/02 22:38:18 | 000,000,036 | ---- | C] () -- C:\Users\Ashish\AppData\Local\housecall.guid.cache
[2010/05/28 22:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\fjkwetbl.sys
[2010/05/28 22:34:48 | 000,000,020 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\vqdlkr.dat
[2010/03/08 22:47:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/03/08 21:49:09 | 000,010,678 | -HS- | C] () -- C:\Users\Ashish\AppData\Local\J3CVYoQ5
[2009/10/31 20:48:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2008/12/31 18:20:59 | 000,001,356 | ---- | C] () -- C:\Users\Ashish\AppData\Local\d3d9caps.dat
[2008/05/31 10:56:38 | 000,001,036 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\vso_ts_preview.xml
[2008/05/31 10:56:00 | 000,000,034 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.log
[2008/05/31 10:55:41 | 000,007,887 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.cat
[2008/05/31 10:55:41 | 000,001,144 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.inf
[2008/04/09 20:22:50 | 000,253,046 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\nvModes.001
[2008/04/09 18:55:28 | 000,149,504 | ---- | C] () -- C:\Users\Ashish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/09 18:34:35 | 000,253,046 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\nvModes.dat
[2008/04/03 20:37:11 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/04/03 20:37:10 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/03 13:10:10 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/04/03 12:56:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/04/03 12:55:08 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/04/03 12:55:07 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/04/03 12:55:07 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/07/16 10:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/10/28 16:42:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

oltraff, Nov 27, 2010

#23
oltraff Newcomer, in training Posts: 38

========== LOP Check ==========

[2010/11/10 01:56:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\.BitTornado
[2010/06/02 21:16:07 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\025EE49533BAB044CB74A2A78C0E406A
[2010/11/14 01:14:05 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Arlu
[2008/04/13 18:58:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Azureus
[2010/05/24 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\com.adobe.example.NISDesktopAlerts.8B84194D4D9FFDB4F2F41B07D0F160207BFE7624.1
[2008/09/07 10:13:42 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2010/10/16 09:11:43 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Esiz
[2010/10/16 10:02:47 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Ginad
[2010/06/27 23:03:16 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Ginai
[2009/02/13 20:21:52 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Gleim
[2010/06/03 06:54:55 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Hounva
[2010/03/26 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Opera
[2010/06/24 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Pacayv
[2008/09/08 19:21:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\PDFCreator
[2010/05/29 19:43:36 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\StreamTorrent
[2010/07/26 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\tmp
[2010/08/11 22:52:00 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Vso
[2010/11/27 13:33:39 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/27 02:22:14 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/27 02:17:03 | 000,030,265 | ---- | M] () -- C:\aaw7boot.log
[2009/10/04 09:40:49 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 04:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/04/03 20:37:19 | 000,004,870 | RH-- | M] () -- C:\dell.sdr
[2010/11/27 13:34:33 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/01 18:14:19 | 000,000,351 | -H-- | M] () -- C:\IPH.PH
[2010/11/27 13:34:31 | 4069,793,792 | -HS- | M] () -- C:\pagefile.sys
[2007/05/18 11:10:50 | 000,002,607 | ---- | M] () -- C:\Post_VPN_Logon.vbs
[2010/08/28 11:03:18 | 000,064,174 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_28.08.2010_12.01.50_log.txt
[2010/08/28 11:15:07 | 000,062,240 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_28.08.2010_12.14.33_log.txt
[2010/08/28 11:18:01 | 000,062,240 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_28.08.2010_12.17.40_log.txt
[2010/08/29 14:11:34 | 000,062,240 | ---- | M] () -- C:\TDSSKiller.2.4.1.3_29.08.2010_15.11.10_log.txt
[2010/11/03 21:12:06 | 000,062,242 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_03.11.2010_22.11.39_log.txt
[2010/11/06 00:27:17 | 000,062,242 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_06.11.2010_01.25.50_log.txt
[2010/11/20 13:12:44 | 000,062,242 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_20.11.2010_13.12.18_log.txt
[2010/11/11 21:31:16 | 000,062,242 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_11.11.2010_21.30.13_log.txt
[2010/11/26 21:08:08 | 000,062,242 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_26.11.2010_20.19.12_log.txt
[2010/11/27 13:26:30 | 000,060,596 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_27.11.2010_13.18.13_log.txt
[2008/04/13 16:18:36 | 000,852,006 | ---- | M] () -- C:\vpninst.log
[2008/07/13 16:43:47 | 000,000,026 | ---- | M] () -- C:\wizard.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/12/29 08:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 04:46:05 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/10 19:22:29 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/01 18:16:20 | 000,000,286 | -HS- | M] () -- C:\Users\Ashish\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/06 00:48:12 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Users\Ashish\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/27 12:40:47 | 003,910,097 | R--- | M] () -- C:\Users\Ashish\Desktop\ComboFix.exe
[2010/11/27 12:18:28 | 000,080,384 | ---- | M] () -- C:\Users\Ashish\Desktop\MBRCheck.exe
[2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
[2010/11/03 21:28:17 | 006,565,383 | ---- | M] (McAfee Inc.) -- C:\Users\Ashish\Desktop\stinger10101096.exe
[2010/11/27 12:13:47 | 000,296,448 | ---- | M] () -- C:\Users\Ashish\Desktop\triqxjj5.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2008/06/13 02:19:28 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2008/06/13 02:18:58 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2008/06/13 02:18:58 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2008/06/13 02:18:58 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2008/06/13 02:18:58 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2008/06/13 02:18:58 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/04/09 17:59:53 | 000,000,402 | -HS- | M] () -- C:\Users\Ashish\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/19 20:42:43 | 000,000,000 | ---- | M] () -- C:\ProgramData\1rphcipg0fz62yxo23ox8gd3li86yuho.ini
[2010/10/19 20:42:43 | 000,000,032 | ---- | M] () -- C:\ProgramData\io.ini

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >
[2010/05/09 20:07:42 | 000,058,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\o.dat

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/04/03 20:28:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/04/03 20:28:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 217 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

oltraff, Nov 27, 2010

#24

Broni Malware Annihilator Posts: 39,252 +175

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF6731.cfx File not found
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [swetaswxxx.exe] C:\swetaswxxx.exe\swetaswxxx.exe File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF6731.cfx File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (Reg Error: Key error.)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://bollym4u.com/js/vjocx-ch.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/11/11 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Roaming\Arlu
[2010/11/06 01:20:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/06 01:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/05 23:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/10/31 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/19 20:42:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\io.ini
[2010/10/19 20:42:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\1rphcipg0fz62yxo23ox8gd3li86yuho.ini
[2010/06/03 07:12:30 | 000,000,120 | ---- | C] () -- C:\Users\Ashish\AppData\Local\Rlekozugi.dat
[2010/06/03 07:12:30 | 000,000,000 | ---- | C] () -- C:\Users\Ashish\AppData\Local\Rnajevamiku.bin
[2010/05/28 22:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\fjkwetbl.sys
[2010/05/28 22:34:48 | 000,000,020 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\vqdlkr.dat
[2010/03/08 21:49:09 | 000,010,678 | -HS- | C] () -- C:\Users\Ashish\AppData\Local\J3CVYoQ5
[2010/06/02 21:16:07 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\025EE49533BAB044CB74A2A78C0E406A
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

:Services

:Reg

:Files
C:\Program Files\Viewpoint


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

Let me know, how computer is doing....

Broni, Nov 27, 2010

#25

oltraff Newcomer, in training Posts: 38

Ran it and it rebooted the computer. I don't see a log for it however. I still get the blank screen when Windows boots up. Thanks

oltraff, Nov 27, 2010

#26

Broni Malware Annihilator Posts: 39,252 +175

Re-run OTL "Quick scan" and post its log.

After that, delete your Combofix file, download fresh one and try to run it again.

Broni, Nov 27, 2010

#27
oltraff Newcomer, in training Posts: 38

Found this. Is this the log from the last operation (post #25)? Will run OTL quick scan and ComboFix again shortly.

All processes killed
========== OTL ==========
Process ViewpointService.exe killed successfully!
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\Windows\Updreg.EXE moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swetaswxxx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {A903E5AB-C67E-40FB-94F1-E1305982F6E0}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\ not found.
Starting removal of ActiveX control {D4003189-95B1-4A2F-9A87-F2B03665960D}
C:\Windows\Downloaded Program Files\vjocx.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Ashish\AppData\Roaming\Arlu folder moved successfully.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG folder moved successfully.
C:\ProgramData\AVG10\update\prepare folder moved successfully.
C:\ProgramData\AVG10\update\download folder moved successfully.
C:\ProgramData\AVG10\update\backup folder moved successfully.
C:\ProgramData\AVG10\update folder moved successfully.
C:\ProgramData\AVG10\Temp folder moved successfully.
C:\ProgramData\AVG10\SetupBackup folder moved successfully.
C:\ProgramData\AVG10\scanlogs folder moved successfully.
C:\ProgramData\AVG10\lsdb\prev folder moved successfully.
C:\ProgramData\AVG10\lsdb folder moved successfully.
C:\ProgramData\AVG10\log\IDP\log folder moved successfully.
C:\ProgramData\AVG10\log\IDP folder moved successfully.
C:\ProgramData\AVG10\log folder moved successfully.
C:\ProgramData\AVG10\IDS\quarantine folder moved successfully.
C:\ProgramData\AVG10\IDS\profile folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\9 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\8 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\7 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\6 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\5 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\4 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\3 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\2 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\1 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\0 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox folder moved successfully.
C:\ProgramData\AVG10\IDS\malwareprofile folder moved successfully.
C:\ProgramData\AVG10\IDS\log folder moved successfully.
C:\ProgramData\AVG10\IDS\download folder moved successfully.
C:\ProgramData\AVG10\IDS\config\EN_US folder moved successfully.
C:\ProgramData\AVG10\IDS\config folder moved successfully.
C:\ProgramData\AVG10\IDS folder moved successfully.
C:\ProgramData\AVG10\EMC folder moved successfully.
C:\ProgramData\AVG10\Dumps folder moved successfully.
C:\ProgramData\AVG10\Chjw\e822595b22593034 folder moved successfully.
C:\ProgramData\AVG10\Chjw\8eb45628b45612d7 folder moved successfully.
C:\ProgramData\AVG10\Chjw folder moved successfully.
C:\ProgramData\AVG10\avgam folder moved successfully.
C:\ProgramData\AVG10\Antispam folder moved successfully.
C:\ProgramData\AVG10\admincli folder moved successfully.
C:\ProgramData\AVG10 folder moved successfully.
C:\ProgramData\Norton\NPE folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG\AVG10\PCTuneup folder moved successfully.
C:\Program Files\AVG\AVG10\Icons folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox\Components folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox\Chrome folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox folder moved successfully.
C:\Program Files\AVG\AVG10\3rd_party\licenses folder moved successfully.
C:\Program Files\AVG\AVG10\3rd_party folder moved successfully.
C:\Program Files\AVG\AVG10 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\ProgramData\io.ini moved successfully.
C:\ProgramData\1rphcipg0fz62yxo23ox8gd3li86yuho.ini moved successfully.
C:\Users\Ashish\AppData\Local\Rlekozugi.dat moved successfully.
C:\Users\Ashish\AppData\Local\Rnajevamiku.bin moved successfully.
C:\Windows\System32\drivers\fjkwetbl.sys moved successfully.
C:\Users\Ashish\AppData\Roaming\vqdlkr.dat moved successfully.
C:\Users\Ashish\AppData\Local\J3CVYoQ5 moved successfully.
C:\Users\Ashish\AppData\Roaming\025EE49533BAB044CB74A2A78C0E406A folder moved successfully.
ADS C:\ProgramData\TempFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Program Files\Viewpoint\Common folder moved successfully.
C:\Program Files\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ashish
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67177273 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2992 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37756 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb

[EMPTYFLASH]

User: All Users

User: Ashish
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11272010_142039

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

oltraff, Nov 27, 2010

#28
oltraff Newcomer, in training Posts: 38

Here's the new OTL quick scan log:

OTL logfile created on: 11/27/2010 2:57:09 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ashish\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 132.91 Gb Free Space | 46.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.28 Gb Free Space | 32.77% Space Free | Partition Type: NTFS

Computer Name: ASHISH-PC | User Name: Ashish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
PRC - [2010/10/31 00:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/31 00:14:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/03 12:54:15 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2007/12/02 23:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/04/16 23:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/07/09 18:45:27 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/05 13:26:18 | 000,025,936 | ---- | M] (Apple, Inc.) [Auto | Stopped] -- C:\Program Files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exe -- (Apple iPhone Configuration Web Utility)
SRV - [2008/04/03 20:29:26 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/04/03 13:12:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/03 12:54:15 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/15 09:28:20 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/12/02 23:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ashish\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/09/15 15:04:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2008/04/03 20:36:47 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/04/03 20:36:47 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/04/03 20:36:47 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/02 23:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/28 01:40:24 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/28 01:24:16 | 007,620,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/07 04:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007/09/07 04:22:34 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/07 03:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 01:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 01:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 01:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 00:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 00:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/07/16 10:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/04/16 22:44:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/03/21 14:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/06 20:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 18:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 18:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080404
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/06 16:05:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/27 14:20:39 | 000,000,000 | ---D | M]

[2008/06/17 18:59:27 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Extensions
[2010/11/27 02:42:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\extensions
[2010/08/16 22:47:37 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\extensions\vshareus@toolbar
[2010/11/27 02:42:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 01:56:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/03 19:55:51 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/11/27 12:54:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 13:46:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
[2010/11/27 13:33:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/27 13:33:34 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\temp
[2010/11/27 13:27:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/27 12:41:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/27 12:41:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/27 12:41:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/27 12:41:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/27 12:41:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/27 02:47:52 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\Sunbelt Software
[2010/11/27 02:33:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/26 21:16:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 18:21:28 | 000,000,000 | ---D | C] -- C:\Users\Ashish\Desktop\Logs
[2010/11/26 18:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/20 13:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/20 13:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/11 23:03:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/07 19:41:21 | 000,000,000 | ---D | C] -- C:\Users\Ashish\DoctorWeb
[2010/11/06 01:03:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/06 00:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/06 00:48:04 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Users\Ashish\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/05 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\NPE
[2010/11/03 21:27:42 | 006,565,383 | ---- | C] (McAfee Inc.) -- C:\Users\Ashish\Desktop\stinger10101096.exe
[2010/11/03 21:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/31 00:59:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2008/05/31 10:55:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ashish\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/27 14:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/27 14:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000UA.job
[2010/11/27 14:22:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 14:22:06 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 14:22:06 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 14:21:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/27 14:21:51 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 14:21:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
[2010/11/27 13:17:57 | 001,228,013 | ---- | M] () -- C:\Users\Ashish\Desktop\tdsskiller.zip
[2010/11/27 13:06:26 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/27 12:54:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/27 12:45:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000Core.job
[2010/11/27 12:40:47 | 003,910,097 | R--- | M] () -- C:\Users\Ashish\Desktop\ComboFix.exe
[2010/11/27 12:18:28 | 000,080,384 | ---- | M] () -- C:\Users\Ashish\Desktop\MBRCheck.exe
[2010/11/27 12:13:50 | 000,630,272 | ---- | M] () -- C:\Users\Ashish\Desktop\dds.scr
[2010/11/27 12:13:47 | 000,296,448 | ---- | M] () -- C:\Users\Ashish\Desktop\triqxjj5.exe
[2010/11/27 12:12:22 | 000,253,046 | ---- | M] () -- C:\Users\Ashish\AppData\Roaming\nvModes.001
[2010/11/27 11:52:25 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/11/27 02:34:40 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/27 02:34:40 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/27 02:22:14 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job
[2010/11/26 00:49:43 | 000,149,504 | ---- | M] () -- C:\Users\Ashish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/23 21:12:06 | 000,093,571 | ---- | M] () -- C:\Users\Ashish\Desktop\nfl-parity-2010.jpg
[2010/11/22 21:51:09 | 301,514,147 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/18 21:37:00 | 000,016,165 | ---- | M] () -- C:\Users\Ashish\Documents\Publications.docx
[2010/11/14 22:45:20 | 000,000,227 | ---- | M] () -- C:\Users\Ashish\Desktop\Sound - Shortcut.lnk
[2010/11/13 16:50:46 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/11/09 22:11:04 | 000,002,049 | ---- | M] () -- C:\Users\Ashish\Desktop\Google Chrome.lnk
[2010/11/09 22:11:04 | 000,002,011 | ---- | M] () -- C:\Users\Ashish\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/09 21:36:14 | 000,023,214 | ---- | M] () -- C:\Users\Ashish\Documents\Resume.docx
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 19:57:32 | 000,001,356 | ---- | M] () -- C:\Users\Ashish\AppData\Local\d3d9caps.dat
[2010/11/07 19:05:32 | 000,145,656 | ---- | M] () -- C:\Users\Ashish\AppData\Local\prvlcl.dat
[2010/11/06 00:48:12 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Users\Ashish\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/05 23:49:42 | 000,001,508 | ---- | M] () -- C:\Users\Ashish\AppData\Roaming\SMRResults130.dat
[2010/11/03 23:25:23 | 000,000,017 | ---- | M] () -- C:\Users\Ashish\Desktop\stinger10101096.opt
[2010/11/03 23:21:05 | 000,079,968 | ---- | M] () -- C:\Users\Ashish\Desktop\Heat.Jazz Tickets 11.9.10.pdf
[2010/11/03 21:28:17 | 006,565,383 | ---- | M] (McAfee Inc.) -- C:\Users\Ashish\Desktop\stinger10101096.exe
[2010/10/31 21:45:45 | 000,079,978 | ---- | M] () -- C:\Users\Ashish\Desktop\Heat.Celtics Tickets 11.11.10.pdf

========== Files Created - No Company Name ==========

[2010/11/27 12:41:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/27 12:41:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/27 12:41:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/27 12:41:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/27 12:41:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/27 12:40:40 | 003,910,097 | R--- | C] () -- C:\Users\Ashish\Desktop\ComboFix.exe
[2010/11/27 12:18:28 | 000,080,384 | ---- | C] () -- C:\Users\Ashish\Desktop\MBRCheck.exe
[2010/11/27 12:13:49 | 000,630,272 | ---- | C] () -- C:\Users\Ashish\Desktop\dds.scr
[2010/11/27 12:13:34 | 000,296,448 | ---- | C] () -- C:\Users\Ashish\Desktop\triqxjj5.exe
[2010/11/26 23:20:49 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/23 21:12:06 | 000,093,571 | ---- | C] () -- C:\Users\Ashish\Desktop\nfl-parity-2010.jpg
[2010/11/14 22:45:20 | 000,000,227 | ---- | C] () -- C:\Users\Ashish\Desktop\Sound - Shortcut.lnk
[2010/11/09 21:40:54 | 000,016,165 | ---- | C] () -- C:\Users\Ashish\Documents\Publications.docx
[2010/11/07 19:05:31 | 000,145,656 | ---- | C] () -- C:\Users\Ashish\AppData\Local\prvlcl.dat
[2010/11/06 00:25:33 | 001,228,013 | ---- | C] () -- C:\Users\Ashish\Desktop\tdsskiller.zip
[2010/11/05 23:49:42 | 000,001,508 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\SMRResults130.dat
[2010/11/03 23:25:23 | 000,000,017 | ---- | C] () -- C:\Users\Ashish\Desktop\stinger10101096.opt
[2010/11/03 23:21:05 | 000,079,968 | ---- | C] () -- C:\Users\Ashish\Desktop\Heat.Jazz Tickets 11.9.10.pdf
[2010/10/31 21:45:45 | 000,079,978 | ---- | C] () -- C:\Users\Ashish\Desktop\Heat.Celtics Tickets 11.11.10.pdf
[2010/08/29 16:29:24 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/07/14 22:58:40 | 000,000,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/02 22:38:18 | 000,000,036 | ---- | C] () -- C:\Users\Ashish\AppData\Local\housecall.guid.cache
[2010/03/08 22:47:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2009/10/31 20:48:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2008/12/31 18:20:59 | 000,001,356 | ---- | C] () -- C:\Users\Ashish\AppData\Local\d3d9caps.dat
[2008/05/31 10:56:38 | 000,001,036 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\vso_ts_preview.xml
[2008/05/31 10:56:00 | 000,000,034 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.log
[2008/05/31 10:55:41 | 000,007,887 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.cat
[2008/05/31 10:55:41 | 000,001,144 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.inf
[2008/04/09 20:22:50 | 000,253,046 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\nvModes.001
[2008/04/09 18:55:28 | 000,149,504 | ---- | C] () -- C:\Users\Ashish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/09 18:34:35 | 000,253,046 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\nvModes.dat
[2008/04/03 20:37:11 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/04/03 20:37:10 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/03 13:10:10 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/04/03 12:56:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/04/03 12:55:08 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/04/03 12:55:07 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/04/03 12:55:07 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/07/16 10:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/10/28 16:42:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

========== LOP Check ==========

[2010/11/10 01:56:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\.BitTornado
[2008/04/13 18:58:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Azureus
[2010/05/24 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\com.adobe.example.NISDesktopAlerts.8B84194D4D9FFDB4F2F41B07D0F160207BFE7624.1
[2008/09/07 10:13:42 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2010/10/16 09:11:43 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Esiz
[2010/10/16 10:02:47 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Ginad
[2010/06/27 23:03:16 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Ginai
[2009/02/13 20:21:52 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Gleim
[2010/06/03 06:54:55 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Hounva
[2010/03/26 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Opera
[2010/06/24 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Pacayv
[2008/09/08 19:21:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\PDFCreator
[2010/05/29 19:43:36 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\StreamTorrent
[2010/07/26 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\tmp
[2010/08/11 22:52:00 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Vso
[2010/11/27 14:21:00 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/27 02:22:14 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job

========== Purity Check ==========

< End of report >

oltraff, Nov 27, 2010

#29
oltraff Newcomer, in training Posts: 38

Here's the ComboFix log:

ComboFix 10-11-26.07 - Ashish 11/27/2010 15:14:27.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3581.2672 [GMT -5:00]
Running from: c:\users\Ashish\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

--------

.
((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 20:18 . 2010-11-27 20:18 -------- d-----w- c:\users\Ashish\AppData\Local\temp
2010-11-27 07:47 . 2010-11-27 07:47 -------- d-----w- c:\users\Ashish\AppData\Local\Sunbelt Software
2010-11-27 07:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EE14487-3D27-40F9-8575-B5BF69ECAA20}\mpengine.dll
2010-11-26 23:00 . 2010-11-26 23:00 -------- d-----w- c:\program files\ESET
2010-11-20 18:38 . 2010-11-20 18:38 -------- d-----w- c:\programdata\Avira
2010-11-20 18:38 . 2010-11-20 18:38 -------- d-----w- c:\program files\Avira
2010-11-12 04:03 . 2010-11-12 04:03 -------- d-----w- C:\_OTL
2010-11-08 00:41 . 2010-11-08 01:31 -------- d-----w- c:\users\Ashish\DoctorWeb
2010-11-06 06:03 . 2010-11-06 06:03 -------- d--h--w- c:\programdata\Common Files
2010-11-06 05:48 . 2010-11-06 05:58 -------- d-----w- c:\programdata\MFAData
2010-11-06 04:39 . 2010-11-06 04:49 -------- d-----w- c:\users\Ashish\AppData\Local\NPE
2010-11-04 02:20 . 2010-09-15 08:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-04 02:20 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 05:59 . 2010-11-13 21:50 12872 ----a-w- c:\windows\system32\bootdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-27 18:06 . 2010-08-29 21:29 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-19 15:41 . 2010-06-14 05:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-07-09 23:45 . 2010-07-09 23:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 68856]
"Google Update"="c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-22 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-04 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-03 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-28 81920]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2010-09-24 237408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-4-13 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 Apple iPhone Configuration Web Utility;Apple iPhone Configuration Web Utility;c:\program files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exe [2008-07-05 25936]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-09 30192]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:16]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:16]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000Core.job
- c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 02:01]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000UA.job
- c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 02:01]

2010-11-27 c:\windows\Tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080404
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Ashish\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
SafeBoot-klmdb.sys
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 15:18
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-27 15:21:04
ComboFix-quarantined-files.txt 2010-11-27 20:20

Pre-Run: 142,700,777,472 bytes free
Post-Run: 142,626,607,104 bytes free

- - End Of File - - 8D029925A9236B0E9AE410772F7E9C00

oltraff, Nov 27, 2010

#30
Broni Malware Annihilator Posts: 39,252 +175

Cool

Combofix log looks good.

How is computer doing....before we go any farther?

Broni, Nov 27, 2010

#31
oltraff Newcomer, in training Posts: 38

I'm still navigating through the task manager (desktop still a blank screen)

oltraff, Nov 27, 2010

#32
Broni Malware Annihilator Posts: 39,252 +175

What will happen if you use "New task", type in:
explorer.exe
and click OK?
Will this bring your desktop back?

Broni, Nov 27, 2010

#33
oltraff Newcomer, in training Posts: 38

I get the Error box titled "explorer.exe - Ordinal Not Found" In the box it says "The ordinal 874 could not be located in the dynamic link library SHELL32.dll"

oltraff, Nov 27, 2010

#34
Broni Malware Annihilator Posts: 39,252 +175
Re-run OTL.

Use the following settings:

Check Scan All Users.

For Processes choose none.

For Modules choose none.

For Services choose none.

For Drivers choose none.

For Standard Registry choose none.

For Extra Registry choose none.

For Files Created Within choose none.

For Files Modified Within choose none.

Under Custom Scans/Fixes paste:

Code:

/md5start SHELL32.dll /md5stop

Finally hit Run Scan and wait for the log to open.

Please post the content of the log into your next reply.
Broni, Nov 27, 2010

#35
oltraff Newcomer, in training Posts: 38

Here's the OTL Log. Thanks

OTL logfile created on: 11/27/2010 4:03:33 PM - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ashish\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 132.87 Gb Free Space | 46.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.28 Gb Free Space | 32.77% Space Free | Partition Type: NTFS

Computer Name: ASHISH-PC | User Name: Ashish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: SHELL32.DLL >
[2006/11/02 04:46:13 | 011,314,688 | ---- | M] (Microsoft Corporation) MD5=0A8317FF6D77DA369C34F88693373A6C -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16386_none_69f268e21510dceb\shell32.dll
[2008/01/19 02:36:10 | 011,580,416 | ---- | M] (Microsoft Corporation) MD5=33E9CE9110597F1A47BA18B96EAFA6FA -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18000_none_6c292ade11fbedbf\shell32.dll
[2008/04/23 23:40:28 | 011,319,808 | ---- | M] (Microsoft Corporation) MD5=3D58E32AA9A5C7F408D97675C81C9AED -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll
[2008/11/06 07:59:27 | 011,582,976 | ---- | M] (Microsoft Corporation) MD5=4A21B11997C1F14D8707C8C501CA59A7 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll
[2008/11/06 07:59:14 | 011,320,832 | ---- | M] (Microsoft Corporation) MD5=4F72C8F593AAB1B83FB5D62CBFBB51F9 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll
[2008/11/06 08:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation) MD5=5D62692EEB77E32F67A966F1BDEB551B -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll
[2008/04/23 23:58:20 | 011,580,416 | ---- | M] (Microsoft Corporation) MD5=61509AF47F663A6EA941492ED181D60C -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll
[2008/04/03 20:34:30 | 011,315,200 | ---- | M] (Microsoft Corporation) MD5=7BA541CD1EAFB4D38DBA594FCF611A62 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20628_none_6abee9952dfc020b\shell32.dll
[2008/04/23 23:45:45 | 011,581,440 | ---- | M] (Microsoft Corporation) MD5=82A0A2AB2C637C11F28C1E37F76A284E -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll
[2008/04/03 20:34:29 | 011,315,200 | ---- | M] (Microsoft Corporation) MD5=AF54933386F459CEC04AC91C49423B25 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll
[2008/04/23 23:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation) MD5=FF37AF2D5DCAFC00BC46AF07B53699B0 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll
[2008/11/06 07:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shell32.dll
[2008/11/06 07:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll

< End of report >

oltraff, Nov 27, 2010

#36
Broni Malware Annihilator Posts: 39,252 +175
OK. I can see the issue....
See, if we can fix it.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FCopy:: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll | C:\Windows\System32\shell32.dll

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
Broni, Nov 27, 2010

#37
oltraff Newcomer, in training Posts: 38

Here's the ComboFix log:

ComboFix 10-11-27.01 - Ashish 11/27/2010 16:22:38.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3581.2485 [GMT -5:00]
Running from: c:\users\Ashish\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashish\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll --> c:\windows\System32\shell32.dll
.
((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 21:25 . 2010-11-27 21:25 -------- d-----w- c:\users\Ashish\AppData\Local\temp
2010-11-27 21:25 . 2010-11-27 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-27 07:47 . 2010-11-27 07:47 -------- d-----w- c:\users\Ashish\AppData\Local\Sunbelt Software
2010-11-27 07:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EE14487-3D27-40F9-8575-B5BF69ECAA20}\mpengine.dll
2010-11-26 23:00 . 2010-11-26 23:00 -------- d-----w- c:\program files\ESET
2010-11-20 18:38 . 2010-11-20 18:38 -------- d-----w- c:\programdata\Avira
2010-11-20 18:38 . 2010-11-20 18:38 -------- d-----w- c:\program files\Avira
2010-11-12 04:03 . 2010-11-12 04:03 -------- d-----w- C:\_OTL
2010-11-08 00:41 . 2010-11-08 01:31 -------- d-----w- c:\users\Ashish\DoctorWeb
2010-11-06 06:03 . 2010-11-06 06:03 -------- d--h--w- c:\programdata\Common Files
2010-11-06 05:48 . 2010-11-06 05:58 -------- d-----w- c:\programdata\MFAData
2010-11-06 04:39 . 2010-11-06 04:49 -------- d-----w- c:\users\Ashish\AppData\Local\NPE
2010-11-04 02:20 . 2010-09-15 08:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-04 02:20 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 05:59 . 2010-11-13 21:50 12872 ----a-w- c:\windows\system32\bootdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-27 18:06 . 2010-08-29 21:29 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-19 15:41 . 2010-06-14 05:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-07-09 23:45 . 2010-07-09 23:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 68856]
"Google Update"="c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-22 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-04 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-03 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-28 81920]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2010-09-24 237408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-4-13 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 Apple iPhone Configuration Web Utility;Apple iPhone Configuration Web Utility;c:\program files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exe [2008-07-05 25936]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-09 30192]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:16]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:16]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000Core.job
- c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 02:01]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000UA.job
- c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 02:01]

2010-11-27 c:\windows\Tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080404
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Ashish\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 16:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-27 16:26:59
ComboFix-quarantined-files.txt 2010-11-27 21:26
ComboFix2.txt 2010-11-27 20:21

Pre-Run: 142,650,925,056 bytes free
Post-Run: 142,605,721,600 bytes free

- - End Of File - - 759BB8C6BFB44624B4BE254A4E9A7F53

oltraff, Nov 27, 2010

#38
Broni Malware Annihilator Posts: 39,252 +175

Is your desktop back?

Broni, Nov 27, 2010

#39
oltraff Newcomer, in training Posts: 38

Nope, it's still blank. I get the same error when I type in explorer.exe as a new task.

oltraff, Nov 27, 2010

#40

Page 2 of 4

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.