TechSpot

Spyware/malware problem

Solved
By maqsabre
Sep 25, 2011
  1. a .exe was downloaded by me accidentally few days back (my foolishness) as my friend sent me a link on facebook describing it as a webcam chat app named chat-vibes, and since then it is affecting my pc, the way it was affecting was by showing some banners asking for allowing permision to certain apps or not and not letting me to connect to the internet via browsers, i installed superantispyware and ran a scan detected some trojan.dropper and after removing, i could connect to internet but not for long, soon the same problem persisted, of not able to surf the net via browsers it seems to be loading slowly but doesn't load any web-pages, my dc++ client could connect fine, and as of now i did what is told in the forum (the 6 step guide) the web-pages connect moodily and sometimes do not, also i'm not getting administrative controls for certain actions like uninstalling or moving certain files.
    as i did the 6 step guide, the last one is not working for me the dds.scr file opens in a note pad with some indecipherable text, while saving dds.scr it shows it as an autocad script,
    i forgot to mention, while running scans and restarting i encountered the blue screen of death once
    the os i'm using is vista
    thank you for reading my ailment patiently, i'm posting the 2 logs along,
    i'll be grateful for your help folks, thank you in advance


    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3930

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    25-09-2011 18:08:43
    mbam-log-2011-09-25 (18-08-43).txt

    Scan type: Quick scan
    Objects scanned: 107146
    Time elapsed: 7 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Windows (Backdoor.Bot) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\Windows\logg.dat (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\Windows\System32\log.log (Malware.Trace) -> Quarantined and deleted successfully.






    GMER.LOG


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-25 18:53:48
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
    Running: gmer.exe; Driver: C:\Users\Jagdish\AppData\Local\Temp\pwtirfob.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 864101F8
    Device \Driver\atapi \Device\Ide\IdePort0 864101F8
    Device \Driver\atapi \Device\Ide\IdePort1 864101F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 864101F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel0 864111F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel1 864111F8
    Device \FileSystem\Ntfs \Ntfs 864121F8

    AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
    AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys
    AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  2. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    i've run aswMBr and should i've clicked on the fixMBR?
    i'm proceeding without clicking on it is it okay?




    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-26 17:46:56
    -----------------------------
    17:46:56.704 OS Version: Windows 6.0.6002 Service Pack 2
    17:46:56.704 Number of processors: 2 586 0xF0D
    17:46:56.709 ComputerName: JAGDISH-PC UserName: Jagdish
    17:47:37.103 Initialize success
    17:47:37.278 write error "aswCmnOS.dll". The process cannot access the file because it is being used by another process.
    18:02:21.961 AVAST engine error: -1
    18:03:44.055 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:03:44.058 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
    18:03:46.079 Disk 0 MBR read successfully
    18:03:46.082 Disk 0 MBR scan
    18:03:46.085 Disk 0 Windows VISTA default MBR code
    18:03:46.089 Disk 0 scanning sectors +625141424
    18:03:46.185 Disk 0 scanning C:\Windows\system32\drivers
    18:03:56.733 Service scanning
    18:04:02.331 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    18:04:02.908 Modules scanning
    18:04:10.147 Disk 0 trace - called modules:
    18:04:10.184 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866101f8]<<
    18:04:10.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868d4158]
    18:04:10.538 3 CLASSPNP.SYS[897aa8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8668db98]
    18:04:10.546 \Driver\atapi[0x86683880] -> IRP_MJ_CREATE -> 0x866101f8
    18:04:10.554 Scan finished successfully
    18:04:46.764 Disk 0 MBR has been saved successfully to "C:\Users\Jagdish\Documents\MBR.dat"
    18:04:46.802 The log file has been saved successfully to "C:\Users\Jagdish\Documents\aswMBR.txt"
     
  4. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    ran combofix.exe after disabling all the features of bit-defender
    tried to shut it down, but found that there's no other way to shut it down
    as combofix was scanning bit-defender was popping in between, but it seemed helpless after disabling all its features
    now posting combofix's log


    ComboFix 11-09-26.01 - Jagdish 26-09-2011 18:56:21.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.2034.1101 [GMT 5.5:30]
    Running from: c:\users\Jagdish\sag0r\ComboFix.exe
    AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
    FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
    SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jagdish\AppData\Roaming\.#
    c:\users\Jagdish\AppData\Roaming\.#\MBX@654@23A2738.###
    c:\users\Jagdish\AppData\Roaming\.#\MBX@654@23A2768.###
    c:\users\Jagdish\userdiff.sav
    c:\windows\s.bat
    c:\windows\system32\muzapp.exe
    c:\windows\system32\winsusrm.dll
    c:\windows\YAHELITE.INI
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-26 13:37 . 2011-09-26 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-25 12:13 . 2011-09-25 12:13 -------- d-----w- c:\users\Jagdish\AppData\Roaming\Malwarebytes
    2011-09-25 12:13 . 2010-03-29 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-25 12:13 . 2011-09-25 12:13 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-25 12:13 . 2011-09-25 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-25 12:13 . 2010-03-29 19:15 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-25 11:15 . 2011-09-25 11:15 -------- d-----w- c:\programdata\XoftSpySE
    2011-09-25 07:48 . 2011-09-25 07:48 -------- d-----w- c:\windows\Internet Logs
    2011-09-25 07:23 . 2011-09-25 07:23 0 ---ha-w- c:\users\Jagdish\AppData\Local\BITD71C.tmp
    2011-09-24 21:07 . 2011-09-24 21:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-09-24 21:06 . 2011-09-24 21:10 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-09-24 21:06 . 2011-09-24 21:06 -------- d-----w- c:\users\Jagdish\AppData\Roaming\SUPERAntiSpyware.com
    2011-09-24 21:05 . 2011-09-24 21:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-09-24 20:49 . 2011-09-25 04:46 -------- d-----w- c:\program files\XoftSpy
    2011-09-24 20:19 . 2011-09-24 20:19 -------- d-----w- c:\users\Jagdish\AppData\Local\Mozilla
    2011-09-24 19:15 . 2011-09-24 19:15 -------- d-----w- c:\users\Jagdish\AppData\Roaming\CheckPoint
    2011-09-24 19:15 . 2011-09-25 07:43 -------- d-----w- c:\program files\CheckPoint
    2011-09-24 19:14 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-09-24 19:11 . 2011-09-24 19:11 -------- d-----w- c:\programdata\CheckPoint
    2011-09-24 18:11 . 2011-09-25 03:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-09-24 18:11 . 2011-09-24 20:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-09-14 14:28 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-09-04 17:55 . 2011-09-14 21:36 -------- d-sh--w- c:\users\Jagdish\Network
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-30 15:15 . 2011-07-12 10:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-10 09:20 . 2011-08-10 09:20 0 ---ha-w- c:\users\Jagdish\AppData\Local\BIT650C.tmp
    2011-07-22 02:54 . 2011-08-10 19:11 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-10 19:11 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-10 19:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-11 13:25 . 2011-08-24 09:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-07-06 15:31 . 2011-08-10 09:32 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-03-18 17:53 . 2011-09-24 20:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
    @="{771C7324-DA80-49D3-8017-753B0AF60951}"
    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
    2008-09-05 03:39 241752 ----a-w- c:\windows\System32\IcnOvrly.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
    "SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
    "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-08-26 5289888]
    "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-07-31 8851456]
    "Readycomm"="c:\program files\Lenovo\ReadyComm\ReadyComm.exe" [2007-05-11 421888]
    "VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2008-09-05 2916352]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2011-05-13 1198048]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2008-5-14 752168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 06:35 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^Users^Jagdish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk]
    path=c:\users\Jagdish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
    backup=c:\windows\pss\My_AutoWarkey_Script.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 05:16 39792 ------w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-10-12 23:11 4258136 ------w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
    2011-03-17 06:14 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
    2011-03-17 17:37 896912 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2011-03-17 17:37 19872 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2011-03-17 17:37 3373456 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-07-28 05:23 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2011-04-16 08:50 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 135664]
    R2 ICM_UpdaterService;ICM_UpdaterService Disp;c:\program files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [2011-03-18 204883]
    R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
    R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-03-08 20032]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 135664]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
    R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 98432]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 14848]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 123648]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-01-10 81192]
    S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2007-10-25 17192]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-27 722416]
    S0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\DRIVERS\Wdkbdmou.sys [2008-05-21 8832]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-10-17 72784]
    S1 funfrm;funfrm; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-07-28 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-07-28 72944]
    S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344]
    S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-10-17 85128]
    S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2008-02-14 32768]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-29 303952]
    S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
    S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-04-23 430080]
    S2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-11-24 47680]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-25 183808]
    S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-10-17 153448]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
    S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2008-04-29 11264]
    S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
    S3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-29 20824]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
    S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2008-05-21 8832]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 821484C5
    *NewlyCreated* - ASWMBR
    *Deregistered* - 821484c5
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter IncSvc PS_MDP
    bdx REG_MULTI_SZ scan
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 01:38]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 01:38]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004Core.job
    - c:\users\Jagdish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 10:58]
    .
    2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004Core1cb6e4f8169deb0.job
    - c:\users\Jagdish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 10:58]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004UA.job
    - c:\users\Jagdish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 10:58]
    .
    2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004UA1cb6e4f8556f760.job
    - c:\users\Jagdish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 10:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.in/
    mStart Page = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\users\Jagdish\AppData\Roaming\Mozilla\Firefox\Profiles\ilvc4pwr.default\
    .
    .
    ------- File Associations -------
    .
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-TmlCMode - c:\program files\Compal\TmlCMode\TmlCMode.exe
    HKLM-Run-DRPU PC Management - Basic - c:\program files\DRPU PC Management - Basic\Basic Manage.exe
    HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
    HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-26 19:07
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2690704196-4028234597-4272532801-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*&*¥*R%\OpenWithList]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2690704196-4028234597-4272532801-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*à*%\OpenWithList]
    @Class="Shell"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-09-26 19:13:08
    ComboFix-quarantined-files.txt 2011-09-26 13:43
    .
    Pre-Run: 18,407,825,408 bytes free
    Post-Run: 18,202,710,016 bytes free
    .
    - - End Of File - - C5FF959D227ABC8D3D3FB419F2E3811B
     
  5. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    My instructions don't say anything about it, so no.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\Jagdish\AppData\Local\BITD71C.tmp
    c:\users\Jagdish\AppData\Local\BIT650C.tmp
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  6. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    did as you said sir
    tried to save the file CFScript.txt in c:\ drive but yet i ain't getting administrative controls, same nagging box appears that you need to login as administrator to save files in c:\, therefore i saved it in documents and then dragged it from there to over combofix.exe
    here's the log


    ComboFix 11-09-26.01 - Jagdish 27-09-2011 21:04:49.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.2034.1207 [GMT 5.5:30]
    Running from: c:\users\Jagdish\sag0r\ComboFix.exe
    Command switches used :: c:\users\Jagdish\Documents\CFScript.txt
    AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
    FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
    SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Jagdish\AppData\Local\BIT650C.tmp"
    "c:\users\Jagdish\AppData\Local\BITD71C.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jagdish\AppData\Local\BIT650C.tmp
    c:\users\Jagdish\AppData\Local\BITD71C.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-27 15:44 . 2011-09-27 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-25 12:13 . 2011-09-25 12:13 -------- d-----w- c:\users\Jagdish\AppData\Roaming\Malwarebytes
    2011-09-25 12:13 . 2010-03-29 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-25 12:13 . 2011-09-25 12:13 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-25 12:13 . 2011-09-25 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-25 12:13 . 2010-03-29 19:15 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-25 11:15 . 2011-09-25 11:15 -------- d-----w- c:\programdata\XoftSpySE
    2011-09-25 07:48 . 2011-09-25 07:48 -------- d-----w- c:\windows\Internet Logs
    2011-09-24 21:07 . 2011-09-24 21:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-09-24 21:06 . 2011-09-24 21:10 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-09-24 21:06 . 2011-09-24 21:06 -------- d-----w- c:\users\Jagdish\AppData\Roaming\SUPERAntiSpyware.com
    2011-09-24 21:05 . 2011-09-24 21:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-09-24 20:49 . 2011-09-25 04:46 -------- d-----w- c:\program files\XoftSpy
    2011-09-24 20:19 . 2011-09-24 20:19 -------- d-----w- c:\users\Jagdish\AppData\Local\Mozilla
    2011-09-24 19:15 . 2011-09-24 19:15 -------- d-----w- c:\users\Jagdish\AppData\Roaming\CheckPoint
    2011-09-24 19:15 . 2011-09-25 07:43 -------- d-----w- c:\program files\CheckPoint
    2011-09-24 19:14 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-09-24 19:11 . 2011-09-24 19:11 -------- d-----w- c:\programdata\CheckPoint
    2011-09-24 18:11 . 2011-09-25 03:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-09-24 18:11 . 2011-09-24 20:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-09-14 14:28 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-09-04 17:55 . 2011-09-14 21:36 -------- d-sh--w- c:\users\Jagdish\Network
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-30 15:15 . 2011-07-12 10:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-22 02:54 . 2011-08-10 19:11 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-10 19:11 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-10 19:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-11 13:25 . 2011-08-24 09:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-07-06 15:31 . 2011-08-10 09:32 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-03-18 17:53 . 2011-09-24 20:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-09-26_13.37.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2011-09-27 14:16 65024 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2010-08-29 06:48 . 2011-09-27 14:16 13490 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2690704196-4028234597-4272532801-1004_UserData.bin
    + 2010-08-29 02:37 . 2011-09-27 14:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-08-29 02:37 . 2011-09-25 07:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-08-29 02:37 . 2011-09-27 14:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-08-29 02:37 . 2011-09-25 07:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-08-29 02:37 . 2011-09-27 14:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-08-29 02:37 . 2011-09-25 07:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-09-26 12:06 . 2011-09-26 12:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-09-27 14:14 . 2011-09-27 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-09-26 12:06 . 2011-09-26 12:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-09-27 14:14 . 2011-09-27 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-09-10 11:18 . 2011-09-27 14:24 317922 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2006-11-02 13:05 . 2011-09-27 14:16 110396 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2011-04-13 22:05 . 2011-09-25 23:34 545380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-04-13 22:05 . 2011-09-26 16:54 545380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-08-22 08:35 . 2011-09-25 23:34 2280708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2690704196-4028234597-4272532801-1004-8192.dat
    + 2011-08-22 08:35 . 2011-09-26 16:54 2280708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2690704196-4028234597-4272532801-1004-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
    @="{771C7324-DA80-49D3-8017-753B0AF60951}"
    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
    2008-09-05 03:39 241752 ----a-w- c:\windows\System32\IcnOvrly.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
    "SmartAudio"="c:\program files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE" [2008-07-21 2701880]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
    "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-08-26 5289888]
    "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-07-31 8851456]
    "Readycomm"="c:\program files\Lenovo\ReadyComm\ReadyComm.exe" [2007-05-11 421888]
    "VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2008-09-05 2916352]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2011-05-13 1198048]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2008-5-14 752168]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 06:35 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^Users^Jagdish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk]
    path=c:\users\Jagdish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
    backup=c:\windows\pss\My_AutoWarkey_Script.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 05:16 39792 ------w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-10-12 23:11 4258136 ------w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
    2011-03-17 06:14 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
    2011-03-17 17:37 896912 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2011-03-17 17:37 19872 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2011-03-17 17:37 3373456 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-07-28 05:23 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2011-04-16 08:50 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 135664]
    R2 ICM_UpdaterService;ICM_UpdaterService Disp;c:\program files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [2011-03-18 204883]
    R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
    R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-03-08 20032]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 135664]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
    R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
    R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 98432]
    R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 14848]
    R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 123648]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-01-10 81192]
    S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2007-10-25 17192]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-27 722416]
    S0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\DRIVERS\Wdkbdmou.sys [2008-05-21 8832]
    S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-10-17 72784]
    S1 funfrm;funfrm; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-07-28 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-07-28 72944]
    S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344]
    S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-10-17 85128]
    S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2008-02-14 32768]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-29 303952]
    S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
    S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-04-23 430080]
    S2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2007-11-24 47680]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-25 183808]
    S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-10-17 153448]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
    S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2008-04-29 11264]
    S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
    S3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\System32\IgrsSvcs.exe [2008-01-21 21504]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-29 20824]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
    S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2008-05-21 8832]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - DF6CE4C4
    *Deregistered* - df6ce4c4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter IncSvc PS_MDP
    bdx REG_MULTI_SZ scan
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 01:38]
    .
    2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-10 01:38]
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004Core.job
    - c:\users\Jagdish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 10:58]
    .
    2011-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004Core1cb6e4f8169deb0.job
    - c:\users\Jagdish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 10:58]
    .
    2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004UA.job
    - c:\users\Jagdish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 10:58]
    .
    2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004UA1cb6e4f8556f760.job
    - c:\users\Jagdish\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 10:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.in/
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\users\Jagdish\AppData\Roaming\Mozilla\Firefox\Profiles\ilvc4pwr.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-27 21:14
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2690704196-4028234597-4272532801-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*&*¥*R%\OpenWithList]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2690704196-4028234597-4272532801-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*à*%\OpenWithList]
    @Class="Shell"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-09-27 21:19:16
    ComboFix-quarantined-files.txt 2011-09-27 15:49
    ComboFix2.txt 2011-09-26 13:43
    .
    Pre-Run: 18,063,265,792 bytes free
    Post-Run: 17,991,315,456 bytes free
    .
    - - End Of File - - 32196C602F6E94EA70233BFC7C54EF31
     
  7. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Your Malwarebytes version is very outdated.
    Are you able to update it?
    If so re-run it and post new log.
    If not, let me know.
     
  8. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    just updated it and ran a scan
    here's the log


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7809

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    27-09-2011 23:04:55
    mbam-log-2011-09-27 (23-04-55).txt

    Scan type: Quick scan
    Objects scanned: 182307
    Time elapsed: 6 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  9. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Good.
    Update me on current issues.
     
  10. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    as for now most of the things seem fine
    right now malware bytes is hindering utorrent to connect with seeds for download or upload
    the only issue seems to be that
    still sometimes some nag-boxes show me that i don't have administrator rights for certain actions
    also windows has blocked some startup programs
    maybe coz i've disabled bit-defender's features since few days
     
  11. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    A log form the tool listed below may be long, so you may have to split it between a few replies.

    Lets run the following tool. This will help determine which files need permissions restored.

    Please download and save Junction.zip

    Unzip it and place Junction.exe in the Windows directory (C:\Windows).
    Go to Start>Run (Vista and Windows 7 users use "Start search" box).
    Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system.
    Wait until a log file opens.
    Copy and paste the log in your next reply.
     
     
  12. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    tried to extract junction.exe to c:\windows
    still not able to do so
    this is what i'm getting

    ! C:\Users\Jagdish\sag0r\Junction.zip: Cannot create junction.exe
    ! Access is denied.

    extracted it to another location then tried moving junction.exe to c:\windows
    again it says

    You'll need to provide administrator permission to copy to this folder windows
    and when i click on continue, i got this

    user account control
    windows needs your permission to continue
    if you started this accion continue

    after clicking on continue

    finally it got copied

    ran junction.exe
    it asked me to agree, therefore i clicked on agree
    oh no i guess i made a mistake clicking on it
    afer i've clicked
    i ran the command on run
    command prompt flashed on and off in a moment
     
  13. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    i couldn't post few days ago coz again the webpage started to load moodily
    same surfing issues
    and today my brother foolishly ran ccleaner registry cleaner
    i'm scanning and posting the log of otl
     
  15. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    OTL logfile created on: 02-10-2011 11:39:54 - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Jagdish\sag0r
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.79% Memory free
    4.21 Gb Paging File | 3.02 Gb Available in Paging File | 71.83% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.91 Gb Total Space | 13.26 Gb Free Space | 12.76% Space Free | Partition Type: NTFS
    Drive D: | 169.43 Gb Total Space | 11.12 Gb Free Space | 6.56% Space Free | Partition Type: NTFS
    Drive J: | 10.00 Gb Total Space | 4.00 Gb Free Space | 39.98% Space Free | Partition Type: NTFS

    Computer Name: JAGDISH-PC | User Name: Jagdish | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-10-02 11:04:22 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Jagdish\sag0r\OTL.exe
    PRC - [2011-08-31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011-05-14 05:21:18 | 001,198,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    PRC - [2011-05-14 05:20:11 | 001,118,232 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    PRC - [2011-04-04 20:33:22 | 000,512,000 | ---- | M] () -- C:\Program Files\Samsung\Samsung Networking Wizard\ICM_Updater.exe
    PRC - [2011-04-03 03:44:48 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    PRC - [2010-10-17 17:34:34 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    PRC - [2009-04-11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008-09-05 09:09:50 | 002,916,352 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
    PRC - [2008-08-27 03:22:20 | 005,289,888 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
    PRC - [2008-07-31 23:25:06 | 008,851,456 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    PRC - [2008-07-21 08:49:52 | 002,701,880 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
    PRC - [2008-05-14 23:22:30 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    PRC - [2008-05-14 23:22:30 | 000,522,792 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    PRC - [2008-04-24 05:29:40 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
    PRC - [2008-02-15 02:03:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
    PRC - [2008-01-21 07:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
    PRC - [2008-01-12 06:20:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007-05-12 04:56:32 | 000,421,888 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
    PRC - [2007-02-12 13:13:46 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009-10-22 15:55:06 | 000,094,720 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2010\framework.dll
    MOD - [2009-01-15 12:45:34 | 000,181,248 | ---- | M] () -- C:\Windows\System32\txmlutil.dll
    MOD - [2008-09-05 09:09:52 | 000,036,352 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\Time.dll
    MOD - [2008-09-05 09:09:51 | 000,241,752 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
    MOD - [2008-09-05 09:09:50 | 002,916,352 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
    MOD - [2008-05-14 23:15:34 | 000,126,976 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll
    MOD - [2007-05-12 05:09:28 | 000,009,728 | ---- | M] () -- C:\Program Files\Lenovo\ReadyComm\NetApp.en.dll
    MOD - [2007-05-12 04:53:40 | 000,274,432 | ---- | M] () -- C:\Program Files\Lenovo\ReadyComm\NetApp.dll
    MOD - [2006-02-18 02:03:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
    MOD - [2005-06-25 07:35:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011-04-03 03:44:48 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV - [2011-03-18 19:06:54 | 000,204,883 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Networking Wizard\ICM_Service.exe -- (ICM_UpdaterService)
    SRV - [2010-10-17 17:34:55 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
    SRV - [2010-10-17 17:34:34 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
    SRV - [2010-08-29 22:30:48 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2010-08-29 18:50:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010-07-22 19:07:05 | 000,814,344 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
    SRV - [2010-07-16 17:23:30 | 006,638,080 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
    SRV - [2009-10-19 16:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
    SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008-05-14 23:22:30 | 000,522,792 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2008-04-24 05:29:40 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
    SRV - [2008-02-15 02:03:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
    SRV - [2008-01-21 07:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
    SRV - [2008-01-21 07:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IgrsSvcs.exe -- (PS_MDP)
    SRV - [2008-01-21 07:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IgrsSvcs.exe -- (IncSvc)
    SRV - [2008-01-21 07:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008-01-12 06:20:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007-02-12 13:13:46 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
    SRV - [2006-08-11 22:51:42 | 000,902,760 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011-08-31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011-03-08 14:40:58 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - [2011-01-27 19:58:49 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010-12-21 11:25:02 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2010-12-21 11:25:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2010-12-21 11:25:02 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
    DRV - [2010-12-21 11:25:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2010-12-21 11:25:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2010-12-21 11:25:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2010-10-17 17:35:46 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
    DRV - [2010-10-17 17:35:44 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
    DRV - [2010-10-17 17:35:44 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
    DRV - [2010-10-17 17:35:33 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2010-10-17 17:34:46 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2010-10-17 17:33:51 | 000,072,784 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Windows\System32\drivers\BdfNdisf6.sys -- (BdfNdisf)
    DRV - [2009-10-12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
    DRV - [2009-09-10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009-08-27 16:28:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
    DRV - [2009-07-28 10:53:16 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009-07-28 10:53:16 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009-05-19 05:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV - [2009-05-07 03:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
    DRV - [2008-10-09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008-09-05 09:08:51 | 000,044,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm)
    DRV - [2008-07-25 14:01:02 | 007,547,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008-06-26 01:35:08 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008-06-12 06:58:58 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
    DRV - [2008-05-24 03:49:26 | 000,870,952 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
    DRV - [2008-05-22 03:35:34 | 000,008,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
    DRV - [2008-05-22 03:34:04 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Wdkbdmou.sys -- (Wdkbdmou)
    DRV - [2008-05-21 21:05:26 | 000,220,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008-05-13 10:18:06 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
    DRV - [2008-04-29 14:26:32 | 000,011,264 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
    DRV - [2008-04-29 14:25:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
    DRV - [2008-04-28 03:59:28 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008-04-25 21:46:38 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)
    DRV - [2008-01-14 15:36:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2008-01-10 23:29:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
    DRV - [2007-11-24 05:30:02 | 000,047,680 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
    DRV - [2007-10-26 04:36:04 | 000,017,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\EMSC.SYS -- (EMSC)
    DRV - [2007-10-18 13:06:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007-05-23 14:03:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2007-04-18 15:57:32 | 000,004,352 | ---- | M] (SUNGIL Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_flt.sys -- (sit_flt)
    DRV - [2007-04-17 14:52:22 | 000,039,680 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_mdm.sys -- (sit_mdm)
    DRV - [2007-04-17 12:28:08 | 000,038,656 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_prt.sys -- (sit_prt)
    DRV - [2007-04-17 12:21:26 | 000,022,144 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_bus.sys -- (sit_bus)
    DRV - [2006-11-02 13:11:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jagdish\Desktop
    IE - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
    IE - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jagdish\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jagdish\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jagdish\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jagdish\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011-09-25 08:45:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-30 21:19:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011-09-25 01:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jagdish\AppData\Roaming\Mozilla\Extensions
    [2011-09-25 01:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010-09-13 03:03:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011-09-30 21:19:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011-09-30 21:19:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jagdish\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jagdish\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
    CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Jagdish\AppData\Local\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Jagdish\AppData\Local\Google\Chrome\Application\14.0.835.186\gears.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Jagdish\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Jagdish\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Jagdish\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011-09-27 21:14:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {B6ADE150-743D-11D4-8141-00E029626F6A} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
    O3 - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [Readycomm] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    O4 - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{096DC538-AC05-4658-A381-97FD0C70A6EF}: NameServer = 202.177.240.251 202.177.240.250
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006-09-19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  16. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.clmp3enc - C:\Program Files\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-09-30 11:50:55 | 000,000,000 | ---D | C] -- C:\Users\Jagdish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011-09-30 11:50:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011-09-30 11:49:26 | 000,000,000 | ---D | C] -- C:\Users\Jagdish\Desktop\sid
    [2011-09-30 11:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011-09-30 11:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2011-09-30 11:17:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011-09-29 21:05:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011-09-28 17:59:33 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\junction.exe
    [2011-09-26 18:53:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011-09-26 18:53:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011-09-26 18:53:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011-09-26 18:53:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011-09-26 18:53:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-09-25 23:53:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011-09-25 17:43:53 | 000,000,000 | ---D | C] -- C:\Users\Jagdish\AppData\Roaming\Malwarebytes
    [2011-09-25 17:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011-09-25 17:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011-09-25 17:43:00 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011-09-25 17:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011-09-25 16:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
    [2011-09-25 13:18:16 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
    [2011-09-25 02:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011-09-25 02:36:23 | 000,000,000 | ---D | C] -- C:\Users\Jagdish\AppData\Roaming\SUPERAntiSpyware.com
    [2011-09-25 02:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011-09-25 02:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XoftSpy
    [2011-09-25 02:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpy
    [2011-09-25 01:49:21 | 000,000,000 | ---D | C] -- C:\Users\Jagdish\AppData\Local\Mozilla
    [2011-09-25 01:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011-09-25 00:46:00 | 000,000,000 | ---D | C] -- C:\Users\Jagdish\Documents\ForceField Shared Files
    [2011-09-25 00:45:58 | 000,000,000 | ---D | C] -- C:\Users\Jagdish\AppData\Roaming\CheckPoint
    [2011-09-25 00:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2011-09-25 00:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2011-09-24 23:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011-09-24 23:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011-09-24 23:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011-09-24 22:42:26 | 008,393,472 | ---- | C] (Safer Networking Limited ) -- C:\Users\Jagdish\Desktop\spybotsd162.exe
    [2011-09-15 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\Jagdish\AppData\Roaming\Mozilla
    [2011-09-04 23:25:19 | 000,000,000 | -HSD | C] -- C:\Users\Jagdish\Network
    [2011-09-03 16:23:28 | 000,000,000 | ---D | C] -- C:\Users\Jagdish\Desktop\asdf

    ========== Files - Modified Within 30 Days ==========

    [2011-10-02 11:43:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004UA1cb6e4f8556f760.job
    [2011-10-02 11:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011-10-02 11:35:13 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004UA.job
    [2011-10-02 11:34:42 | 000,002,014 | ---- | M] () -- C:\Users\Jagdish\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011-10-02 11:34:41 | 000,002,052 | ---- | M] () -- C:\Users\Jagdish\Desktop\Google Chrome.lnk
    [2011-10-02 09:59:48 | 000,049,965 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011-10-02 09:59:48 | 000,049,965 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011-10-02 09:55:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011-10-02 09:54:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011-10-02 09:54:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011-10-02 09:54:31 | 000,000,066 | -HS- | M] () -- C:\_PartitionInfo
    [2011-10-02 09:54:29 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011-10-02 09:54:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011-10-01 16:33:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004Core.job
    [2011-10-01 15:55:36 | 000,033,280 | ---- | M] () -- C:\Users\Jagdish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-10-01 11:26:13 | 000,051,186 | ---- | M] () -- C:\Users\Jagdish\AppData\Roaming\room_v3.dat
    [2011-09-30 15:57:58 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
    [2011-09-30 15:57:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011-09-30 11:50:55 | 000,001,630 | ---- | M] () -- C:\Users\Jagdish\Desktop\CCleaner.lnk
    [2011-09-30 11:25:06 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2011-09-29 21:43:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2690704196-4028234597-4272532801-1004Core1cb6e4f8169deb0.job
    [2011-09-29 07:21:01 | 000,662,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011-09-29 07:21:01 | 000,128,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011-09-27 21:14:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011-09-26 18:04:46 | 000,000,512 | ---- | M] () -- C:\Users\Jagdish\Documents\MBR.dat
    [2011-09-25 23:56:10 | 000,000,355 | ---- | M] () -- C:\Users\Jagdish\Desktop\Documents - Shortcut.lnk
    [2011-09-25 17:43:08 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011-09-25 12:53:54 | 000,000,000 | ---- | M] () -- C:\Users\Jagdish\AppData\Local\{D4C067A0-90A6-454C-89D4-9DAF23E90A7C}
    [2011-09-25 12:51:11 | 000,000,000 | ---- | M] () -- C:\Users\Jagdish\AppData\Local\{51AED1C3-F61B-4EB3-9E20-0B063DA7EB2A}
    [2011-09-25 01:48:47 | 000,000,830 | ---- | M] () -- C:\Users\Jagdish\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011-09-25 01:48:47 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011-09-24 22:53:54 | 008,393,472 | ---- | M] (Safer Networking Limited ) -- C:\Users\Jagdish\Desktop\spybotsd162.exe
    [2011-09-20 21:30:02 | 009,880,498 | ---- | M] () -- C:\Users\Jagdish\Desktop\Akcent - Stay With Me.mp3
    [2011-09-15 03:06:31 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
    [2011-09-03 16:23:03 | 000,056,763 | ---- | M] () -- C:\Users\Jagdish\Desktop\WarKey64_EN.rar

    ========== Files Created - No Company Name ==========

    [2011-09-30 11:50:55 | 000,001,630 | ---- | C] () -- C:\Users\Jagdish\Desktop\CCleaner.lnk
    [2011-09-30 11:25:06 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    [2011-09-26 18:53:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011-09-26 18:53:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011-09-26 18:53:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011-09-26 18:53:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011-09-26 18:53:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011-09-26 18:04:46 | 000,000,512 | ---- | C] () -- C:\Users\Jagdish\Documents\MBR.dat
    [2011-09-25 23:56:10 | 000,000,355 | ---- | C] () -- C:\Users\Jagdish\Desktop\Documents - Shortcut.lnk
    [2011-09-25 17:43:08 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011-09-25 12:53:54 | 000,000,000 | ---- | C] () -- C:\Users\Jagdish\AppData\Local\{D4C067A0-90A6-454C-89D4-9DAF23E90A7C}
    [2011-09-25 12:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Jagdish\AppData\Local\{51AED1C3-F61B-4EB3-9E20-0B063DA7EB2A}
    [2011-09-25 01:48:47 | 000,000,830 | ---- | C] () -- C:\Users\Jagdish\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011-09-25 01:48:47 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011-09-25 01:48:47 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011-09-20 21:27:04 | 009,880,498 | ---- | C] () -- C:\Users\Jagdish\Desktop\Akcent - Stay With Me.mp3
    [2011-09-15 03:06:31 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2011-09-03 16:23:03 | 000,056,763 | ---- | C] () -- C:\Users\Jagdish\Desktop\WarKey64_EN.rar
    [2011-08-22 12:10:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011-07-03 19:26:46 | 000,000,000 | ---- | C] () -- C:\Users\Jagdish\AppData\Roaming\Application.set
    [2011-06-08 14:30:34 | 000,051,186 | ---- | C] () -- C:\Users\Jagdish\AppData\Roaming\room_v3.dat
    [2011-04-28 02:45:43 | 000,000,000 | ---- | C] () -- C:\Windows\YAHELITE_cookie.INI
    [2011-04-02 10:34:55 | 000,004,096 | -H-- | C] () -- C:\Users\Jagdish\AppData\Local\keyfile3.drm
    [2011-03-08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2011-03-08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2011-03-08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2011-03-08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2011-03-08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011-02-18 16:22:39 | 000,024,206 | ---- | C] () -- C:\Users\Jagdish\AppData\Roaming\UserTile.png
    [2010-12-11 23:21:45 | 000,000,400 | ---- | C] () -- C:\Windows\g_iclink399.ini
    [2010-12-11 23:21:45 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bcompbg936.dat
    [2010-11-18 17:12:06 | 000,000,025 | ---- | C] () -- C:\Users\Jagdish\AppData\Roaming\bdfvconp.ini
    [2010-10-27 03:23:38 | 000,200,704 | ---- | C] () -- C:\Windows\System32\BongoSDK.10.v40.dll
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
    [2010-10-19 18:33:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
    [2010-10-18 03:11:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010-10-09 11:17:14 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
    [2010-10-09 11:17:14 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
    [2010-10-08 22:31:39 | 000,001,356 | ---- | C] () -- C:\Users\Jagdish\AppData\Local\d3d9caps.dat
    [2010-10-07 00:46:09 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
    [2010-09-09 12:39:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010-09-09 12:39:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010-09-09 12:38:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010-08-29 15:50:38 | 000,033,280 | ---- | C] () -- C:\Users\Jagdish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-01-15 12:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
    [2008-09-05 09:22:03 | 000,049,965 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008-09-05 09:22:03 | 000,049,965 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2008-09-05 09:09:52 | 009,338,880 | ---- | C] () -- C:\Windows\System32\Facev.dll
    [2008-09-05 09:09:52 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
    [2008-09-05 09:09:52 | 000,208,896 | ---- | C] () -- C:\Windows\System32\image.dll
    [2008-09-05 09:09:51 | 000,655,360 | ---- | C] () -- C:\Windows\System32\EncIcons.dll
    [2008-09-05 09:09:51 | 000,507,904 | ---- | C] () -- C:\Windows\System32\SimpleExt.dll
    [2008-09-05 09:09:51 | 000,241,752 | ---- | C] () -- C:\Windows\System32\IcnOvrly.dll
    [2008-09-05 09:09:51 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FunFrm.dll
    [2008-09-05 09:09:50 | 009,502,720 | ---- | C] () -- C:\Windows\System32\FaceVerify.dll
    [2008-09-05 09:09:50 | 001,974,272 | ---- | C] () -- C:\Windows\System32\Imagereog.dll
    [2008-09-05 09:09:50 | 001,564,672 | ---- | C] () -- C:\Windows\System32\MainOp.dll
    [2008-09-05 09:09:50 | 000,581,632 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
    [2008-09-05 09:09:50 | 000,442,368 | ---- | C] () -- C:\Windows\System32\Apblend.dll
    [2008-09-05 09:09:50 | 000,221,184 | ---- | C] () -- C:\Windows\System32\SetDev.dll
    [2008-09-05 09:09:50 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
    [2008-09-05 09:09:50 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
    [2008-09-05 09:09:50 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
    [2008-09-05 09:09:05 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
    [2008-09-05 09:09:05 | 000,044,544 | ---- | C] () -- C:\Windows\System32\drivers\funfrm.sys
    [2008-09-05 09:08:38 | 000,241,664 | ---- | C] () -- C:\Windows\System32\3DImageRenderer.dll
    [2008-09-05 08:29:58 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
    [2008-09-05 08:28:00 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
    [2008-09-05 07:28:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2008-08-05 08:24:45 | 000,002,144 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
    [2008-07-30 05:09:22 | 000,036,864 | ---- | C] () -- C:\Windows\sWelCntr.exe
    [2008-06-06 10:48:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008-05-22 03:34:04 | 000,008,832 | ---- | C] () -- C:\Windows\System32\drivers\Wdkbdmou.sys
    [2007-04-16 15:54:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
    [2007-01-31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
    [2006-11-02 18:27:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006-11-02 18:17:37 | 001,893,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006-11-02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006-11-02 16:03:01 | 000,662,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006-11-02 16:03:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006-11-02 16:03:01 | 000,128,982 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006-11-02 16:03:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006-11-02 15:53:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006-11-02 14:28:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006-11-02 13:49:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006-11-02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006-11-02 12:55:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2003-01-03 02:04:00 | 000,000,745 | ---- | C] () -- C:\Windows\System32\drivers\fcompbg361.sys
    [2002-02-06 04:08:00 | 000,000,745 | ---- | C] () -- C:\Windows\f_iclink365.ini
    [2001-11-15 02:26:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
    [2001-03-09 06:12:00 | 000,000,745 | ---- | C] () -- C:\Windows\System32\g_iecdi32_404.dll
    [2000-04-12 08:16:00 | 000,000,745 | ---- | C] () -- C:\Windows\System32\drivers\caxext_149.sys
    [1999-05-15 10:20:00 | 000,000,745 | ---- | C] () -- C:\Windows\System32\d_comsvrb_196.dll
    [1998-06-18 12:24:00 | 000,000,745 | ---- | C] () -- C:\Windows\System32\aghrtg188.dat

    ========== LOP Check ==========

    [2010-10-18 03:11:49 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\acccore
    [2010-08-29 18:20:22 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\ApexDC++
    [2011-02-16 00:00:19 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\Autodesk
    [2010-10-07 00:30:48 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\BitDefender
    [2011-06-27 15:20:15 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\Camfrog
    [2011-09-25 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\CheckPoint
    [2011-01-27 19:58:40 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\DAEMON Tools Pro
    [2010-08-28 19:43:11 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\Lenovo
    [2011-06-27 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\ManyCam
    [2010-12-11 23:31:53 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\McNeel
    [2011-02-18 16:05:35 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\MessengerGadget
    [2010-11-28 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\mkvtoolnix
    [2011-05-25 10:41:34 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\Opera
    [2011-04-22 06:47:12 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\Samsung
    [2011-05-13 18:01:20 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\TeraCopy
    [2011-09-22 17:04:41 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\Thinstall
    [2011-10-02 09:59:43 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\uTorrent
    [2011-07-10 10:00:05 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\VitySoft
    [2011-05-02 20:37:32 | 000,000,000 | ---D | M] -- C:\Users\Jagdish\AppData\Roaming\Xilisoft
    [2011-09-30 15:57:36 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011-02-15 23:36:16 | 000,175,114 | ---- | M] () -- C:\acadminidump.dmp
    [2006-09-19 03:13:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011-09-16 16:23:04 | 000,037,339 | ---- | M] () -- C:\bdlog.txt
    [2009-04-11 12:06:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008-02-04 03:04:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011-09-29 21:07:29 | 000,024,529 | ---- | M] () -- C:\ComboFix.txt
    [2006-09-19 03:13:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011-10-02 09:55:35 | 001,270,061 | ---- | M] () -- C:\FaceProv.log
    [2011-09-25 00:28:22 | 000,000,180 | ---- | M] () -- C:\INSTALL.LOG
    [2010-12-11 23:29:19 | 000,000,030 | ---- | M] () -- C:\installer_utilities_log.txt
    [2010-09-09 11:09:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010-10-18 03:02:41 | 000,000,375 | -H-- | M] () -- C:\IPH.PH
    [2010-09-09 11:09:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011-10-02 09:54:17 | 2447,228,928 | -HS- | M] () -- C:\pagefile.sys
    [2011-10-02 11:43:00 | 013,068,063 | ---- | M] () -- C:\sysiclog.txt
    [2011-04-14 01:22:36 | 026,714,775 | ---- | M] () -- C:\sysiclog.txt.bak
    [2005-07-06 11:14:10 | 000,000,496 | ---- | M] () -- C:\sysprep
    [2011-10-02 09:54:31 | 000,000,066 | -HS- | M] () -- C:\_PartitionInfo

    < %systemroot%\Fonts\*.com >
    [2006-11-02 18:07:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006-11-02 18:07:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006-11-02 18:07:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011-03-09 01:02:34 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006-09-19 03:07:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006-11-02 18:05:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008-01-21 08:13:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008-01-21 08:44:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008-01-21 08:44:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008-01-21 08:44:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006-11-02 16:04:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006-11-02 16:04:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011-07-12 15:51:49 | 000,000,286 | -HS- | M] () -- C:\Users\Jagdish\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011-07-17 10:40:24 | 012,336,856 | ---- | M] () -- C:\Users\Jagdish\Desktop\Garena_setup.exe
    [2011-04-22 01:48:12 | 027,552,104 | ---- | M] () -- C:\Users\Jagdish\Desktop\ICM_110405_Setup.exe
    [2011-09-24 22:53:54 | 008,393,472 | ---- | M] (Safer Networking Limited ) -- C:\Users\Jagdish\Desktop\spybotsd162.exe
    [2011-08-23 22:24:49 | 012,553,219 | ---- | M] () -- C:\Users\Jagdish\Desktop\Warkeys-1.19.3.0b.exe
    [2011-05-29 10:38:51 | 001,286,504 | ---- | M] (Microsoft Corporation) -- C:\Users\Jagdish\Desktop\wlsetup-web.exe
    [2011-05-13 23:40:01 | 001,364,704 | ---- | M] (Acesoft ) -- C:\Users\Jagdish\Desktop\wssetup.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2011-04-07 00:59:07 | 000,013,449 | ---- | M] () -- C:\Windows\M3000Twn.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010-08-28 19:42:29 | 000,000,402 | -HS- | M] () -- C:\Users\Jagdish\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011-08-22 12:10:57 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011-10-02 09:59:48 | 000,049,965 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 905267 bytes -> C:\Users\Jagdish\AppData\Roaming\desktop.ini:init
    @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

    < End of report >
     
  17. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    OTL Extras logfile created on: 02-10-2011 11:39:54 - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Jagdish\sag0r
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

    1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.79% Memory free
    4.21 Gb Paging File | 3.02 Gb Available in Paging File | 71.83% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 103.91 Gb Total Space | 13.26 Gb Free Space | 12.76% Space Free | Partition Type: NTFS
    Drive D: | 169.43 Gb Total Space | 11.12 Gb Free Space | 6.56% Space Free | Partition Type: NTFS
    Drive J: | 10.00 Gb Total Space | 4.00 Gb Free Space | 39.98% Space Free | Partition Type: NTFS

    Computer Name: JAGDISH-PC | User Name: Jagdish | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

    [HKEY_USERS\S-1-5-21-2690704196-4028234597-4272532801-1004\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0BD0806B-982A-4F6F-A6CA-4C69563ABCC2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{0CD37333-528F-4B3E-A3AB-836A430A1B81}" = lport=139 | protocol=6 | dir=in | app=system |
    "{243195C7-E56D-4B04-8930-034E25B695B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{29678684-5EFD-402C-BDAB-9E3921AD32F4}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2E456C29-D054-42FB-839F-105C9DAEFD05}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{2F1AA7DC-6772-4992-B0D8-C31A33FBE716}" = lport=137 | protocol=17 | dir=in | app=system |
    "{55DEF6FB-0E1F-46FF-8C9A-9BB4A3DA74B2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6C657FC6-696A-4A82-916C-70E56CFC02DA}" = lport=445 | protocol=6 | dir=in | app=system |
    "{72834D2B-5D36-46CB-B964-3AF04F8BEB4E}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F012FE0A-1002-4060-BD98-8904C3AA88BE}" = rport=138 | protocol=17 | dir=out | app=system |
    "{F8DF9218-440F-4D64-B073-46F7D808B2EC}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00DA9A15-934E-4FE4-9F3F-14176C6BC582}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{0716E1AB-8385-47DA-8903-ED9AFB71ADFB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{07695FB4-498B-48D9-94A0-1A18D0214D85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1C33311F-B98F-45E9-8C58-19415956C653}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{1E3711C2-0D8D-4CD7-827C-B0DB1DC975D6}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
    "{31CC8BF5-EF68-4072-9B6A-B595EB13D60D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{321EDDA1-5A57-4452-8132-1C8707C0FDB0}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
    "{50B4CD38-6033-45BF-A514-AAC8C7952E2C}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
    "{52AFF526-805D-45E6-8BD8-3F29D3425410}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{558C08BA-A9F3-4A1E-AEB3-A4552FB7FCB7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5C1FF547-2893-4607-9D5A-F8C1ADC32100}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
    "{5D2F614D-A292-4A01-B128-147965827586}" = protocol=6 | dir=in | app=c:\users\jagdish\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{8AD4A14D-6081-46A1-8933-9362501A1556}" = dir=in | app=c:\program files\lenovo\readycomm\readycomm.exe |
    "{8DCCDF90-F0A5-4439-83A8-D808CE6D7F9D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
    "{9853167E-8B52-48F7-83AF-E14A7367FEA6}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
    "{9ACA12F6-BCB7-49D9-ABFF-B2201DB73AD2}" = protocol=17 | dir=in | app=c:\users\jagdish\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{9B693D42-E897-4F06-A845-60BB30FCCDC1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{AC62F939-16E2-4E63-BB9C-13D6168C7BCD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{AEF19BF7-58DC-43A9-A23D-BB48D1387B77}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
    "{BD3B944C-B105-43D4-89FE-FA1C83F15462}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{C3B22AE5-0A2F-400D-BABF-1ABD146C8EBC}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{C8DD9780-D8EE-4970-AB34-E649F1117588}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{CE974DBB-2476-46C7-B988-FB6A3066B49B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D5705607-40AA-4D47-98B9-EDC37931ED40}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
    "{D6B56C0B-1B19-4264-98F5-8AC0FABFE343}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
    "{D7544920-6D20-4075-AEEE-9792D0EB8378}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{E314AE77-1790-46AF-A063-2CD690C36B9C}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
    "{E82C9617-4B11-4C90-91F3-5008E34D7763}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
    "{EBE0156D-021B-4F69-9FA5-D8DC28686872}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{EF07F4A1-BEE0-407D-AC69-EB499FD8F646}" = dir=out | app=c:\program files\lenovo\readycomm\filereceiver.exe |
    "{F30E2D4A-2C8C-4638-81B9-49BA15D5A55A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{F8EB68E2-D2D0-4640-860E-581E85AF7ABD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{FB91F777-27CF-4D56-A47F-0EADEF91CCA8}" = dir=in | app=c:\program files\lenovo\readycomm\filereceiver.exe |
    "{FCF847A8-998B-4885-8577-D669B77D21E8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{FF3DB35C-116A-484F-B1F2-D152FE3DB95C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{2CE149C3-5D6A-41BA-BC40-3E9DAA126774}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
    "TCP Query User{8BFF3C72-1B66-434B-A6D4-54B22952724D}D:\softwares\warcraft iii frozen throne\war3.exe" = protocol=6 | dir=in | app=d:\softwares\warcraft iii frozen throne\war3.exe |
    "TCP Query User{E4A6DCBC-B75E-4577-8EE8-FFAB25FCDBE6}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{E93EC381-32FA-4D8A-8912-1E69A15A9553}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
    "UDP Query User{0B43D1C6-6F51-4356-945A-370B134BEF12}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{8B193407-007E-4332-9C16-13D6D78D51B5}D:\softwares\warcraft iii frozen throne\war3.exe" = protocol=17 | dir=in | app=d:\softwares\warcraft iii frozen throne\war3.exe |
    "UDP Query User{B04E1C68-CADD-4E1D-A251-B727E6314344}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
    "UDP Query User{F2842D9D-C354-4A26-8A65-93700EC53740}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.1.0.4600
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0C485220-4029-48E7-9F27-965DA4A78D5E}" = Samsung Networking Wizard
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
    "{26E9EE62-5517-4C46-8B6E-B7C9A0A95D66}" = SWelCntr
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2C27866B-00E1-4AFF-A199-C7E978A10FC6}" = HUAWEI Mobile Connect
    "{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3FF9FF-2E7E-46D8-9910-1DAF63730E61}" = Rhinoceros 4.0 Training Materials, Level 1
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
    "{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
    "{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}" = Rhinoceros 4.0 Evaluation
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
    "{9B5FE330-0E0C-4CE2-BD96-303E4E9827CE}" = TATA Indicom Dialer
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3A37DA6-70C0-497C-BCB1-148E9EC1D32E}" = Revit Architecture 2009
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C200A620-DD82-42A9-9A32-2CDA92914DCB}" = O2Micro Flash Memory Card Reader Driver (x86)
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C475527D-AB5C-47D8-8C25-85CA3E42B5A4}" = Flamingo 2.0
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EAA190F4-FF0D-4D28-A4E7-E0A20E1DDDFA}" = BitDefender Total Security 2010
    "{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
    "{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
    "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
    "Aide PDF to DXF Converter_is1" = Aide PDF to DXF Converter 6.5
    "AIM_7" = AIM 7
    "AutoCAD 2008 - English" = AutoCAD 2008 - English
    "Autodesk Design Review 2009" = Autodesk Design Review 2009
    "Bhaktivedanta Vedabase 2003" = Bhaktivedanta Vedabase 2003
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "EasyCapture3.0" = EasyCapture
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Garena" = Garena 2010
    "Idea Net Setter" = Idea Net Setter
    "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
    "LF1" = LF1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Opera 11.51.1087" = Opera 11.51
    "Podium Light Fixtures_is1" = Podium Light Fixtures version 1.2.1
    "Podium Plants & Trees_is1" = Podium Plants & Trees version 1.0.4
    "Podium_is1" = Podium
    "Recover Files_is1" = Recover Files 2.0
    "Reliance Netconnect - Broadband+" = Reliance Netconnect - Broadband+
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "StrongDC++" = StrongDC++ 2.41
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Tata Photon+" = Tata Photon+
    "TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
    "uTorrent" = µTorrent
    "VeriFace III" = VeriFace III
    "VLC media player" = VLC media player 0.9.8a
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2690704196-4028234597-4272532801-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  18. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00DA9A15-934E-4FE4-9F3F-14176C6BC582}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{0716E1AB-8385-47DA-8903-ED9AFB71ADFB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{07695FB4-498B-48D9-94A0-1A18D0214D85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1C33311F-B98F-45E9-8C58-19415956C653}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{1E3711C2-0D8D-4CD7-827C-B0DB1DC975D6}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
    "{31CC8BF5-EF68-4072-9B6A-B595EB13D60D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{321EDDA1-5A57-4452-8132-1C8707C0FDB0}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
    "{50B4CD38-6033-45BF-A514-AAC8C7952E2C}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
    "{52AFF526-805D-45E6-8BD8-3F29D3425410}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{558C08BA-A9F3-4A1E-AEB3-A4552FB7FCB7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5C1FF547-2893-4607-9D5A-F8C1ADC32100}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
    "{5D2F614D-A292-4A01-B128-147965827586}" = protocol=6 | dir=in | app=c:\users\jagdish\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{8AD4A14D-6081-46A1-8933-9362501A1556}" = dir=in | app=c:\program files\lenovo\readycomm\readycomm.exe |
    "{8DCCDF90-F0A5-4439-83A8-D808CE6D7F9D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung pc share manager\http_ss_win_pro.exe |
    "{9853167E-8B52-48F7-83AF-E14A7367FEA6}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
    "{9ACA12F6-BCB7-49D9-ABFF-B2201DB73AD2}" = protocol=17 | dir=in | app=c:\users\jagdish\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{9B693D42-E897-4F06-A845-60BB30FCCDC1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{AC62F939-16E2-4E63-BB9C-13D6168C7BCD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{AEF19BF7-58DC-43A9-A23D-BB48D1387B77}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
    "{BD3B944C-B105-43D4-89FE-FA1C83F15462}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{C3B22AE5-0A2F-400D-BABF-1ABD146C8EBC}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{C8DD9780-D8EE-4970-AB34-E649F1117588}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{CE974DBB-2476-46C7-B988-FB6A3066B49B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D5705607-40AA-4D47-98B9-EDC37931ED40}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung pc share manager\wiselinkpro.exe |
    "{D6B56C0B-1B19-4264-98F5-8AC0FABFE343}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
    "{D7544920-6D20-4075-AEEE-9792D0EB8378}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{E314AE77-1790-46AF-A063-2CD690C36B9C}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
    "{E82C9617-4B11-4C90-91F3-5008E34D7763}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
    "{EBE0156D-021B-4F69-9FA5-D8DC28686872}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{EF07F4A1-BEE0-407D-AC69-EB499FD8F646}" = dir=out | app=c:\program files\lenovo\readycomm\filereceiver.exe |
    "{F30E2D4A-2C8C-4638-81B9-49BA15D5A55A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{F8EB68E2-D2D0-4640-860E-581E85AF7ABD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{FB91F777-27CF-4D56-A47F-0EADEF91CCA8}" = dir=in | app=c:\program files\lenovo\readycomm\filereceiver.exe |
    "{FCF847A8-998B-4885-8577-D669B77D21E8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{FF3DB35C-116A-484F-B1F2-D152FE3DB95C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{2CE149C3-5D6A-41BA-BC40-3E9DAA126774}C:\program files\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strongdc++\strongdc.exe |
    "TCP Query User{8BFF3C72-1B66-434B-A6D4-54B22952724D}D:\softwares\warcraft iii frozen throne\war3.exe" = protocol=6 | dir=in | app=d:\softwares\warcraft iii frozen throne\war3.exe |
    "TCP Query User{E4A6DCBC-B75E-4577-8EE8-FFAB25FCDBE6}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{E93EC381-32FA-4D8A-8912-1E69A15A9553}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
    "UDP Query User{0B43D1C6-6F51-4356-945A-370B134BEF12}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{8B193407-007E-4332-9C16-13D6D78D51B5}D:\softwares\warcraft iii frozen throne\war3.exe" = protocol=17 | dir=in | app=d:\softwares\warcraft iii frozen throne\war3.exe |
    "UDP Query User{B04E1C68-CADD-4E1D-A251-B727E6314344}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
    "UDP Query User{F2842D9D-C354-4A26-8A65-93700EC53740}C:\program files\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strongdc++\strongdc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.1.0.4600
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0C485220-4029-48E7-9F27-965DA4A78D5E}" = Samsung Networking Wizard
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
    "{26E9EE62-5517-4C46-8B6E-B7C9A0A95D66}" = SWelCntr
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2C27866B-00E1-4AFF-A199-C7E978A10FC6}" = HUAWEI Mobile Connect
    "{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3FF9FF-2E7E-46D8-9910-1DAF63730E61}" = Rhinoceros 4.0 Training Materials, Level 1
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
    "{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
    "{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}" = Rhinoceros 4.0 Evaluation
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
    "{9B5FE330-0E0C-4CE2-BD96-303E4E9827CE}" = TATA Indicom Dialer
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3A37DA6-70C0-497C-BCB1-148E9EC1D32E}" = Revit Architecture 2009
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C200A620-DD82-42A9-9A32-2CDA92914DCB}" = O2Micro Flash Memory Card Reader Driver (x86)
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C475527D-AB5C-47D8-8C25-85CA3E42B5A4}" = Flamingo 2.0
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EAA190F4-FF0D-4D28-A4E7-E0A20E1DDDFA}" = BitDefender Total Security 2010
    "{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
    "{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
    "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
    "Aide PDF to DXF Converter_is1" = Aide PDF to DXF Converter 6.5
    "AIM_7" = AIM 7
    "AutoCAD 2008 - English" = AutoCAD 2008 - English
    "Autodesk Design Review 2009" = Autodesk Design Review 2009
    "Bhaktivedanta Vedabase 2003" = Bhaktivedanta Vedabase 2003
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "EasyCapture3.0" = EasyCapture
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Garena" = Garena 2010
    "Idea Net Setter" = Idea Net Setter
    "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{ECF9A76C-EDCE-45EF-95B0-6CD652DA8AF8}" = TmlCMode
    "LF1" = LF1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Opera 11.51.1087" = Opera 11.51
    "Podium Light Fixtures_is1" = Podium Light Fixtures version 1.2.1
    "Podium Plants & Trees_is1" = Podium Plants & Trees version 1.0.4
    "Podium_is1" = Podium
    "Recover Files_is1" = Recover Files 2.0
    "Reliance Netconnect - Broadband+" = Reliance Netconnect - Broadband+
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "StrongDC++" = StrongDC++ 2.41
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Tata Photon+" = Tata Photon+
    "TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
    "uTorrent" = µTorrent
    "VeriFace III" = VeriFace III
    "VLC media player" = VLC media player 0.9.8a
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2690704196-4028234597-4272532801-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {B6ADE150-743D-11D4-8141-00E029626F6A} - No CLSID value found.
      O3 - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-2690704196-4028234597-4272532801-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
      @Alternate Data Stream - 905267 bytes -> C:\Users\Jagdish\AppData\Roaming\desktop.ini:init
      @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    i'm sorry
    again due to the moody loading of web pages
    the browser still loads pages moodily and i couldn't reply these few days due to it
    also i'm not able to see the last 18th post of this thread
     
  21. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6ADE150-743D-11D4-8141-00E029626F6A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6ADE150-743D-11D4-8141-00E029626F6A}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2690704196-4028234597-4272532801-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-21-2690704196-4028234597-4272532801-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    ADS C:\Users\Jagdish\AppData\Roaming\desktop.ini:init deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jagdish
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8890900 bytes
    ->Java cache emptied: 1409618 bytes
    ->FireFox cache emptied: 61388227 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 240 bytes
    ->Flash cache emptied: 2188 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 174775 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 69.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jagdish
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.29.1 log created on 10072011_193358

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  22. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    BitDefender Total Security 2010
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 10.3.183.7
    Adobe Reader 8.1.2
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    Common Files BitDefender BitDefender Update Service livesrv.exe
    BitDefender BitDefender 2010 vsserv.exe
    BitDefender BitDefender 2010 bdagent.exe
    BitDefender BitDefender 2010 seccenter.exe
    ``````````End of Log````````````
     
  23. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    What browser is giving you all those issues?
    Did you try different browser?

    I still need Eset scan.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
     
  24. maqsabre

    maqsabre TS Rookie Topic Starter Posts: 21

    i tried ie9. opera and also firefox but none of them seemed working
    other internet programs such as strongdc, emule, torrentz, Garena works fine, connects to the internet very well, as of now the browsers are working .
    the eset scanner took a lot of time and has detected many viruses here's the log




    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6528
    # api_version=3.0.2
    # EOSSerial=a9580cf6c77bbb408db8116017311029
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-10-07 07:07:01
    # local_time=2011-10-08 12:37:01 (+0530, India Standard Time)
    # country="India"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=5892 16776574 100 100 18387344 155529972 0 0
    # compatibility_mode=8192 67108863 100 0 2653 2653 0 0
    # scanned=309512
    # found=151
    # cleaned=151
    # scan_time=15377
    C:\Intel\sag\SimpleSteps-10WeeksToGettingControlOfYourLife.rar Win32/TrojanDownloader.Agent.PBL trojan (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\AutoCAD 2008\Help\logo.gif ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\BitDefender\BitDefender 2010\as2core\antispam_sig_102997\as2sign.slf HTML/Iframe.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\BitDefender\BitDefender 2010\as2core\antispam_sig_103055\as2sign.slf HTML/Iframe.B.Gen virus (deleted (after the next restart) - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\Google\Google SketchUp 6\Plugins\Podium\podium.so probably a variant of Win32/Agent.MPIXTHS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\Google\Google SketchUp 7\Plugins\Podium\podium.so probably a variant of Win32/Agent.MPIXTHS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Jagdish\AppData\Roaming\Autodesk\AutoCAD 2008\R17.1\enu\Support\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Jagdish\AppData\Roaming\Autodesk\AutoCAD 2008\R17.1\enu\Support\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Users\Jagdish\Desktop\alpana ajmera.rar ACAD/Qfas.NAB trojan (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Users\Jagdish\Desktop\Jagdish Sq M 1.1.rar ACAD/Qfas.NAB trojan (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Users\Jagdish\Documents\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Jagdish\Documents\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Users\Jagdish\Documents\Bluetooth Exchange Folder\SoftonicDownloader_for_windows-live-messenger.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Jagdish\Documents\StrongDC++\ZoneAlarm Pro Firewall 2010 v9\keygen.exe a variant of Win32/Keygen.BJ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\2nd year\ad\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\2nd year\ad\COMMunity CENTER\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\3rd year\ad\GKC\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\3rd year\ad\GKC\1\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\3rd year\ad\GKC\Sheets\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\3rd year\history\Measured drawing\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\3rd year\Lalit Dsigns\AD\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\3rd year\Lalit Dsigns\LALIT\ad\for museum\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\3rd year\Lalit Dsigns\LALIT\ad\for social centre\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\3rd year\landscape\Campus Landscape\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\3rd year\landscape\ganesh talav landscape\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\aditya\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\aditya\I\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\aditya\icc_ashish\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\All Blocks\blocks\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\Amit Chauha\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\Convention Center Final Sheets Jagdish\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\New Folder\ICC SHEETS\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\New Folder\ICC SHEETS\ASHISH\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Convention Center\Uday\five star hotel\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\George\09-04-11\PRINT\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Housing\Ashish\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Housing\Ashish\FINAL_06APRIL\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Housing\Ashish\New Folder\housing data\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Housing\housing\housing ad1\FINAL\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Housing\Housing Sheets Final Jagdish\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Housing\Jabedul\HOUSING CAD FILE\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Housing\Jagdish\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Housing\LALIT\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\Housing\Row Houses\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\AD\ICC SHEETS\new\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\4th year\BT\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ACADEMICS\JAGDISH\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Aces of Spaces\0\hanamizu iab publication\IAB _hanamizu_anmarchitecture_final set\drawings\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Aces of Spaces Award Competition\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Aces of Spaces Award Competition\hanamizu iab publication\IAB _hanamizu_anmarchitecture_final set\drawings\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Aces of Spaces Award Competition\hanamizu iab publication\IAB _hanamizu_anmarchitecture_final set\drawings\Discarded ... 24 sept\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Aces of Spaces Award Competition\hanamizu iab publication\IAB _hanamizu_anmarchitecture_final set\Imagery\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\37\dwg\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\CONSTUCTION DETAILS\Assorted\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\CONSTUCTION DETAILS\Assorted\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\final dwgs\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\final dwgs\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\hanamizu\1 PLANS\2 SEC - ELEV\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\hanamizu\2 SEC - ELEV\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\hanamizu\2 SEC - ELEV\old ones\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for boq\pool studio\reference dwgs\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\0 site\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\1 main house\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\2 pool pavillion\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\2 pool pavillion\archive\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\3 forest studio\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\4 outhouse\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\4 outhouse\ARCHIVE\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\FOR SUJATA MATRE\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\IN METRIC SCALE\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\Jagdish\Jagdish Sq Ft\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\Jagdish\Jagdish Sq M\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\Jagdish\Jagdish Sq M 1.1\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\dwgs for permission\Jagdish\Jagdish Sq M 1.1\USEEE\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\xrefs\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\xrefs\1- site\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\xrefs\1- site\Site References\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\xrefs\2- plans\forest studio\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\xrefs\2- plans\main house\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\xrefs\2- plans\pool studio\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\CAD dwgs\xrefs\2- plans\pool studio\New Folder\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\Jagdish\Jagdish Sq Ft\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\Jagdish\Jagdish Sq M\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\Jagdish\Jagdish Sq M 1.1\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\ANM Architecture\Projects\Kamitsuki\Jagdish\Jagdish Sq M 1.1\USEEE\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\EXTRA\All Blocks\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\EXTRA\All Blocks\trees\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\EXTRA\blocks\acad components\trees\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\EXTRA\blocks 4 all\acad components\blocks1\LIB-3(furn)\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\EXTRA\other works\jagdish\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\EXTRA\plans & ele\062\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\Man Pen Drive\housing data\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\New Folder\d\housing ad1\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\New Folder\NASA ANDC=09-10\ANDC (citation entry 09-10)\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\New Folder\pen drive\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\New Folder\re\DESIGN\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\softwares\3dsmax2010\Crack\xf-a2010-32bits.rar a variant of Win32/Keygen.BL application (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\softwares\3dsmax2010\Crack\xf-a2010-64bits.rar a variant of Win32/Keygen.BL application (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\softwares\3dsmax2010\Crack\xf-a2010-32bits\xf-a2010.exe a variant of Win32/Keygen.BL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\softwares\Adobe After Effects v7.0\keygen\keygen.exe a variant of Win32/Keygen.AO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\softwares\Adobe.Creative.Suite.5.Master.Collection.Keymaker.Only-CORE - RevolutionX\Patch + KeyGen\keygen.exe a variant of Win32/Keygen.BH application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\softwares\AUTODESK KEYGEN 2010\AUTODESK KEYGEN 2010\x86\xf-a2010.exe a variant of Win32/Keygen.BL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\softwares\Autodesk Revit 2010\AUTODESK KEYGEN 2010.zip a variant of Win32/Keygen.BL application (deleted - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\softwares\Autodesk Revit 2010\AUTODESK KEYGEN 2010\AUTODESK KEYGEN 2010\x86\xf-a2010.exe a variant of Win32/Keygen.BL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\Architecture\softwares\Sketch Up\podium all\podium161_20090107_setup.exe probably a variant of Win32/Agent.MPIXTHS trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\drivers\System_Repair\Jagdish\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\drivers\System_Repair\Jagdish\FINAL PLOT-13-4-10\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\JK\CAD Blocks\H====H\table\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\JK\CAD Blocks\Interior Blocks of Building\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\JK\CAD Blocks\Trees & Shrubs\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\JK\CONVENTION CENTER\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\JK\MY HOUSING\HOUSING CAD FILE\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\JK\New folder\HOUSING CAD FILE\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\JK\New folder\HOUSING CAD FILE\New folder\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\New Folder\bcm\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\New Folder\Convention Center Final Sheets Jagdish\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\New Folder\Housing Sheets Final Jagdish\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\New Folder\New Folder\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\New Folder\PRINT LALIT FINAL\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\Removable Disk\Arlotte\281\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\Removable Disk\Arlotte\281\a ARCHITECTURE\new umang\acad.vlx ACAD/Qfas.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\Removable Disk\Arlotte\281\a ARCHITECTURE\new umang\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\Removable Disk\Arlotte\281\a ARCHITECTURE\new umang\sketch drawing\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\Removable Disk\Arlotte\281\f STRUCTURE\NEW\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\Removable Disk\Arlotte\281\i CORPORATION\NEW\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\Removable Disk\Arlotte\281\i CORPORATION\old\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\Removable Disk\Arlotte\aloo\A rchitecture\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\dwnlds\Removable Disk\Arlotte\aloo\P lumbing\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\eBooks\coll\Anjaney\[Architecture][Building details[1].Plans.CAD.DWG] Norman Foster.-.Hong Kong and Shanghai Bank\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\jagdish\1000 Tutorials computer tricks and tweeks\trics\UltraMP3_1.52_Crack.sis a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\Best Software In FOne\125[1].Telecom.N.Caller.v1.11.S60.SymbianOS.Cracked-BiNPDA.zip a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\Best Software In FOne\125[1].Telecom.N.Protector.v1.01.S60.SymbianOS.Cracked-BiNPDA.zip a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\Best Software In FOne\125[1].Telecom.N.SMS.v1.11.S60.SymbianOS.Cracked-BiNPDA.zip a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\Best Software In FOne\125[1].Telecom.N.SMS.v1.11.S60.SymbianOS.Cracked-BiNPDA\125.Telecom.N.SMS.v1.11.S60.SymbianOS.Cracked-BiNPDA\BiN-2099.zip a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\Best Software In FOne\125[1].Telecom.N.SMS.v1.11.S60.SymbianOS.Cracked-BiNPDA\125.Telecom.N.SMS.v1.11.S60.SymbianOS.Cracked-BiNPDA\BiN-2099\SMS.Patch.sis a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\Best Software In FOne\safe call log\125[1].Telecom.N.Private.v1.02.S60.SymbianOS.Cracked-BiNPDA.zip a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\Best Software In FOne\safe call log\125.Telecom.N.Private.v1.02.S60.SymbianOS.Cracked-BiNPDA\BiN-2097.zip a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\nokia downloads\mobile games\JAR\Reporo-Nokia-S40v3_240x320.jar a variant of J2ME/TrojanSMS.Boxer.A trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\nokia downloads\mobile games\New Folder\Reporo-Nokia-S40v3_240x320.jar a variant of J2ME/TrojanSMS.Boxer.A trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\soft\soft\new_mp3_paler_v[1][1].3.50.sis a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\soft\soft\softwares\Easy_Lock_1__1_.S60.SymbianOS.Cracked.Arabic.ArBnPdA.zip.php a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\FUN\MOBILE\soft\soft\softwares\EPOCWARE_1_.Handy.Clock.v4.00.S60.SymbianOS7.Cracked_BiNPDA.rar a variant of SymbOS/KillPhone.E trojan (deleted - quarantined) 00000000000000000000000000000000 C
    D:\JAG\3rd yr STUDY MATERIAL\AD\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\JAG\3rd yr STUDY MATERIAL\AD\Market\Work\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\JAG\3rd yr STUDY MATERIAL\AD\PHOTO\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\JAG\3rd yr STUDY MATERIAL\AD\PHOTO\WD\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\JAG\3rd yr STUDY MATERIAL\LANDSCAPE\WORKS\1st Problem\WORK\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\JAG\3rd yr STUDY MATERIAL\LANDSCAPE\WORKS\2nd Problem\Work\Design\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    D:\JAG\3rd yr STUDY MATERIAL\LANDSCAPE\WORKS\2nd Problem\Work\Rest Places\acaddoc.lsp ALS/Bursted.E virus (deleted - quarantined) 00000000000000000000000000000000 C
    J:\4 GB PENDRIVE\Other files\Backup\Mind Habits Trainer 2.5\Mind Habits Trainer 2.5 - Portable.exe probably a variant of Win32/Spy.Agent.NXCYZXH trojan (deleted - quarantined) 00000000000000000000000000000000 C
     
  25. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.