TechSpot

Notepad, taskmgr, regedit, msconfig not opening

By sachinwako
Sep 16, 2011
  1. Hi
    This is Sachin, from some days my laptop is having problems.
    I suspect some virus has affected my machine. I am not able to open notepad, regedit, msconfig, task manager, picassa, etc. After double clicking waiting icon comes for one second and then nothing happens. MS office is working fine.

    I am using Vista OS.

    I have gone through the basic housekeeping which has been suggested, but no luck.
    Let me know what information is required.

    Appreciate your help.

    Regards,
    Sachin
     
  2. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    HJT log

    Hi
    PFA HJT log.
    Hope this will speed up the process.

    Regards,
    Sachin
     

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    Malware installation problem

    Hi Broni,
    I downloaded all three files, Malwarebytes Anti-Malware, DDS and GMER.
    As instructed i installed Malwarebytes Anti-Malware first, after installation it detected questscan which was trying to stop Malwarebytes scanning. There were 3 option, ignore, quarentine, third one i dont remember. But after that system hanged. I had to do reboot my machine, after rebooting system hanged again. I rebooted again and clicked on quarentine option. But now i am not able to install other things, the system hangs.

    I am writing this message by going in safe mode with networking option.

    Please help.
    Regards,
    Sachin
     
  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    Uninstalled some Malwares

    Hi Broni,
    Before your earlier reply, i made one more attempt to start my machine.
    I had a window of 10 secs before to uninstall some of the programs which were casusing conflict with the Malwarebytes' Anti-Malware. I got to know the programs which were causing conflict from the message of Malwarebytes' Anti-Malware.
    I went in to the control pannel and uninstalled them one by one. I uninstalled
    a. Questscan
    b. Shopper reports
    c. scanquery

    Now my notepad, msconfig, regedit and taskmanager are working fine.
    I have done this before you suggested the combofix approach.

    Do you want me to go ahead and install combofix, of can we leave it here.
    Please advise.

    Many thanks for your help...

    Regards,
    Sachin
     
  7. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    If your computer runs fairly well...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  8. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    Malware logs

    Hi Broni,
    Below are the requested logs.
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7748

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19088

    9/19/2011 10:51:21 PM
    mbam-log-2011-09-19 (22-51-21).txt

    Scan type: Quick scan
    Objects scanned: 206238
    Time elapsed: 15 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 38
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 6
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2E4A92AB-F2C0-456A-9935-B715439790D7} (Spyware.MarketScore) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0156CA3C-89C4-4D1D-8EB1-AAF4588B929B} (Spyware.MarketScore) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1E24E145-D17C-4343-BB61-83B515F3CF53} (Spyware.MarketScore) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CSetup.Setup.1 (Spyware.MarketScore) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CSetup.Setup (Spyware.MarketScore) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2E4A92AB-F2C0-456A-9935-B715439790D7} (Spyware.MarketScore) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E4A92AB-F2C0-456A-9935-B715439790D7} (Spyware.MarketScore) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E4A92AB-F2C0-456A-9935-B715439790D7} (Spyware.MarketScore) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\DOWNLOADED PROGRAM FILES\PRSETUP.DLL (Spyware.MarketScore) -> Value: PRSETUP.DLL -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Windows\downloaded program files\prsetup.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\$Recycle.Bin\s-1-5-21-2652441148-3962348708-1757086740-1000\$RZC980B\scanquery131.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
    c:\Users\Sachin\AppData\Local\Temp\sai57E4.exe (Worm.Autorun) -> Quarantined and deleted successfully.
    c:\Users\Sachin\AppData\Local\Temp\sai738E.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
     
  9. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    GMER logs

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-19 23:11:28
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS542525K9SA00 rev.BBFOC39P
    Running: g9e6k4nc.exe; Driver: C:\Users\Sachin\AppData\Local\Temp\pxdiqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- Processes - GMER 1.0.15 ----

    Process (*** hidden *** ) -1981647608
    Process (*** hidden *** ) -1983278264
    Process (*** hidden *** ) -1984435536
    Process (*** hidden *** ) -1989002424
    Process (*** hidden *** ) -1989014576
    Process (*** hidden *** ) -1990498208
    Process (*** hidden *** ) -1990447616
    Process (*** hidden *** ) -1981314912
    Process (*** hidden *** ) -1981313536
    Process (*** hidden *** ) -1990805520
    Process (*** hidden *** ) -1983231800
    Process (*** hidden *** ) -1983263232
    Process (*** hidden *** ) -1990451712
    Process (*** hidden *** ) -1990788200
    Process (*** hidden *** ) -1987895808
    Process (*** hidden *** ) -1993451056
    Process (*** hidden *** ) -1971568456
    Process (*** hidden *** ) -1989048992
    Process (*** hidden *** ) -1983620464
    Process (*** hidden *** ) -1971434680
    Process (*** hidden *** ) -1987618944
    Process (*** hidden *** ) -1983250984
    Process (*** hidden *** ) -1988326616
    Process (*** hidden *** ) -1987902344
    Process (*** hidden *** ) -1983878728
    Process (*** hidden *** ) -1982975184
    Process (*** hidden *** ) -1983544328
    Process (*** hidden *** ) -1972907848
    Process (*** hidden *** ) -1972254256
    Process (*** hidden *** ) -1972026288
    Process (*** hidden *** ) -1980950800
    Process (*** hidden *** ) -1990741832
    Process (*** hidden *** ) -1985008768
    Process (*** hidden *** ) -1971596360
    Process (*** hidden *** ) -1983958856
    Process (*** hidden *** ) -1986228736
    Process (*** hidden *** ) -1990451016
    Process (*** hidden *** ) -1981666344
    Process (*** hidden *** ) -1981591368
    Process (*** hidden *** ) -1981486752
    Process (*** hidden *** ) -1981391968
    Process (*** hidden *** ) -1981565360
    Process (*** hidden *** ) -1972817736
    Process (*** hidden *** ) -1990690488
    Process (*** hidden *** ) -1990725448
    Process (*** hidden *** ) -1972083904
    Process (*** hidden *** ) -2023770184
    Process (*** hidden *** ) -1981673288
    Process (*** hidden *** ) -1993597440
    Process (*** hidden *** ) -1990613944
    Process (*** hidden *** ) -2031233456
    Process (*** hidden *** ) -2031211432
    Process (*** hidden *** ) -2031062448
    Process (*** hidden *** ) -1986822656
    Process (*** hidden *** ) -1986295456
    Process (*** hidden *** ) -1985775008
    Process (*** hidden *** ) -1972529504
    Process (*** hidden *** ) -1972168032
    Process (*** hidden *** ) -2031243080
    Process (*** hidden *** ) -2031168704
    Process (*** hidden *** ) -2031243776
    Process (*** hidden *** ) -1992746056
    Process (*** hidden *** ) -1989005128
    Process (*** hidden *** ) -2031171152
    Process (*** hidden *** ) -2022302208
    Process (*** hidden *** ) -2022303600
    Process (*** hidden *** ) -1985958624
    Process (*** hidden *** ) -1985960016
    Process (*** hidden *** ) -1983057152
    Process (*** hidden *** ) -1990699944
    Process (*** hidden *** ) -1986720752
    Process (*** hidden *** ) -1985959320
    Process (*** hidden *** ) -1981139920
    Process (*** hidden *** ) -1981211136
    Process (*** hidden *** ) -1989223824
    Process (*** hidden *** ) -1983313080
    Process (*** hidden *** ) -1981639040
    Process (*** hidden *** ) -1983080400
    Process (*** hidden *** ) -1983081904
    Process (*** hidden *** ) -1985753600
    Process (*** hidden *** ) -1972095232
    Process (*** hidden *** ) -1983055800
    Process (*** hidden *** ) -1972094160
    Process (*** hidden *** ) -1982817960
    Process (*** hidden *** ) -1981648712
    Process (*** hidden *** ) -2031210312
    Process (*** hidden *** ) -1986757120
    Process (*** hidden *** ) -1988992840
    Process (*** hidden *** ) -1972098776
    Process (*** hidden *** ) -1983935816
    Process (*** hidden *** ) -1985201336
    Process (*** hidden *** ) -1993035232
    Process (*** hidden *** ) -1982897568
    Process (*** hidden *** ) -1972163520
    Process (*** hidden *** ) -2026866888
    Process (*** hidden *** ) -1970895488
    Process (*** hidden *** ) -1985043928
    Process (*** hidden *** ) -1986474976
    Process (*** hidden *** ) -1981402952
    Process (*** hidden *** ) -1982938208
    Process (*** hidden *** ) -1982974088
    Process (*** hidden *** ) -1983858896
    Process (*** hidden *** ) -1985049088
    Process (*** hidden *** ) -1985066912
    Process (*** hidden *** ) -1972912640
    Process (*** hidden *** ) -2025886360
    Process (*** hidden *** ) -1991386400
    Process (*** hidden *** ) -2031078248
    Process (*** hidden *** ) -1972617728
    Process (*** hidden *** ) -1971837784
    Process (*** hidden *** ) -2051318272
    Process (*** hidden *** ) -1986300744
    Process (*** hidden *** ) -1986350920
    Process (*** hidden *** ) -1986348928
    Process (*** hidden *** ) -1986351616
    Process (*** hidden *** ) -1986028032
    Process (*** hidden *** ) -1986300048
    Process (*** hidden *** ) -1984581448
    Process (*** hidden *** ) -2051446200
    Process (*** hidden *** ) -2052014592
    Process (*** hidden *** ) -2051003960
    Process (*** hidden *** ) -2051410544
    Process (*** hidden *** ) -2051569144
    Process (*** hidden *** ) -1970919136
    Process (*** hidden *** ) -2050504416
    Process (*** hidden *** ) -2051136272
    Process (*** hidden *** ) -1970921288
    Process (*** hidden *** ) -2050184784
    Process (*** hidden *** ) -2049985296
    Process (*** hidden *** ) -2051475112
    Process (*** hidden *** ) -2050869848
    Process (*** hidden *** ) -2051481416
    Process (*** hidden *** ) -2027620944
    Process (*** hidden *** ) -2051914528
    Process (*** hidden *** ) -2053944704
    Process (*** hidden *** ) -2031086272
    Process (*** hidden *** ) -2052031192
    Process (*** hidden *** ) -2053913096
    Process (*** hidden *** ) -1972488656
    Process (*** hidden *** ) -2054543368
    Process (*** hidden *** ) -2051882224
    Process (*** hidden *** ) -2049991792
    Process (*** hidden *** ) -2049743592
    Process (*** hidden *** ) -2050589184
    Process (*** hidden *** ) -1980946752
    Process (*** hidden *** ) -2051003264
    Process (*** hidden *** ) -2051630688
    Process (*** hidden *** ) -2051876576
    Process (*** hidden *** ) -1972542200
    Process (*** hidden *** ) -1972047688
    Process (*** hidden *** ) -1972775664
    Process (*** hidden *** ) -1984440408
    Process (*** hidden *** ) -1972554792
    Process (*** hidden *** ) -1981650064
    Process (*** hidden *** ) -2031048168
    Process (*** hidden *** ) -1988207688
    Process (*** hidden *** ) -2050196296
    Process (*** hidden *** ) -1987574312
    Process (*** hidden *** ) -2031086968
    Process (*** hidden *** ) -1983072088
    Process (*** hidden *** ) -1986757816
    Process (*** hidden *** ) -2051661408
    Process (*** hidden *** ) -2051746088
    Process (*** hidden *** ) -2051652752
    Process (*** hidden *** ) -1988948480
    Process (*** hidden *** ) -1986329376
    Process (*** hidden *** ) -1986813768
    Process (*** hidden *** ) -2049158984
    Process (*** hidden *** ) -1987293000
    Process (*** hidden *** ) -1985072968
    Process (*** hidden *** ) -1989246792
    Process (*** hidden *** ) -1984676352
    Process (*** hidden *** ) -2050140272
    Process (*** hidden *** ) -1972018072
    Process (*** hidden *** ) -1972387656
    Process (*** hidden *** ) -1983637456
    Process (*** hidden *** ) -2051117568
    Process (*** hidden *** ) -1971898384
    Process (*** hidden *** ) -2027339592
    Process (*** hidden *** ) -1986432840
    Process (*** hidden *** ) -1985982280
    Process (*** hidden *** ) -2026878536
    Process (*** hidden *** ) -2022305608
    Process (*** hidden *** ) -1983331504
    Process (*** hidden *** ) -2048834208
    Process (*** hidden *** ) -1987882384
    Process (*** hidden *** ) -1983270728
    Process (*** hidden *** ) -1971926584
    Process (*** hidden *** ) -1990763824
    Process (*** hidden *** ) -1986754032
    Process (*** hidden *** ) -2049218272
    Process (*** hidden *** ) -1982887208
    Process (*** hidden *** ) -1981057576
    Process (*** hidden *** ) -2048994304
    Process (*** hidden *** ) -2052412088
    Process (*** hidden *** ) -2048922112
    Process (*** hidden *** ) -2048993608
    Process (*** hidden *** ) -1986318152
    Process (*** hidden *** ) -1983965760
    Process (*** hidden *** ) -1987908952
    Process (*** hidden *** ) -1985647104
    Process (*** hidden *** ) -2052443976
    Process (*** hidden *** ) -1981661000
    Process (*** hidden *** ) -1986692560
    Process (*** hidden *** ) -2051710792
    Process (*** hidden *** ) -2050769408
    Process (*** hidden *** ) -1986713392
    Process (*** hidden *** ) -1986659424
    Process (*** hidden *** ) -1981532328
    Process (*** hidden *** ) -2046619464
    Process (*** hidden *** ) -1985737952
    Process (*** hidden *** ) -1988061952
    Process (*** hidden *** ) -1983494168
    Process (*** hidden *** ) -2051873528
    Process (*** hidden *** ) -1972140680
    Process (*** hidden *** ) -2052136776
    Process (*** hidden *** ) -2051159424
    Process (*** hidden *** ) -1990829280
    Process (*** hidden *** ) -2044401672
    Process (*** hidden *** ) -2044395336
    Process (*** hidden *** ) -1981568912
    Process (*** hidden *** ) -2051627312
    Process (*** hidden *** ) -2031217600
    Process (*** hidden *** ) -2054530168
    Process (*** hidden *** ) -2052046664
    Process (*** hidden *** ) -2050692656
    Process (*** hidden *** ) -1972703744
    Process (*** hidden *** ) -1972618816
    Process (*** hidden *** ) -1987962696
    Process (*** hidden *** ) -1993545448
    Process (*** hidden *** ) -1972083176
    Process (*** hidden *** ) -2049848432
    Process (*** hidden *** ) -2050528832
    Process (*** hidden *** ) -1981055488
    Process (*** hidden *** ) -1984535296
    Process (*** hidden *** ) -1988022784
    Process (*** hidden *** ) -1986036224
    Process (*** hidden *** ) -1986726368
    Process (*** hidden *** ) -1972911336
    Process (*** hidden *** ) -1986043720
    Process (*** hidden *** ) -1965042808
    Process (*** hidden *** ) -2046244040
    Process (*** hidden *** ) -2054000456
    Process (*** hidden *** ) -2051759016
    Process (*** hidden *** ) -2050558920
    Process (*** hidden *** ) -2059943072
    Process (*** hidden *** ) -1983999816
    Process (*** hidden *** ) -1981056880
    Process (*** hidden *** ) -2049183560
    Process (*** hidden *** ) -2046575104
    Process (*** hidden *** ) -1981416944
    Process (*** hidden *** ) -1991315272
    Process (*** hidden *** ) -1972060672
    Process (*** hidden *** ) -2047332168
    Process (*** hidden *** ) -1989238600
    Process (*** hidden *** ) -2046590464
    Process (*** hidden *** ) -1972139848
    Process (*** hidden *** ) -1989135464
    Process (*** hidden *** ) -1987508072
    Process (*** hidden *** ) -2052435784
    Process (*** hidden *** ) -1986239320
    Process (*** hidden *** ) -1992720896
    Process (*** hidden *** ) -1981056184
    Process (*** hidden *** ) -1987679352
    Process (*** hidden *** ) -2043893472
    Process (*** hidden *** ) -2031179984
    Process (*** hidden *** ) -1988218696
    Process (*** hidden *** ) -1983864648
    Process (*** hidden *** ) -1986029744
    Process (*** hidden *** ) -2051119176
    Process (*** hidden *** ) -2050499832
    Process (*** hidden *** ) -1983580032
    Process (*** hidden *** ) -1986323936
    Process (*** hidden *** ) -1981512712
    Process (*** hidden *** ) -1981435016
    Process (*** hidden *** ) -1981000096
    Process (*** hidden *** ) -1986722128
    Process (*** hidden *** ) -1972715336
    Process (*** hidden *** ) -2043904784
    Process (*** hidden *** ) -1991491400
    Process (*** hidden *** ) -2054437416
    Process (*** hidden *** ) -1972182856
    Process (*** hidden *** ) -1972090384
    Process (*** hidden *** ) -2054065336
    Process (*** hidden *** ) -1984446280
    Process (*** hidden *** ) -1987669832
    Process (*** hidden *** ) -1971534840
    Process (*** hidden *** ) -1983957136
    Process (*** hidden *** ) -2027632464
    Process (*** hidden *** ) -1986799048
    Process (*** hidden *** ) -1983706992
    Process (*** hidden *** ) -1986207560
    Process (*** hidden *** ) -2022297000
    Process (*** hidden *** ) -2049911056
    Process (*** hidden *** ) -1971576648
    Process (*** hidden *** ) -1986483792
    Process (*** hidden *** ) -1986288376
    Process (*** hidden *** ) -2050360360
    Process (*** hidden *** ) -1986357800
    Process (*** hidden *** ) -1972532608
    Process (*** hidden *** ) -1972135336
    Process (*** hidden *** ) -1983989088
    Process (*** hidden *** ) -2027631104
    Process (*** hidden *** ) -1987377568
    Process (*** hidden *** ) -1983754752
    Process (*** hidden *** ) -2051482112
    Process (*** hidden *** ) -1981657600
    Process (*** hidden *** ) -1983999016
    Process (*** hidden *** ) -2051364360
    Process (*** hidden *** ) -1972795640
    Process (*** hidden *** ) -1990737376
    Process (*** hidden *** ) -1989446384
    Process (*** hidden *** ) -1989188424
    Process (*** hidden *** ) -2049304904
    Process (*** hidden *** ) -1986855424
    Process (*** hidden *** ) -2046511160
    Process (*** hidden *** ) -2059939672
    Process (*** hidden *** ) -2059941032
    Process (*** hidden *** ) -1985083224
    Process (*** hidden *** ) -1984492792
    Process (*** hidden *** ) -1991351704
    Process (*** hidden *** ) -2051874632
    Process (*** hidden *** ) -2031106592
    Process (*** hidden *** ) -2037028576
    Process (*** hidden *** ) -2051370824
    Process (*** hidden *** ) -1986732544
    Process (*** hidden *** ) -2054066824
    Process (*** hidden *** ) -1981135096
    Process (*** hidden *** ) -2143474600

    ---- EOF - GMER 1.0.15 ----
     
  10. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    DDS.logs

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_17
    Run by Sachin at 23:12:00 on 2011-09-19
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3061.1611 [GMT 8:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\aestsrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\dgdersvc.exe
    C:\Windows\system32\FsUsbExService.Exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Sachin\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Windows\System32\p2phost.exe
    B:\sachin\Games\flash\Iridium.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com.sg/
    uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60475
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://in.yahoo.com
    mDefault_Page_URL = hxxp://in.yahoo.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [googletalk] c:\users\sachin\appdata\roaming\google\google talk\googletalk.exe /autostart
    uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
    uRun: [Google Update] "c:\users\sachin\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [IridiumTimeWizard] b:\sachin\games\flash\iridium.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [ares] "c:\program files\ares\Ares.exe" -h
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
    mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent
    mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [sma] c:\program files\smart keystroke recorder\sma.exe
    mRun: [LogService] c:\program files\smart keystroke recorder\logservice.exe "smart keystroke recorder" "software\smart keystroke recorder\appsettings" "skr.log" "software\Smart Keystroke Recorder" "check_url" "develop_url"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.14/uploader2.cab
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/45.19/uploader2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://mumbai.polaris.co.in/dwa7W.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{1B21BA6C-CF97-4210-8D49-1F191645DAF3} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{3DFE91F5-3EFE-450A-85CE-F65D7F1E8C20} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\sachin\appdata\roaming\mozilla\firefox\profiles\w1d8mc2l.default\
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\users\sachin\appdata\roaming\mozilla\firefox\profiles\w1d8mc2l.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\sachin\appdata\roaming\mozilla\firefox\profiles\w1d8mc2l.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\sachin\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\users\sachin\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\sachin\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2011-2-8 73728]
    R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-12-20 95568]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-4-24 217088]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-18 366152]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-23 25824]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-10-2 2436536]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 18120]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-19 99376]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-4-24 36640]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-25 111104]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-18 22216]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-4-24 30312]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-11-24 101120]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-4-24 96488]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-4-24 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-4-24 121576]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-4-24 98152]
    .
    =============== Created Last 30 ================
    .
    2011-09-17 17:05:52 -------- d-----w- c:\users\sachin\appdata\roaming\Malwarebytes
    2011-09-17 17:05:41 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-17 17:05:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-17 17:05:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-17 02:15:13 -------- d-----w- c:\program files\Trend Micro
    2011-09-16 23:48:22 -------- d-----w- C:\eme_uti
    2011-09-16 22:29:17 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b3f87f13-6579-4432-bcc2-386dfb9cdce4}\mpengine.dll
    2011-09-13 14:14:10 -------- d-----w- c:\users\sachin\appdata\local\Solid State Networks
    .
    ==================== Find3M ====================
    .
    2011-07-06 14:56:47 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    .
    ============= FINISH: 23:12:50.93 ===============

    Attach logs

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/28/2008 1:31:25 AM
    System Uptime: 9/19/2011 11:04:51 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0M353G
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz
    .
    ==== Disk Partitions =========================
    .
    B: is FIXED (NTFS) - 102 GiB total, 6.465 GiB free.
    C: is FIXED (NTFS) - 131 GiB total, 45.163 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0001
    Manufacturer: Microsoft
    Name: isatap.{1B21BA6C-CF97-4210-8D49-1F191645DAF3}
    PNP Device ID: ROOT\*ISATAP\0001
    Service: tunnel
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4AF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4AF0
    Service:
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4BF0
    Service:
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4CF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_022F1028&REV_12\4&46E6CB1&0&4CF0
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant HDA D330 MDC V.92 Modem
    Dell Driver Download Manager
    Dell Resource CD
    Dell Touchpad
    DELL Webcam Center
    DELL Webcam Manager
    Dell Wireless WLAN Card
    DivX Setup
    Google Talk (remove only)
    Google Talk Plugin
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Java(TM) 6 Update 17
    Kies
    Laptop Integrated Webcam Driver (1.03.02.0719)
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Marvell Miniport Driver
    Memeo AutoSync
    Memeo Instant Backup
    Memeo Send
    Memeo Share
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mozilla ActiveX Control v1.7.12
    Mozilla Firefox (3.6)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyHeritage Family Tree Builder
    Picasa 3
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    SAMSUNG USB Driver for Mobile Phones
    Seagate Dashboard
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SigmaTel Audio
    Skype™ 5.5
    Symantec Endpoint Protection
    Tata Photon+
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2553110)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.0.1
    WIDCOMM Bluetooth Software 6.0.1.3100
    Xvid Video Codec
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/12/2011 4:09:54 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    9/12/2011 4:09:54 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
    9/12/2011 10:14:46 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    Required Logs

    Hi Broni below are the required logs
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-21 22:02:11
    -----------------------------
    22:02:11.641 OS Version: Windows 6.0.6001 Service Pack 1
    22:02:11.641 Number of processors: 2 586 0xF0D
    22:02:11.642 ComputerName: SACHIN-PC UserName: Sachin
    22:02:44.206 Initialize success
    22:02:52.196 AVAST engine download error: 0
    22:02:53.940 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
    22:02:53.943 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC39P Size: 238475MB BusType: 3
    22:02:55.996 Disk 0 MBR read successfully
    22:02:56.001 Disk 0 MBR scan
    22:02:56.005 Disk 0 Windows VISTA default MBR code
    22:02:56.022 Disk 0 scanning sectors +488392704
    22:02:56.137 Disk 0 scanning C:\Windows\system32\drivers
    22:03:04.053 Service scanning
    22:03:06.241 Modules scanning
    22:03:14.430 Disk 0 trace - called modules:
    22:03:14.462 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS dxgkrnl.sys igdkmd32.sys
    22:03:14.469 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a9758]
    22:03:14.477 3 CLASSPNP.SYS[8ada3745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85edb8a8]
    22:03:14.834 Scan finished successfully
    22:03:59.885 Disk 0 MBR has been saved successfully to "C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\MBR.dat"
    22:03:59.897 The log file has been saved successfully to "C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\aswMBR.txt"
    ********************************************************************************************************Combofix logs
    ********************************************************************************************************
    ComboFix 11-09-15.05 - Sachin 09/21/2011 22:14:42.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3061.1730 [GMT 8:00]
    Running from: b:\software\Antivirus\Malware removal\Combofix\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Sachin\AppData\Local\Temp\_av4_\aswCmnB.dll
    c:\users\Sachin\AppData\Local\Temp\_av4_\aswCmnOS.dll
    c:\users\Sachin\AppData\Local\Temp\_av4_\aswCmnS.dll
    c:\users\Sachin\AppData\Local\Temp\_av4_\aswEngin.dll
    c:\users\Sachin\AppData\Local\Temp\_av4_\aswScan.dll
    c:\windows\system32\comct332.ocx
    c:\windows\system32\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-21 14:17 . 2011-09-21 14:19 -------- d-----w- c:\users\Sachin\AppData\Local\temp
    2011-09-21 14:17 . 2011-09-21 14:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-20 14:43 . 2011-09-20 14:44 -------- d-----w- c:\program files\Common Files\Adobe
    2011-09-17 17:05 . 2011-09-17 17:05 -------- d-----w- c:\users\Sachin\AppData\Roaming\Malwarebytes
    2011-09-17 17:05 . 2011-09-17 17:05 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-17 17:05 . 2011-09-17 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-17 17:05 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-17 02:15 . 2011-09-17 02:15 -------- d-----w- c:\program files\Trend Micro
    2011-09-16 23:48 . 2011-09-17 00:00 -------- d-----w- C:\eme_uti
    2011-09-13 14:14 . 2011-09-14 13:55 -------- d-----w- c:\users\Sachin\AppData\Local\Solid State Networks
    2011-08-26 08:06 . 2011-08-26 08:06 -------- d-----w- c:\users\Tejaswi
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-12 02:44 . 2011-09-21 04:12 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{281F00B9-771A-4868-A954-66B46CCD7F13}\mpengine.dll
    2011-07-06 14:56 . 2011-08-11 12:01 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2006-06-15 15:03 . 2009-09-24 16:49 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-25 13:13 . 2009-09-24 16:48 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 09:11 . 2009-09-24 16:49 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 07:40 . 2009-09-24 16:48 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 06:49 . 2009-09-24 16:48 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-10 13:05 . 2009-09-24 16:49 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 05:40 . 2009-09-24 16:48 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 06:12 . 2009-09-24 16:48 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 05:52 . 2009-09-24 16:48 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 05:51 . 2009-09-24 16:48 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4E86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
    .
    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
    "googletalk"="c:\users\Sachin\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
    "IridiumTimeWizard"="b:\sachin\Games\flash\iridium.exe" [1999-11-01 245760]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-12-29 3365688]
    "DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogService"="c:\program files\Smart Keystroke Recorder\LogService.exe Smart Keystroke Recorder SOFTWARE\Smart Keystroke Recorder\AppSettings skr.log SOFTWARE\Smart Keystroke Recorder check_url develop_url" [X]
    "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
    "Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
    "Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-10-27 30312]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-10-27 96488]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-10-27 12776]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-10-27 121576]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-10-27 98152]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
    S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-12-20 95568]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-20 217088]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 18120]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-08-24 99376]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-12-20 36640]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - FSUSBEXDISK
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c0ff8bd-a44d-11dd-a884-001fe2dbf265}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c0ff8e4-a44d-11dd-a884-001fe2dbf265}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c1e4e99-fba9-11df-8b2d-001fe2dbf265}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d6c58f-09d1-11df-a471-001fe2dbf265}]
    \shell\AutoRun\command - System\Security\FlashGuard.exe -run
    \shell\Explore\Command - System\Security\FlashGuard.exe -run
    \shell\Open\Command - System\Security\FlashGuard.exe -run
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6cc65e27-a44c-11dd-a7cd-806e6f6e6963}]
    \shell\AutoRun\command - D:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83cbb571-f72b-11df-8106-001fe2dbf265}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83cbb57b-f72b-11df-8106-001fe2dbf265}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83cbb57f-f72b-11df-8106-001fe2dbf265}]
    \shell\AutoRun\command - F:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96dd6a87-6987-11de-b836-001fe2dbf265}]
    \shell\Auto\Command - wscript.exe CleanVirus.vbs
    \shell\AutoRun\command - wscript.exe CleanVirus.vbs
    \shell\Explore\Command - wscript.exe CleanVirus.vbs
    \shell\Find\Command - wscript.exe CleanVirus.vbs
    \shell\Format...\Command - wscript.exe CleanVirus.vbs
    \shell\open\Command - wscript.exe CleanVirus.vbs
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0fcb439-e5b5-11df-bcf8-001fe2dbf265}]
    \shell\AutoRun\command - F:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3d33a86-e3fc-11df-8a95-001fe2dbf265}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3d33a89-e3fc-11df-8a95-001fe2dbf265}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3d33a8c-e3fc-11df-8a95-001fe2dbf265}]
    \shell\AutoRun\command - E:\AutoRun.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc4b5243-a409-11dd-b9cd-001fe2dbf265}]
    \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL jaIjaeQ.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652441148-3962348708-1757086740-1000Core.job
    - c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 04:27]
    .
    2011-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652441148-3962348708-1757086740-1000UA.job
    - c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 04:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.sg/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://in.yahoo.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\w1d8mc2l.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    HKCU-Run-ares - c:\program files\Ares\Ares.exe
    HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    HKLM-Run-sma - c:\program files\Smart Keystroke Recorder\sma.exe
    SafeBoot-Symantec Antvirus
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-21 22:19
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5652)
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    c:\program files\Memeo\AutoBackup\InstantBackup.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-21 22:27:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-21 14:25
    .
    Pre-Run: 48,092,504,064 bytes free
    Post-Run: 52,773,769,216 bytes free
    .
    - - End Of File - - BFB530A9DB5ADA242F149F1C11EC25E5

    Regards,
    Sachin
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You didn't update Combofix when it asked you to do so.
    Delete your Combofix file, download fresh one and post new log.
     
  14. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    Combofix logs

    Hi Broni,
    I never got an option of update while running combofix.
    Still i have deleted old one and downloaded new one.
    Below are the logs.











    ComboFix 11-09-21.04 - Sachin 09/22/2011 22:04:02.2.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3061.1732 [GMT 8:00]
    Running from: b:\software\Antivirus\Malware removal\Combofix\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    B:\Pictures.lnk
    c:\users\Sachin\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-22 14:11 . 2011-09-22 14:13 -------- d-----w- c:\users\Sachin\AppData\Local\temp
    2011-09-22 14:11 . 2011-09-22 14:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-09-22 14:11 . 2011-09-22 14:11 -------- d-----w- c:\users\TEMP\AppData\Local\temp
    2011-09-22 14:11 . 2011-09-22 14:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-21 04:12 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{281F00B9-771A-4868-A954-66B46CCD7F13}\mpengine.dll
    2011-09-20 14:43 . 2011-09-20 14:44 -------- d-----w- c:\program files\Common Files\Adobe
    2011-09-17 17:05 . 2011-09-17 17:05 -------- d-----w- c:\users\Sachin\AppData\Roaming\Malwarebytes
    2011-09-17 17:05 . 2011-09-17 17:05 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-17 17:05 . 2011-09-17 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-17 17:05 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-17 02:15 . 2011-09-17 02:15 -------- d-----w- c:\program files\Trend Micro
    2011-09-16 23:48 . 2011-09-17 00:00 -------- d-----w- C:\eme_uti
    2011-09-13 14:14 . 2011-09-14 13:55 -------- d-----w- c:\users\Sachin\AppData\Local\Solid State Networks
    2011-08-26 08:06 . 2011-08-26 08:06 -------- d-----w- c:\users\Tejaswi
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-06 14:56 . 2011-08-11 12:01 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2006-06-15 15:03 . 2009-09-24 16:49 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
    2006-05-25 13:13 . 2009-09-24 16:48 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
    2005-09-29 09:11 . 2009-09-24 16:49 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
    2006-06-19 07:40 . 2009-09-24 16:48 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
    2005-02-02 06:49 . 2009-09-24 16:48 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
    2006-04-10 13:05 . 2009-09-24 16:49 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
    2005-11-09 05:40 . 2009-09-24 16:48 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
    2005-11-09 06:12 . 2009-09-24 16:48 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
    2006-01-04 05:52 . 2009-09-24 16:48 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
    2006-01-04 05:51 . 2009-09-24 16:48 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4E86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
    .
    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
    "googletalk"="c:\users\Sachin\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
    "IridiumTimeWizard"="b:\sachin\Games\flash\iridium.exe" [1999-11-01 245760]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-12-29 3365688]
    "DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogService"="c:\program files\Smart Keystroke Recorder\LogService.exe Smart Keystroke Recorder SOFTWARE\Smart Keystroke Recorder\AppSettings skr.log SOFTWARE\Smart Keystroke Recorder check_url develop_url" [X]
    "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
    "Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
    "Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-10-27 30312]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-10-27 96488]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-10-27 12776]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-10-27 121576]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-10-27 98152]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
    S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-12-20 95568]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-20 217088]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 18120]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-08-24 99376]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-12-20 36640]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652441148-3962348708-1757086740-1000Core.job
    - c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 04:27]
    .
    2011-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2652441148-3962348708-1757086740-1000UA.job
    - c:\users\Sachin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 04:27]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.sg/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://in.yahoo.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\w1d8mc2l.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3784)
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\windows\System32\bcmwltry.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-22 22:20:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-22 14:20
    .
    Pre-Run: 52,417,458,176 bytes free
    Post-Run: 52,363,280,384 bytes free
    .
    - - End Of File - - 0E2C025CB4B768A5627E3163D57A6FFF
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good now.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    OTL and Extra log

    Hi Broni,
    Below are logs from OTL
    OTL logfile created on: 9/24/2011 2:15:50 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = B:\software\Antivirus\Malware removal\OTL
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.13% Memory free
    6.18 Gb Paging File | 4.43 Gb Available in Paging File | 71.63% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 130.66 Gb Total Space | 48.49 Gb Free Space | 37.11% Space Free | Partition Type: NTFS

    Computer Name: SACHIN-PC | User Name: Sachin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/24 02:13:03 | 000,582,656 | ---- | M] (OldTimer Tools) -- B:\software\Antivirus\Malware removal\OTL\OTL.exe
    PRC - [2011/09/07 18:14:04 | 000,161,336 | ---- | M] (Google) -- C:\Users\Sachin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/04/03 12:37:57 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    PRC - [2011/03/22 02:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/12/29 14:23:58 | 003,365,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2010/12/20 14:43:36 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
    PRC - [2010/12/20 14:42:04 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
    PRC - [2010/04/30 22:47:00 | 000,069,896 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    PRC - [2010/04/30 22:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    PRC - [2010/04/23 08:33:04 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    PRC - [2010/04/23 08:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
    PRC - [2009/11/05 08:29:40 | 004,363,536 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\Memeo Send\MemeoSend.exe
    PRC - [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/02 19:03:04 | 001,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2008/10/02 19:03:04 | 001,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2008/10/02 19:03:04 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2008/10/02 19:03:02 | 002,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2008/02/15 20:55:34 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
    PRC - [2008/01/21 10:35:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
    PRC - [2007/09/20 18:01:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/06/07 13:44:36 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
    PRC - [2007/01/02 05:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Sachin\AppData\Roaming\Google\Google Talk\googletalk.exe
    PRC - [1999/11/01 16:44:00 | 000,245,760 | ---- | M] () -- B:\sachin\Games\flash\Iridium.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/06/26 11:18:20 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
    MOD - [2011/06/26 11:17:06 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
    MOD - [2011/06/26 11:16:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
    MOD - [2011/06/26 11:16:03 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
    MOD - [2011/06/26 11:15:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
    MOD - [2011/06/26 11:15:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
    MOD - [2011/06/26 11:15:37 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
    MOD - [2011/06/26 11:13:21 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
    MOD - [2011/06/26 11:13:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
    MOD - [2011/06/26 11:12:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
    MOD - [2011/06/26 11:12:39 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
    MOD - [2011/06/26 11:11:44 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
    MOD - [2011/06/26 11:11:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    MOD - [2011/03/22 02:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/03/22 02:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/01/19 09:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll
    MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2010/04/23 08:33:24 | 002,887,904 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
    MOD - [2010/04/23 08:33:20 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
    MOD - [2010/04/23 08:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
    MOD - [2010/03/23 06:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
    MOD - [2009/11/05 08:29:54 | 000,837,904 | ---- | M] () -- C:\Program Files\Memeo\Memeo Send\Tanagra.Utility.dll
    MOD - [2009/11/05 08:29:52 | 000,040,208 | ---- | M] () -- C:\Program Files\Memeo\Memeo Send\Tanagra.Interop.dll
    MOD - [2009/11/05 08:29:50 | 000,300,816 | ---- | M] () -- C:\Program Files\Memeo\Memeo Send\Tanagra.DataClad.DataAccess.dll
    MOD - [2009/11/05 08:29:42 | 000,378,128 | ---- | M] () -- C:\Program Files\Memeo\Memeo Send\Memeo.Client.dll
    MOD - [2008/07/28 02:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2007/04/13 18:08:22 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
    MOD - [1999/11/01 16:44:00 | 000,245,760 | ---- | M] () -- B:\sachin\Games\flash\Iridium.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/12/20 14:43:36 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
    SRV - [2010/12/20 14:42:04 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2010/04/30 22:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
    SRV - [2010/04/23 08:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
    SRV - [2008/10/02 19:03:04 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2008/10/02 19:03:04 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2008/10/02 19:03:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2008/10/02 19:03:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2008/10/02 19:03:02 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2008/09/01 13:48:10 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2008/06/30 19:06:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2008/02/15 20:55:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
    SRV - [2008/01/21 10:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/20 18:01:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/12/20 14:43:36 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - [2010/12/20 14:42:04 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/10/27 10:00:42 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2010/10/27 10:00:42 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
    DRV - [2010/10/27 10:00:42 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV - [2010/10/27 10:00:42 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
    DRV - [2010/10/27 10:00:42 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV - [2009/10/12 17:52:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
    DRV - [2009/08/19 20:05:35 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2008/10/02 19:03:04 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2008/10/02 19:03:04 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2008/10/02 19:03:04 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2008/10/02 19:03:02 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2008/10/02 19:03:02 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2008/10/02 19:03:02 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2008/08/25 03:30:00 | 000,873,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080825.020\NAVEX15.SYS -- (NAVEX15)
    DRV - [2008/08/25 03:30:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2008/08/25 03:30:00 | 000,099,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2008/08/25 03:30:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080825.020\NAVENG.SYS -- (NAVENG)
    DRV - [2008/02/15 20:57:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/01/21 10:33:50 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2007/07/18 03:32:00 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/06/25 21:23:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/04/04 15:13:38 | 000,098,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
    DRV - [2007/04/04 15:13:36 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716obex.sys -- (s716obex)
    DRV - [2007/04/04 15:13:36 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
    DRV - [2007/04/04 15:13:34 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdm.sys -- (s716mdm)
    DRV - [2007/04/04 15:13:34 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)
    DRV - [2007/04/04 15:13:32 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716mdfl.sys -- (s716mdfl)
    DRV - [2007/04/04 15:13:20 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
    DRV - [2007/03/26 18:48:24 | 000,111,104 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2007/03/05 21:15:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2006/08/04 19:09:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
    IE - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
    IE - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\..\URLSearchHook: {1C4AB6A5-595F-4E86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
    IE - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94


    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sachin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sachin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sachin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sachin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/22 22:38:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/07 17:44:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/07 17:44:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/18 21:19:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/20 22:44:09 | 000,000,000 | ---D | M]

    [2010/02/04 01:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sachin\AppData\Roaming\Mozilla\Extensions
    [2011/09/18 21:20:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\w1d8mc2l.default\extensions
    [2009/09/20 19:36:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\w1d8mc2l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2008/12/26 11:49:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\w1d8mc2l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/01/25 02:45:40 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\w1d8mc2l.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2011/01/25 02:45:40 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\w1d8mc2l.default\extensions\engine@conduit.com
    [2011/01/25 04:55:44 | 000,010,015 | ---- | M] () -- C:\Users\Sachin\AppData\Roaming\Mozilla\Firefox\Profiles\w1d8mc2l.default\searchplugins\mywebsearch.xml
    [2011/09/18 21:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008/11/15 23:10:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/05/07 17:44:33 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
    [2011/05/07 17:44:34 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
    [2010/12/22 22:38:26 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

    ========== Chrome ==========

    CHR - Extension: DivX HiQ = C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sachin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

    O1 HOSTS File: ([2011/09/22 22:13:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [LogService] C:\Program Files\Smart Keystroke Recorder\LogService.exe "Smart Keystroke Recorder" "SOFTWARE\Smart Keystroke Recorder\AppSettings" "skr.log" "SOFTWARE\Smart Keystroke Recorder" "check_url" "develop_url" File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
    O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
    O4 - HKLM..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe ()
    O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
    O4 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000..\Run: [DELL Webcam Manager] C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000..\Run: [googletalk] C:\Users\Sachin\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000..\Run: [IridiumTimeWizard] B:\sachin\Games\flash\Iridium.exe ()
    O4 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/58.14/uploader2.cab (UploadListView Class)
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/45.19/uploader2.cab (UploadListView Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://mumbai.polaris.co.in/dwa7W.cab (Domino Web Access 7 Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B21BA6C-CF97-4210-8D49-1F191645DAF3}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DFE91F5-3EFE-450A-85CE-F65D7F1E8C20}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Sachin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Sachin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/22 22:20:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/09/22 22:20:41 | 000,000,000 | ---D | C] -- C:\Users\Sachin\AppData\Local\temp
    [2011/09/22 22:13:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/09/21 22:12:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/09/21 22:12:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/09/21 22:12:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/09/21 22:11:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/21 22:11:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/20 22:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2011/09/20 22:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2011/09/18 21:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
    [2011/09/18 01:05:52 | 000,000,000 | ---D | C] -- C:\Users\Sachin\AppData\Roaming\Malwarebytes
    [2011/09/18 01:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/18 01:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/09/18 01:05:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/09/18 01:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/09/17 10:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2011/09/17 10:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/09/17 07:48:22 | 000,000,000 | ---D | C] -- C:\eme_uti
    [2011/09/14 21:43:35 | 000,000,000 | ---D | C] -- C:\Users\Sachin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Keystroke Recorder
    [2011/09/13 22:14:10 | 000,000,000 | ---D | C] -- C:\Users\Sachin\AppData\Local\Solid State Networks
    [2011/09/12 22:10:07 | 000,000,000 | R--D | C] -- C:\Users\Sachin\Documents
    [2011/09/03 22:46:53 | 000,000,000 | ---D | C] -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\hob

    ========== Files - Modified Within 30 Days ==========

    [2011/09/24 02:17:35 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2652441148-3962348708-1757086740-1000UA.job
    [2011/09/24 01:59:18 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/24 01:59:17 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/24 01:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/24 01:59:08 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/23 18:39:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/09/22 22:13:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/09/21 22:03:59 | 000,000,512 | ---- | M] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\MBR.dat
    [2011/09/21 12:09:00 | 000,629,122 | ---- | M] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\Circular_DurgaPuja_2011.pdf
    [2011/09/20 22:45:56 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
    [2011/09/20 22:44:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/09/20 22:42:03 | 000,061,053 | ---- | M] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\familyplan.pdf
    [2011/09/19 23:05:18 | 347,606,174 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/09/18 21:19:34 | 000,001,708 | ---- | M] () -- C:\Users\Sachin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/09/18 21:19:34 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/09/18 01:26:33 | 000,001,356 | ---- | M] () -- C:\Users\Sachin\AppData\Local\d3d9caps.dat
    [2011/09/18 01:05:42 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/17 07:17:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2652441148-3962348708-1757086740-1000Core.job
    [2011/09/09 15:25:48 | 000,090,839 | ---- | M] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\DPForm12.pdf
    [2011/09/07 21:45:30 | 000,000,610 | ---- | M] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\notepad - Shortcut.lnk
    [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/08/27 23:46:12 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/08/27 23:46:12 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/08/27 00:30:01 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk

    ========== Files Created - No Company Name ==========

    [2011/09/21 22:12:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/21 22:12:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/21 22:12:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/21 22:12:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/21 22:12:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/21 22:03:59 | 000,000,512 | ---- | C] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\MBR.dat
    [2011/09/21 12:08:53 | 000,629,122 | ---- | C] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\Circular_DurgaPuja_2011.pdf
    [2011/09/20 22:45:56 | 000,000,846 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
    [2011/09/20 22:45:56 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
    [2011/09/20 22:44:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/09/20 22:44:09 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2011/09/20 22:42:02 | 000,061,053 | ---- | C] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\familyplan.pdf
    [2011/09/18 21:19:34 | 000,001,708 | ---- | C] () -- C:\Users\Sachin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/09/18 21:19:34 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/09/18 02:10:12 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
    [2011/09/18 01:05:42 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/15 07:32:46 | 000,002,044 | ---- | C] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\01a5684f47e98f56.dat
    [2011/09/09 15:25:48 | 000,090,839 | ---- | C] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\DPForm12.pdf
    [2011/09/07 21:45:30 | 000,000,610 | ---- | C] () -- C:\Users\Sachin\Pictures\Adobe\Scanned Photos\Documents\Desktop\notepad - Shortcut.lnk
    [2011/08/27 00:30:01 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
    [2011/04/24 19:37:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2011/04/24 19:37:38 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2011/04/03 16:42:03 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/04/03 16:42:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/12/20 14:44:34 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2010/12/20 14:44:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2010/12/20 14:44:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2010/12/20 14:44:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2010/12/20 14:43:30 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2010/11/10 04:06:27 | 000,000,000 | ---- | C] () -- C:\Windows\mngui.INI
    [2010/08/15 16:17:03 | 000,000,198 | ---- | C] () -- C:\Windows\MyHeritage.INI
    [2010/08/15 16:11:59 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
    [2010/02/25 16:32:43 | 000,000,096 | RHS- | C] () -- C:\Users\Sachin\AppData\Roaming\setup.ini
    [2009/09/25 01:35:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2009/09/25 01:35:39 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2009/09/25 01:35:39 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2009/09/25 01:35:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
    [2009/06/11 01:21:49 | 000,024,206 | ---- | C] () -- C:\Users\Sachin\AppData\Roaming\UserTile.png
    [2008/11/15 23:13:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/11/15 23:13:17 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2008/11/02 04:01:49 | 000,000,552 | ---- | C] () -- C:\Users\Sachin\AppData\Local\d3d8caps.dat
    [2008/11/02 03:56:40 | 000,250,368 | ---- | C] () -- C:\Users\Sachin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/28 07:47:14 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2008/10/28 07:47:13 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2008/10/28 01:57:04 | 000,001,356 | ---- | C] () -- C:\Users\Sachin\AppData\Local\d3d9caps.dat
    [2008/10/28 01:30:57 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2008/01/21 10:33:53 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2006/11/03 19:55:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 20:44:53 | 000,377,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 18:33:01 | 000,598,588 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 18:33:01 | 000,102,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/02 15:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2001/11/14 15:26:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== LOP Check ==========

    [2011/01/28 03:48:03 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\BitTorrent
    [2009/01/25 13:05:33 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\Graboid Inc
    [2010/02/28 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\ICAClient
    [2009/04/26 18:40:50 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\Leadertech
    [2011/04/30 22:28:40 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\Memeo
    [2010/08/15 16:21:10 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\MyHeritage
    [2008/11/18 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\Nokia
    [2008/11/18 22:43:23 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\Nokia Multimedia Player
    [2008/11/18 22:43:56 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\NSeries
    [2008/11/18 21:57:38 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\PC Suite
    [2009/06/11 01:21:49 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\PeerNetworking
    [2011/04/24 19:22:57 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\Samsung
    [2010/10/17 18:44:28 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\Seagate
    [2010/02/25 16:32:43 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\support
    [2010/12/09 23:19:13 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\Teleca
    [2010/08/15 16:11:59 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\The Complete Genealogy Reporter - FTB
    [2008/10/28 08:28:16 | 000,000,000 | ---D | M] -- C:\Users\Sachin\AppData\Roaming\TMP
    [2011/08/26 16:07:57 | 000,000,000 | ---D | M] -- C:\Users\Tejaswi\AppData\Roaming\Memeo
    [2011/08/26 16:07:40 | 000,000,000 | ---D | M] -- C:\Users\Tejaswi\AppData\Roaming\Seagate
    [2011/09/23 18:39:55 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  17. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    OTL logs 2

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/04/24 19:22:48 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
    [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/21 10:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2008/10/28 02:25:54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/09/22 22:20:37 | 000,015,828 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/09/24 01:59:08 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
    [2009/05/13 21:35:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/04/30 14:13:26 | 000,000,162 | ---- | M] () -- C:\MemeoSendAddin
    [2009/05/13 21:35:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/09/25 01:26:07 | 000,022,729 | ---- | M] () -- C:\newfile.enc
    [2009/09/25 01:26:07 | 000,022,729 | ---- | M] () -- C:\newkey
    [2011/09/24 01:59:07 | 3524,587,520 | -HS- | M] () -- C:\pagefile.sys
    [2011/07/17 01:30:46 | 000,004,229 | ---- | M] () -- C:\SeagateAdapter
    [2009/09/25 00:49:34 | 000,000,174 | ---- | M] () -- C:\Setup.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 20:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 20:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 20:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 20:35:34 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/19 05:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/10/26 22:26:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 10:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 11:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 11:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 11:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/29 11:53:18 | 000,000,286 | -HS- | M] () -- C:\Users\Sachin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/10/28 01:57:16 | 000,000,402 | -HS- | M] () -- C:\Users\Sachin\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >
     
  18. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    Extra logs

    OTL Extras logfile created on: 9/24/2011 2:15:50 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = B:\software\Antivirus\Malware removal\OTL
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.13% Memory free
    6.18 Gb Paging File | 4.43 Gb Available in Paging File | 71.63% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 130.66 Gb Total Space | 48.49 Gb Free Space | 37.11% Space Free | Partition Type: NTFS

    Computer Name: SACHIN-PC | User Name: Sachin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03F6AC76-DF67-424E-B48A-94F7DB781BDF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{15595779-EAAE-4052-9F11-1066CFE0DCF4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{251E10ED-1C5A-4046-A18D-8A5C70512887}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{2E33A60D-D4E3-4392-B8D7-DF13BD653E9D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{3546EF46-1ABB-4A2A-8936-7CD38F4C4E2F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{391BC8F5-EF33-40EC-B687-2A6D0B4D5A5B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{70411602-3F23-4932-93F7-67FAC92E24EE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{7F35A93E-F3C8-4EA3-99A0-064D48EF25D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{90154C21-1AFC-4B56-9056-A0B36FFBFACD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9F96BFB6-632B-4EAB-8090-E197BE92224A}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{B6862854-203D-48F6-A97A-F2BF65C8DBDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DE1C3EFF-8471-4671-A651-95B40C8E18FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{F0676CB7-7889-40F7-930E-70F201DE118A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{080C763C-4FE5-46A0-B229-3000C884CEFF}" = protocol=6 | dir=in | app=c:\users\sachin\appdata\local\temp\~os782.tmp\prmrsr.exe |
    "{114A2743-3510-4191-B12E-019F675AE4BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{24F5278A-E68D-4F16-A298-101FC93887D0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{4363F5D7-7A8C-42CC-9FE1-A3FF2DD51533}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{58532E9C-E5E7-43E7-895B-640F32092B57}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{61CD33DD-2B3F-4356-902E-3FD005E2D042}" = protocol=17 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
    "{6E54FD42-A69C-48E6-A6D2-9557056DB83E}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
    "{752536EA-F255-4198-95A1-AB6A4B9E1539}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{82558FC2-2CDD-431A-A4E3-A884F5E4943D}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
    "{8750DDCD-6CAB-4BCD-A984-A0D54CEC0994}" = protocol=6 | dir=in | app=c:\users\sachin\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{8D161CE8-BE26-4BF5-9C6C-22B4A0F646AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{8D737F65-36BA-4BB4-86FA-755F6C54F432}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{92AF07BC-1AD6-428B-A0D5-36C7F0A295FB}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
    "{A1FF0DD5-1F8E-439F-BA5D-C15C5A542D37}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A327282C-2BB3-40B9-BB12-9321ED0A1472}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{B29E1462-E661-4251-B945-32E2C112FD62}" = protocol=6 | dir=in | app=c:\users\sachin\appdata\local\temp\~osf3f0.tmp\prmrsr.exe |
    "{B9F6EC5E-D421-461F-8E0D-8CB57A25674F}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
    "{BFE291C5-34A4-4B84-89D7-3D5528F884DE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{C9FA3331-D3F5-4D25-8BDE-817E2D4C3A89}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{D7B09945-5318-4045-BDF3-4A9A1B528025}" = protocol=17 | dir=in | app=c:\users\sachin\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{E011FEBB-80B4-42EA-956E-3050E9DFE678}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{E375FFCD-C226-4D2C-ACD8-0F49B5E0646B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{E96F7D65-9EB4-4F71-A02D-3899F2DD822E}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
    "{EC304893-D0C4-4EC9-879A-39C299D2A065}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
    "{F1777342-1CE3-4273-8971-43DE4C14FF9A}" = protocol=6 | dir=in | app=c:\program files\acspmonitor\asmonitor.exe |
    "TCP Query User{2525B735-70D9-4982-AC6B-311C418173FC}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
    "TCP Query User{31239F1E-6917-43D9-9C17-EDC01C6BB2DD}C:\program files\permissionresearch\prmrsr.exe" = protocol=6 | dir=in | app=c:\program files\permissionresearch\prmrsr.exe |
    "TCP Query User{524E9F96-2E41-47A4-9C0D-A58357882E2D}B:\sachin\games\age of empire-ii the conquerors\age2_x1.exe" = protocol=6 | dir=in | app=b:\sachin\games\age of empire-ii the conquerors\age2_x1.exe |
    "TCP Query User{6C8EAD21-550B-4087-9037-4801090EA485}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{ADE273AA-C7A8-4176-9F05-474822342F22}B:\sachin\games\age of empire-ii the conquerors\empires2.exe" = protocol=6 | dir=in | app=b:\sachin\games\age of empire-ii the conquerors\empires2.exe |
    "TCP Query User{BB4BD56C-3D38-4F18-BC1A-8EDFDF050058}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{DE0B8A94-7121-4C69-9A06-61326F98DF71}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{EC0E462D-0DFF-499E-B648-5844CEC764AB}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
    "UDP Query User{3FED6E95-19DE-453B-9682-D5A0B5905936}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
    "UDP Query User{56B43836-4F4D-4B3C-B41C-3BCD14E76184}B:\sachin\games\age of empire-ii the conquerors\age2_x1.exe" = protocol=17 | dir=in | app=b:\sachin\games\age of empire-ii the conquerors\age2_x1.exe |
    "UDP Query User{7D43572E-D42B-4686-9CBD-83360944850A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{7E2446A7-7E36-492A-9E77-82DC840BCEE2}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{A0AEDA93-9F6B-4C8B-AF48-3E682AB0A584}C:\program files\permissionresearch\prmrsr.exe" = protocol=17 | dir=in | app=c:\program files\permissionresearch\prmrsr.exe |
    "UDP Query User{AA9916FC-2CFB-4F5E-94AB-9106F039E97F}B:\sachin\games\age of empire-ii the conquerors\empires2.exe" = protocol=17 | dir=in | app=b:\sachin\games\age of empire-ii the conquerors\empires2.exe |
    "UDP Query User{B8C84A0A-46FD-45E3-92B8-00DE54F56D0C}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
    "UDP Query User{D6B860AA-770A-426A-9B29-C47F105E166F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{49C27FB0-CEEF-4A11-8114-0BFE336D3884}" = Symantec Endpoint Protection
    "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
    "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
    "{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
    "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.5
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
    "DELL Webcam Center" = DELL Webcam Center
    "DELL Webcam Manager" = DELL Webcam Manager
    "DivX Setup.divx.com" = DivX Setup
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Family Tree Builder" = MyHeritage Family Tree Builder
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HijackThis" = HijackThis 2.0.2
    "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "Picasa 3" = Picasa 3
    "RealPlayer 12.0" = RealPlayer
    "Tata Photon+" = Tata Photon+
    "VLC media player" = VLC media player 1.0.1
    "Xvid Video Codec 1.3.1" = Xvid Video Codec
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2652441148-3962348708-1757086740-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "f031ef6ac137efc5" = Dell Driver Download Manager

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/22/2011 12:50:44 AM | Computer Name = Sachin-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
    Dependent
    Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 9/22/2011 12:54:53 AM | Computer Name = Sachin-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
    Dependent
    Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 9/22/2011 3:21:51 AM | Computer Name = Sachin-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 9/22/2011 9:38:02 AM | Computer Name = Sachin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/22/2011 10:14:39 AM | Computer Name = Sachin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/23/2011 12:16:04 AM | Computer Name = Sachin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/23/2011 2:26:07 AM | Computer Name = Sachin-PC | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Spyware.SmartKeylogger in File: c:\Users\Sachin\Pictures\Adobe\Scanned
    Photos\Documents\Downloads\smart-keystroke-recorder-setup.exe by: Scheduled scan.
    Action: Delete succeeded. Action Description: The file was deleted successfully.



    Error - 9/23/2011 6:39:40 AM | Computer Name = Sachin-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 9/23/2011 2:00:14 PM | Computer Name = Sachin-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/23/2011 2:18:59 PM | Computer Name = Sachin-PC | Source = VSS | ID = 8193
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 6/19/2011 9:30:28 AM | Computer Name = Sachin-PC | Source = WLAN-Tray | ID = 0
    Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
    Adapter Manager Container)

    Error - 6/28/2011 12:54:07 AM | Computer Name = Sachin-PC | Source = WLAN-Tray | ID = 0
    Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
    Adapter Manager Container)

    Error - 9/3/2011 7:51:37 AM | Computer Name = Sachin-PC | Source = WLAN-Tray | ID = 0
    Description = 19:51:37, Sat, Sep 03, 11 Error - Unable to gain access to user store


    Error - 9/3/2011 7:55:30 AM | Computer Name = Sachin-PC | Source = WLAN-Tray | ID = 0
    Description = 19:55:30, Sat, Sep 03, 11 Error - Unable to gain access to user store


    [ OSession Events ]
    Error - 6/21/2011 9:53:00 AM | Computer Name = Sachin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2025
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/23/2011 12:16:04 AM | Computer Name = Sachin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/23/2011 12:16:04 AM | Computer Name = Sachin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/23/2011 12:16:04 AM | Computer Name = Sachin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/23/2011 12:16:04 AM | Computer Name = Sachin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/23/2011 1:59:15 PM | Computer Name = Sachin-PC | Source = HTTP | ID = 15016
    Description =

    Error - 9/23/2011 2:00:15 PM | Computer Name = Sachin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/23/2011 2:00:15 PM | Computer Name = Sachin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/23/2011 2:00:15 PM | Computer Name = Sachin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/23/2011 2:00:15 PM | Computer Name = Sachin-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/23/2011 2:00:15 PM | Computer Name = Sachin-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Before I can continue....
     
  20. sachinwako

    sachinwako TS Rookie Topic Starter Posts: 35

    Yes it is working fine.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKU\S-1-5-21-2652441148-3962348708-1757086740-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
      O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
      O4 - HKLM..\Run: [LogService] C:\Program Files\Smart Keystroke Recorder\LogService.exe "Smart Keystroke Recorder" "SOFTWARE\Smart Keystroke Recorder\AppSettings" "skr.log" "SOFTWARE\Smart Keystroke Recorder" "check_url" "develop_url" File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Still with me?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...