Solved Applications crashing often after running superantispyware

Status
Not open for further replies.
N

niteshsingh_007

Posts: 22   +0
Hi,

I have been noticing crash of many applications in my laptop. I bought this laptop around 3 months back. Everything was fine and stable till I ran SuperAntiSpyware and cleaned the adware cookies. I also did latest windows updates. I am noticing following applications being hanged often and spoiling the whole experience.
1. Google Chrome
2. VLC media player
3. Windows Update (does not start)
4. In control pannel, (link "View network status and task" doesn't start)
5. Few applications randomly crash at the startup

Is there is virus, worm in my pc. AntiMalwareByte didn't report anything.

Thanks a ton for helping.

[HJT log removed - Broni]
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi,

I ran virus scan and did not find any issue.

When I started running TFC (step 2), the application is crashing every time. Attaching the screenshot.
TFC_Crash.jpg
 
I managed to run TFC.exe after several attempts. I am continuing with the next steps.

FYI, event viewer displays following message when any program crashes.

Faulting application name: TFC.exe, version: 3.1.7.0, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
Exception code: 0xc0000005
Fault offset: 0x0003b3d3
Faulting process id: 0xa4c
Faulting application start time: 0x01cbba5aa7f81a68
Faulting application path: E:\Downloads\TFC.exe
Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report Id: e7f2fa8c-264d-11e0-9bc9-c80aa9dbdeae
 
Malwarebytes Anti-Malware completed in second attempt. It crashed in first attempt.

Event Viewer log:
Faulting application name: mbam.exe, version: 1.50.1.3, time stamp: 0x4d0fe807
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
Exception code: 0xc0000005
Fault offset: 0x0003b1c0
Faulting process id: 0xabc
Faulting application start time: 0x01cbba5d009865fc
Faulting application path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report Id: 3ea68947-2650-11e0-8fc2-c80aa9dbdeae

Malwarebytes' Anti-Malware Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5565

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

22-01-2011 11:25:06 PM
mbam-log-2011-01-22 (23-25-06).txt

Scan type: Quick scan
Objects scanned: 159486
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Step 4: No log generated by GMER

Step 5: DDS.txt
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Nitesh at 0:00:30.45 on 23-01-2011
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3892.2092 [GMT 5.5:30]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Minefield\firefox.exe
C:\windows\explorer.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Nitesh\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UCam_Menu] "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: C:\Users\Nitesh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SynBtnAsst] %ProgramFiles%\Synaptics\SynTP\SynBtnAsst.exe Utility_Window
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
mRun-x64: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll

================= FIREFOX ===================

FF - plugin: C:\Users\Nitesh\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\windows\system32\Macromed\Flash\NPSWF64_10_2_161.dll

============= SERVICES / DRIVERS ===============

R?2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-1 136176]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2010-8-29 39008]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2010-10-31 65072]
R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2010-10-31 59880]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-24 273488]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-17 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-24 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-24 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-16 40384]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-29 13336]
R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2010-8-29 69568]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2010-8-29 28176]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-5-17 6366720]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-17 186880]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-1-4 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-12-17 151936]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-5-17 10322848]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-4-19 160880]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\Windows\System32\drivers\jmccgp.sys [2010-8-29 17904]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\Windows\System32\drivers\jmcam.sys [2010-8-29 56688]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\Windows\System32\drivers\jmcam_lo.sys [2010-8-29 31088]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2010-10-31 41888]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
R3 wdmirror;wdmirror;C:\Windows\System32\drivers\WDMirror.sys [2010-8-29 11280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-29 2320920]
S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-10-21 592120]
S3 Bridge0;Bridge0;C:\Windows\System32\drivers\WDBridge.sys [2010-8-29 79376]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-2-25 53800]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-29 35104]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-30 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-15 38152]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-8-29 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-8-29 575304]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2010-12-26 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2010-12-26 13280]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-31 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-01-22 18:15:31 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{C5E08BA8-4847-4300-8422-30170DA91143}\mpengine.dll
2011-01-22 17:01:12 -------- d-----w- C:\windows\pss
2011-01-22 07:14:46 -------- d-----w- C:\Test
2011-01-14 05:14:29 -------- d-----w- C:\Users\Nitesh\AppData\Roaming\Cisco
2011-01-12 18:41:53 720896 ----a-w- C:\windows\System32\odbc32.dll
2011-01-12 18:41:53 573440 ----a-w- C:\windows\SysWow64\odbc32.dll
2011-01-12 18:41:53 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 18:41:52 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 18:41:52 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 18:41:52 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 18:41:52 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 18:41:51 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 18:41:51 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 18:41:51 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2010-12-26 12:14:23 -------- d-----w- C:\PROGRA~3\Codemasters
2010-12-26 12:12:01 839680 ----a-w- C:\windows\SysWow64\mkl_vml_p4.dll
2010-12-26 12:12:01 532480 ----a-w- C:\windows\SysWow64\mkl_vml_p3.dll
2010-12-26 12:12:01 512000 ----a-w- C:\windows\SysWow64\mkl_vml_def.dll
2010-12-26 12:12:01 3485696 ----a-w- C:\windows\SysWow64\mkl_p4.dll
2010-12-26 12:12:00 872448 ----a-w- C:\windows\SysWow64\rapture3d_oal.dll
2010-12-26 12:12:00 2793472 ----a-w- C:\windows\SysWow64\mkl_p3.dll
2010-12-26 12:12:00 2441216 ----a-w- C:\windows\SysWow64\mkl_def.dll
2010-12-26 12:12:00 2174976 ----a-w- C:\windows\SysWow64\mkl_lapack32.dll
2010-12-26 12:12:00 2125824 ----a-w- C:\windows\SysWow64\mkl_lapack64.dll
2010-12-26 12:12:00 184320 ----a-w- C:\windows\SysWow64\libguide40.dll
2010-12-26 11:52:05 -------- d-----w- C:\Program Files (x86)\Codemasters
2010-12-26 11:45:54 255552 ----a-w- C:\windows\SysWow64\drivers\mcdbus.sys
2010-12-26 11:45:54 255552 ----a-w- C:\windows\System32\drivers\mcdbus.sys
2010-12-26 11:45:53 -------- d-----w- C:\Program Files (x86)\MagicDisc
2010-12-26 08:44:36 801352 ----a-w- C:\windows\System32\pwNative.exe
2010-12-26 08:44:36 19936 ------w- C:\windows\System32\pwdrvio.sys
2010-12-26 08:44:18 13280 ------w- C:\windows\System32\pwdspio.sys
2010-12-24 17:09:43 -------- d-----w- C:\Users\Nitesh\AppData\Local\Cisco
2010-12-24 17:06:42 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
2010-12-24 17:06:42 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2010-12-24 17:04:54 -------- d-----w- C:\PROGRA~3\Cisco
2010-12-23 20:10:35 62032 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2010-12-23 20:09:39 38848 ----a-w- C:\windows\avastSS.scr
2010-12-23 20:09:35 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-12-23 19:53:49 -------- d-----w- C:\Users\Nitesh\AppData\Roaming\SUPERAntiSpyware.com
2010-12-23 19:53:49 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-12-23 19:53:07 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-12-23 19:53:05 -------- d-----w- C:\Program Files\SUPERAntiSpyware

==================== Find3M ====================

2010-12-26 12:11:41 466520 ----a-w- C:\windows\System32\wrap_oal.dll
2010-12-26 12:11:41 445016 ----a-w- C:\windows\SysWow64\wrap_oal.dll
2010-12-26 12:11:41 122968 ----a-w- C:\windows\System32\OpenAL32.dll
2010-12-26 12:11:41 109144 ----a-w- C:\windows\SysWow64\OpenAL32.dll
2010-12-20 12:38:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2010-11-09 03:55:57 1502208 ----a-w- C:\windows\System32\inetcpl.cpl
2010-11-09 03:52:06 2381824 ----a-w- C:\windows\System32\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:33 1137664 ----a-w- C:\windows\System32\FntCache.dll
2010-11-02 05:18:17 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-11-02 05:18:05 1544192 ----a-w- C:\windows\System32\DWrite.dll
2010-11-02 05:17:48 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
2010-11-02 05:17:48 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
2010-11-02 05:17:47 902656 ----a-w- C:\windows\System32\d2d1.dll
2010-11-02 05:17:47 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2010-11-02 05:17:38 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-11-02 04:26:00 1076736 ----a-w- C:\windows\SysWow64\DWrite.dll
2010-11-02 04:25:43 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2010-11-02 04:25:43 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2010-11-02 04:25:43 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2010-11-02 04:25:42 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2010-11-02 02:50:58 258048 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2010-11-01 23:03:02 1448448 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2010-11-01 22:59:07 2381824 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-10-30 17:54:17 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2010-10-27 05:06:22 2048 ----a-w- C:\windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\windows\SysWow64\tzres.dll

============= FINISH: 0:05:04.72 ===============
 
Attach.txt


==== Installed Programs ======================


µTorrent
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.4.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
avast! Free Antivirus
Bing Bar
Bing Bar Platform
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco AnyConnect VPN Client
Cisco IP Communicator 7.0.3
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
CyberLink YouCam
D3DX10
DiRT2
Energy Management
Feedback Tool
Fences
Game Booster
Google Earth
Google Update Helper
Grand Theft Auto IV
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
KeatProX 2.1.3.1
Lenovo DirectShare
Lenovo EasyCamera
Lenovo MuteSync
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Lenovo SlideNav
Lenovo SplitScreen
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MiniTool Partition Wizard Home Edition 5.2
MSVCRT
MSVCRT_amd64
Onekey Theater
OpenAL
PDF Settings
Power2Go
PowerXpressHybrid
PX Profile Update
Rapture3D 2.3.22 Game
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Spelling Dictionaries Support For Adobe Reader 9
ThreatFire
VeriFace
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VLC media player 1.1.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== End Of File ===========================
 
Just to add, after DDS scan completed, a message popped out.

"Windows command processor has stopped working"
Event viewer again displays same dll file as faulting module path.

Faulting application name: cmd.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc19e
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
Exception code: 0xc0000374
Fault offset: 0x000cdc9b
Faulting process id: 0xde4
Faulting application start time: 0x01cbba6426a0be3d
Faulting application path: C:\windows\SysWOW64\cmd.exe
Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report Id: 6544d839-2657-11e0-93ea-c80aa9dbdeae

Is the file corrupted? Thank you a lot for the help.
 
A single error is usually meaningless. Don't worry about it.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Lenovo
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: IdeaPad Y560
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 176):
0x0361D000 \SystemRoot\system32\ntoskrnl.exe
0x03BF9000 \SystemRoot\system32\hal.dll
0x00B9F000 \SystemRoot\system32\kdcom.dll
0x00CDF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D23000 \SystemRoot\system32\PSHED.dll
0x00D37000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E1E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EC2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ED1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F28000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F31000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F3B000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F6E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F7B000 \SystemRoot\System32\drivers\partmgr.sys
0x00F90000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F99000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FA5000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D95000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FBA000 \SystemRoot\System32\drivers\mountmgr.sys
0x010C3000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012CD000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012D6000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01300000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0130B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0131B000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01326000 \SystemRoot\system32\drivers\fltmgr.sys
0x01372000 \SystemRoot\system32\drivers\fileinfo.sys
0x01386000 \SystemRoot\system32\drivers\TfFsMon.sys
0x0139A000 \SystemRoot\system32\drivers\TfSysMon.sys
0x01420000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x015C2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01613000 \SystemRoot\System32\Drivers\cng.sys
0x01686000 \SystemRoot\System32\drivers\pcw.sys
0x01697000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016A1000 \SystemRoot\system32\drivers\ndis.sys
0x01793000 \SystemRoot\system32\drivers\NETIO.SYS
0x0105E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x013AB000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017F3000 \SystemRoot\System32\Drivers\spldr.sys
0x01089000 \SystemRoot\System32\drivers\rdyboost.sys
0x01600000 \SystemRoot\System32\Drivers\mup.sys
0x015DC000 \SystemRoot\System32\DRIVERS\LhdX64.sys
0x015EA000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018A1000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018DB000 \SystemRoot\system32\DRIVERS\disk.sys
0x018F1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0425F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04289000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x042BA000 \SystemRoot\System32\Drivers\Null.SYS
0x042C3000 \SystemRoot\System32\Drivers\Beep.SYS
0x042CA000 \SystemRoot\System32\drivers\vga.sys
0x042D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x042FD000 \SystemRoot\System32\drivers\watchdog.sys
0x0430D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04316000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0431F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04328000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04333000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C01000 \SystemRoot\System32\drivers\tcpip.sys
0x04344000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0438E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x043AC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x043B9000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x0192F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01974000 \SystemRoot\system32\drivers\afd.sys
0x043C9000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x043D3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04000000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04026000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043DC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01800000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043EB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0181B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x01825000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x0182F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01880000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0188C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01400000 \SystemRoot\System32\drivers\discache.sys
0x00FD4000 \SystemRoot\System32\Drivers\dfsc.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0x0140F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03A1D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03A66000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A8C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x048E9000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x05600000 \SystemRoot\system32\DRIVERS\igdpmd64.sys
0x03AC0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F4D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05FD9000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05FEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04F93000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04824000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x0484F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x06428000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x06B88000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06B95000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x06400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06BE6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0487E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x06BF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x048D1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04FE9000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0x03BB4000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x03BDA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x06BF7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0641E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03BF0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x044B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x044DA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x044E6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04515000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04530000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04551000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0456B000 \SystemRoot\system32\DRIVERS\WDMirror.sys
0x04572000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x045AF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x045B1000 \SystemRoot\system32\DRIVERS\ks.sys
0x04400000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04412000 \SystemRoot\system32\DRIVERS\WDKMD.sys
0x04422000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0447C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07AD0000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07D11000 \SystemRoot\system32\drivers\portcls.sys
0x07D4E000 \SystemRoot\system32\drivers\drmk.sys
0x07D70000 \SystemRoot\system32\drivers\ksthunk.sys
0x07D76000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07D84000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07D9D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07DA6000 \SystemRoot\system32\DRIVERS\udfs.sys
0x07A00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07A0E000 \SystemRoot\system32\DRIVERS\jmccgp.sys
0x07A11000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07A3B000 \SystemRoot\System32\Drivers\jmcam_lo.sys
0x07A41000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07A6F000 \SystemRoot\System32\Drivers\jmcam.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x07A7C000 \SystemRoot\System32\drivers\Dxapi.sys
0x07A88000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0403C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07A96000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x07AA9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x00820000 \SystemRoot\System32\ATMFD.DLL
0x04491000 \SystemRoot\system32\drivers\luafv.sys
0x02206000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x02240000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x02249000 \SystemRoot\system32\drivers\WudfPf.sys
0x0226A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0227F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x022D2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x022E5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02301000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x0230B000 \SystemRoot\system32\drivers\HTTP.sys
0x023D3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07AB7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0945D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0948A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x094D8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x094FB000 \SystemRoot\system32\drivers\peauth.sys
0x095A1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x095AC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x095D9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09EC6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09F2D000 \SystemRoot\System32\DRIVERS\srv.sys
0x09FC3000 \??\C:\windows\system32\drivers\TfNetMon.sys
0x09FD1000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x09FE6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x09E00000 \SystemRoot\system32\drivers\spsys.sys
0x77890000 \Windows\System32\ntdll.dll
0x47AA0000 \Windows\System32\smss.exe
0xFFBB0000 \Windows\System32\apisetschema.dll

Processes (total 86):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
508 C:\Windows\System32\csrss.exe
556 C:\Windows\System32\wininit.exe
576 C:\Windows\System32\csrss.exe
612 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
916 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
960 C:\Windows\System32\atiesrxx.exe
120 C:\Windows\System32\winlogon.exe
452 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\svchost.exe
476 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\audiodg.exe
1136 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\atieclxx.exe
1392 C:\Windows\System32\svchost.exe
1532 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1540 C:\Windows\System32\wlanext.exe
1548 C:\Windows\System32\conhost.exe
1928 C:\Windows\System32\dwm.exe
1940 C:\Windows\explorer.exe
1692 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1708 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1684 C:\Windows\System32\igfxpers.exe
1696 C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
1756 C:\Program Files\Microsoft Security Client\msseces.exe
1736 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
1720 C:\Windows\System32\igfxtray.exe
1792 C:\Windows\System32\hkcmd.exe
1316 C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
1268 C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
1996 C:\Program Files (x86)\uTorrent\uTorrent.exe
696 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1292 C:\Program Files\Windows Sidebar\sidebar.exe
1820 C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
2284 C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2472 C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
2480 C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
2524 C:\Program Files (x86)\ThreatFire\TFTray.exe
2540 C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
2556 C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
2564 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
2580 C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
2596 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2884 C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
3000 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3060 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3352 C:\Windows\System32\spoolsv.exe
3392 C:\Windows\System32\svchost.exe
3424 C:\Windows\System32\taskhost.exe
3684 C:\Windows\System32\taskeng.exe
3736 C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
3508 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
3692 C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
848 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
4016 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2356 C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
3308 C:\Windows\System32\svchost.exe
3452 C:\Program Files (x86)\ThreatFire\TFService.exe
3500 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
4132 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
4160 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
4224 C:\Windows\System32\wbem\WmiPrvSE.exe
4540 C:\Windows\System32\svchost.exe
4592 C:\Windows\System32\SearchIndexer.exe
4696 C:\Windows\System32\wbem\unsecapp.exe
4864 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2144 C:\Windows\System32\svchost.exe
3980 C:\Windows\System32\wbem\unsecapp.exe
4004 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
5620 C:\Windows\System32\sppsvc.exe
5332 C:\Program Files\Minefield\firefox.exe
2248 C:\Program Files\Minefield\plugin-container.exe
4268 C:\Windows\servicing\TrustedInstaller.exe
5820 C:\Windows\System32\SearchProtocolHost.exe
6104 C:\Windows\System32\SearchFilterHost.exe
5272 C:\Windows\System32\svchost.exe
6080 C:\Windows\System32\dllhost.exe
2904 C:\Windows\System32\dllhost.exe
4632 C:\Users\Nitesh\Desktop\MBRCheck.exe
1236 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000069`21e00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000025`8c22aa00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-24A0RT0, Rev: 01.01A02

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
Combofix was crashing in normal mode. Had to run in safe mode.

RKILL:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 23-01-2011 at 10:09:55.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 23-01-2011 at 10:10:01.

COMBOFIX:

ComboFix 11-01-22.02 - Nitesh 23-01-2011 10:12:16.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3892.2974 [GMT 5.5:30]
Running from: c:\users\Nitesh\Desktop\Nitesh.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\s.bat
c:\windows\system32\twunk_32.exe
c:\windows\SysWow64\twunk_32.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-23 04:47 . 2011-01-23 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-23 04:40 . 2011-01-23 04:40 -------- d-----w- C:\32788R22FWJFW
2011-01-23 04:15 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21D9B69F-48A6-4AB8-B9F5-189F43338861}\mpengine.dll
2011-01-22 07:14 . 2011-01-22 07:48 -------- d-----w- C:\Test
2011-01-16 07:22 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-14 05:14 . 2011-01-14 05:14 -------- d-----w- c:\users\Nitesh\AppData\Roaming\Cisco
2011-01-12 18:41 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 18:41 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 18:41 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 18:41 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 18:41 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 18:41 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 18:41 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 18:41 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 18:41 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 18:41 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2010-12-26 12:14 . 2010-12-26 12:14 -------- d-----w- c:\programdata\Codemasters
2010-12-26 12:12 . 2009-07-13 13:34 839680 ----a-w- c:\windows\SysWow64\mkl_vml_p4.dll
2010-12-26 12:12 . 2009-07-13 13:34 532480 ----a-w- c:\windows\SysWow64\mkl_vml_p3.dll
2010-12-26 12:12 . 2009-07-13 13:34 512000 ----a-w- c:\windows\SysWow64\mkl_vml_def.dll
2010-12-26 12:12 . 2009-07-13 13:34 3485696 ----a-w- c:\windows\SysWow64\mkl_p4.dll
2010-12-26 12:12 . 2009-10-16 05:49 872448 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2010-12-26 12:12 . 2009-07-13 13:34 2793472 ----a-w- c:\windows\SysWow64\mkl_p3.dll
2010-12-26 12:12 . 2009-07-13 13:34 2441216 ----a-w- c:\windows\SysWow64\mkl_def.dll
2010-12-26 12:12 . 2009-07-13 13:34 2174976 ----a-w- c:\windows\SysWow64\mkl_lapack32.dll
2010-12-26 12:12 . 2009-07-13 13:34 2125824 ----a-w- c:\windows\SysWow64\mkl_lapack64.dll
2010-12-26 12:12 . 2009-07-13 13:34 184320 ----a-w- c:\windows\SysWow64\libguide40.dll
2010-12-26 11:52 . 2010-12-26 11:52 -------- d-----w- c:\program files (x86)\Codemasters
2010-12-26 11:45 . 2009-02-24 13:05 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2010-12-26 11:45 . 2009-02-24 13:05 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-12-26 11:45 . 2010-12-26 11:46 -------- d-----w- c:\program files (x86)\MagicDisc
2010-12-26 08:44 . 2010-08-16 10:01 19936 ------w- c:\windows\system32\pwdrvio.sys
2010-12-26 08:44 . 2010-08-16 10:01 801352 ----a-w- c:\windows\system32\pwNative.exe
2010-12-26 08:44 . 2010-08-16 10:01 13280 ------w- c:\windows\system32\pwdspio.sys
2010-12-24 17:09 . 2010-12-24 17:09 -------- d-----w- c:\users\Nitesh\AppData\Local\Cisco
2010-12-24 17:06 . 2010-12-24 17:06 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2010-12-24 17:06 . 2010-12-24 17:06 -------- d-----w- c:\program files (x86)\Cisco Systems
2010-12-24 17:04 . 2010-12-24 17:06 -------- d-----w- c:\programdata\Cisco

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 15:49 . 2010-12-16 22:17 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-01-21 15:49 . 2010-12-11 13:59 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-18 18:10 . 2010-12-11 13:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-01-17 13:45 . 2010-12-16 22:17 293184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-13 10:20 . 2010-10-28 17:18 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-13 08:47 . 2010-12-23 20:09 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-13 08:41 . 2010-12-23 20:10 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-12-23 20:10 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-12-23 20:10 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-12-23 20:10 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-12-23 20:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-31 20:06 . 2010-12-23 20:09 38848 ----a-w- c:\windows\avastSS.scr
2010-12-20 12:39 . 2010-12-23 17:17 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 12:38 . 2010-12-23 17:17 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 00:13 . 2010-12-18 00:14 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A121D0E-9EE4-4B35-A759-E342994B3C37}\gapaengine.dll
2010-11-10 05:35 . 2010-12-17 23:57 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2010-11-09 03:55 . 2010-11-26 05:30 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-09 03:52 . 2010-11-26 05:31 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 05:18 . 2010-12-17 01:44 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-17 01:44 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-17 01:44 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-17 01:44 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-17 01:44 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-17 01:44 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-17 01:44 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-17 01:44 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-17 01:44 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-17 01:44 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-11-01 23:03 . 2010-11-26 05:30 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2010-11-01 22:59 . 2010-11-26 05:31 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-10-30 17:54 . 2010-10-30 17:54 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2010-10-27 05:06 . 2010-12-17 00:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-17 00:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-11 395640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-16 2988784]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-02-03 167008]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2010-08-29 3122528]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-05 98304]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"Lenovo SplitScreen"="c:\program files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe" [2010-06-23 778592]
"Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [2009-12-30 318400]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]

c:\users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-12-26 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-1-12 1082656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 65072]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59880]
R1 aswSP;aswSP; [x]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-05 202752]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 Slidebar Notifier Service;Slidebar Notifier Service;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2009-12-30 69568]
R2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-10-21 592120]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-05-05 6366720]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-05 186880]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-15 38152]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-05-05 10322848]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-03-26 160880]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys [2010-02-05 56688]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys [2010-02-05 31088]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-11-17 575304]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 13280]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 41888]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1255736]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys [2010-02-05 17904]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-17 7680512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 05:11]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 05:11]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-08-29 15:09 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynBtnAsst"="%ProgramFiles%\Synaptics\SynTP\SynBtnAsst.exe Utility_Window" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-13 10810912]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-13 2014752]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-05 413720]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-05 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-05 391192]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-03-11 4448704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-11 7056832]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Nitesh\AppData\Roaming\Mozilla\Firefox\Profiles\9dh3ri0t.default\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,5e,3f,20,39,23,34,33,1c,77,23,db,43,a9,09,d8,e0,8f,1e,de,af,
16,84,29,b3,30,9c,af,80,c7,e5,fe,2c,9c,f1,3a,6d,6e,14,17,ae,14,df,f2,c0,cc,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-23 10:18:23
ComboFix-quarantined-files.txt 2011-01-23 04:48

Pre-Run: 95,214,084,096 bytes free
Post-Run: 95,040,360,448 bytes free

- - End Of File - - 90E0C931632F7D267557A2306EED0230
 
You're running two AV programs, Avast and Microsoft Security Essentials.
One of them has to go.
Your choice.

Combofix log looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
While trying uninstalling the Avast, I received following. I will uninstall this in safe mode. And then will go ahead with next scan.

[Window Title]
Programs and Features

[Content]
An error occurred while trying to uninstall avast! Free Antivirus. It may have already been uninstalled.

Would you like to remove avast! Free Antivirus from the Programs and Features list?

[Yes] [No]
 
OTL.txt
=============
OTL logfile created on: 1/23/2011 2:35:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Nitesh\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.99 Gb Total Space | 88.80 Gb Free Space | 59.20% Space Free | Partition Type: NTFS
Drive D: | 30.48 Gb Total Space | 20.24 Gb Free Space | 66.42% Space Free | Partition Type: NTFS
Drive E: | 270.34 Gb Total Space | 208.94 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 6.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NKS | User Name: Nitesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/23 14:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe
PRC - [2011/01/20 16:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\gbtray.exe
PRC - [2010/12/11 23:13:45 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/10/21 12:33:58 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/08/29 20:39:12 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/03/04 01:46:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 01:46:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/04 04:18:12 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2009/12/19 08:22:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2009/11/05 03:15:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/05 03:15:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (SafeList) ==========

MOD - [2011/01/23 14:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe
MOD - [2010/10/26 00:44:43 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2010/08/21 10:51:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFWAH.dll
MOD - [2009/07/14 06:45:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
MOD - [2009/07/14 06:45:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009/07/14 06:45:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll
MOD - [2009/07/14 06:39:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/06/11 02:53:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 23:19:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/05 20:55:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/05 15:56:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 15:37:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 15:36:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/01/12 21:45:24 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/30 11:57:00 | 000,069,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe -- (Slidebar Notifier Service)
SRV:64bit: - [2009/11/17 20:30:54 | 000,575,304 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 19:52:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/14 07:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/31 01:29:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/21 12:33:58 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 01:46:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/11/05 03:15:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/05 03:15:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/15 10:57:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/11 02:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/21 12:20:40 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/30 03:51:44 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/08/30 03:51:44 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/30 03:47:30 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/08/16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010/05/05 21:36:04 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/05 20:01:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/05 19:28:02 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/05/05 19:28:02 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/03 16:49:40 | 000,317,488 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/16 17:15:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/03/26 12:33:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/03/18 03:51:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/03/04 01:21:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/17 23:53:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 23:53:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/05 22:50:32 | 000,056,688 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam.sys -- (JmUsbVideo)
DRV:64bit: - [2010/02/05 22:21:30 | 000,031,088 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam_lo.sys -- (JmUsbVideo2)
DRV:64bit: - [2010/02/05 20:53:40 | 000,017,904 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmccgp.sys -- (JmUsbCcgp)
DRV:64bit: - [2010/01/27 08:35:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/01/15 23:38:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/15 06:21:20 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/15 06:21:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 06:21:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010/01/14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/01/14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009/12/14 13:33:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/10/26 10:09:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/19 06:10:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/10/16 09:02:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/09/18 02:24:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/21 19:50:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 17:25:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/16 09:08:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/14 07:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 07:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 07:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 07:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 02:08:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 02:05:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/11 02:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 02:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 02:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 02:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 12:03:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/08/06 18:02:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



[2010/10/26 23:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nitesh\AppData\Roaming\Mozilla\Extensions
[2011/01/22 22:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nitesh\AppData\Roaming\Mozilla\Firefox\Profiles\9dh3ri0t.default\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\NITESH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DH3RI0T.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}.XPI
() (No name found) -- C:\USERS\NITESH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DH3RI0T.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

O1 HOSTS File: ([2009/06/11 02:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 123.176.37.38 123.176.37.37 202.53.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/15 15:22:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 22:33:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/11/23 17:35:40 | 006,321,456 | R--- | M] (Codemasters Software Co.) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/28 18:53:06 | 000,000,068 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/01/23 14:14:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe
[2011/01/23 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\Desktop\ShExView
[2011/01/23 10:23:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/23 10:18:25 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/01/23 10:11:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/01/23 10:11:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/01/23 10:11:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/01/23 10:10:59 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/01/23 10:10:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/23 10:10:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/01/23 10:10:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/01/22 22:31:12 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/01/22 12:44:46 | 000,000,000 | ---D | C] -- C:\Test
[2011/01/16 12:52:19 | 000,237,168 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/01/14 10:44:29 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\AppData\Roaming\Cisco
[2011/01/10 18:27:57 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\Desktop\RUCHY
[2010/12/26 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2010/12/26 17:44:22 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\Documents\My Games
[2010/12/26 17:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2010/12/26 17:42:00 | 000,872,448 | ---- | C] (Blue Ripple Sound Limited) -- C:\windows\SysWow64\rapture3d_oal.dll
[2010/12/26 17:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2010/12/26 17:41:41 | 000,466,520 | ---- | C] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2010/12/26 17:41:41 | 000,445,016 | ---- | C] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
[2010/12/26 17:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/12/26 17:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters
[2010/12/26 17:16:15 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2010/12/26 17:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2010/12/26 17:15:54 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysWow64\drivers\mcdbus.sys
[2010/12/26 17:15:54 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysNative\drivers\mcdbus.sys
[2010/12/26 17:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2010/12/24 22:39:43 | 000,000,000 | ---D | C] -- C:\Users\Nitesh\AppData\Local\Cisco
[2010/12/24 22:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco IP Communicator
[2010/12/24 22:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2010/12/24 22:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2010/12/24 22:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2010/12/24 22:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/23 14:19:20 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 14:19:20 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 14:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe
[2011/01/23 14:12:43 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/23 14:11:45 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2011/01/23 14:11:37 | 3061,166,080 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/23 13:47:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/23 12:13:54 | 000,184,900 | ---- | M] () -- C:\Users\Nitesh\Documents\backup_reg.reg
[2011/01/23 11:45:54 | 000,466,520 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2011/01/23 11:45:54 | 000,445,016 | ---- | M] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
[2011/01/22 19:18:18 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/01/22 19:18:18 | 000,630,560 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/01/22 19:18:18 | 000,111,612 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/01/16 20:00:22 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/01/16 17:07:13 | 000,001,986 | -H-- | M] () -- C:\Users\Nitesh\Documents\Default.rdp
[2011/01/15 13:39:07 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2011/01/15 13:39:06 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2011/01/13 14:17:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/01/09 17:43:32 | 000,004,292 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010/12/26 17:16:15 | 000,000,993 | ---- | M] () -- C:\Users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/12/26 17:16:15 | 000,000,957 | ---- | M] () -- C:\Users\Nitesh\Desktop\MagicDisc.lnk
[2010/12/26 14:21:19 | 000,001,089 | ---- | M] () -- C:\windows\PWCMDLST.BAK
[2010/12/25 00:10:51 | 002,374,456 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/23 12:13:54 | 000,184,900 | ---- | C] () -- C:\Users\Nitesh\Documents\backup_reg.reg
[2011/01/23 10:11:05 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/01/23 10:11:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/01/23 10:11:05 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/01/23 10:11:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/01/23 10:11:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/01/22 23:07:12 | 000,000,993 | ---- | C] () -- C:\Users\Nitesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/01/22 23:07:12 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/01/09 17:43:23 | 000,004,292 | ---- | C] () -- C:\WirelessDiagLog.csv
[2010/12/26 17:16:15 | 000,000,957 | ---- | C] () -- C:\Users\Nitesh\Desktop\MagicDisc.lnk
[2010/12/26 14:21:19 | 000,001,089 | ---- | C] () -- C:\windows\PWCMDLST.BAK
[2010/12/26 14:14:36 | 000,801,352 | ---- | C] () -- C:\windows\SysNative\pwNative.exe
[2010/12/26 14:14:36 | 000,019,936 | ---- | C] () -- C:\windows\SysNative\pwdrvio.sys
[2010/12/26 14:14:18 | 000,013,280 | ---- | C] () -- C:\windows\SysNative\pwdspio.sys
[2010/12/24 22:26:04 | 000,001,986 | -H-- | C] () -- C:\Users\Nitesh\Documents\Default.rdp
[2010/12/18 05:27:43 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/10/31 11:10:19 | 000,000,000 | ---- | C] () -- C:\Users\Nitesh\AppData\Roaming\Stardockfences_debug_snapshot.dat
[2010/10/26 11:36:28 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2010/08/29 20:49:05 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2010/08/29 20:39:17 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2010/08/29 20:39:17 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2010/08/29 20:39:09 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2010/05/17 13:01:28 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/05/17 13:01:28 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/14 02:33:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/01/14 10:44:29 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\Cisco
[2010/11/13 16:32:23 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\ICAClient
[2010/11/07 09:57:56 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\IObit
[2010/10/26 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\Lenovo
[2010/10/25 21:50:10 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\ooVoo Details
[2010/10/31 11:10:16 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\Stardock
[2011/01/23 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\Nitesh\AppData\Roaming\uTorrent
[2011/01/21 20:15:10 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/20 13:01:13 | 000,229,447 | ---- | M] () -- C:\AnalysisLog.sr0
[2010/11/20 13:02:02 | 000,180,928 | ---- | M] () -- C:\AnalysisLogApi.sr1
[2011/01/23 10:18:24 | 000,025,088 | ---- | M] () -- C:\ComboFix.txt
[2011/01/23 14:12:47 | 001,254,517 | ---- | M] () -- C:\FaceProv.log
[2011/01/23 14:11:37 | 3061,166,080 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 05:07:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/29 20:18:27 | 000,000,032 | ---- | M] () -- C:\mute.log
[2011/01/23 14:11:45 | 4081,557,504 | -HS- | M] () -- C:\pagefile.sys
[2010/08/29 20:11:15 | 000,003,238 | ---- | M] () -- C:\RHDSetup.log
[2011/01/23 10:10:01 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2011/01/09 17:43:32 | 000,004,292 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2009/07/14 11:02:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 11:02:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 11:02:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 11:02:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 02:19:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 10:24:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/26 00:14:25 | 000,000,221 | -HS- | M] () -- C:\Users\Nitesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/23 14:14:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nitesh\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 02:50:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/08/29 20:18:08 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/08/29 20:18:08 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/08/29 20:18:08 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/08/29 20:18:08 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/08/29 20:18:08 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/08/29 20:18:08 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/26 00:40:38 | 000,000,402 | -HS- | M] () -- C:\Users\Nitesh\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/26 11:36:28 | 000,000,088 | ---- | M] () -- C:\ProgramData\profile.xml

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 1/23/2011 2:35:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Nitesh\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.99 Gb Total Space | 88.80 Gb Free Space | 59.20% Space Free | Partition Type: NTFS
Drive D: | 30.48 Gb Total Space | 20.24 Gb Free Space | 66.42% Space Free | Partition Type: NTFS
Drive E: | 270.34 Gb Total Space | 208.94 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
Drive F: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 6.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NKS | User Name: Nitesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Minefield\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D9917CE-1C77-4B58-A153-DCB5A854ED82}" = Intel(R) Wireless Display
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{35FCDA3F-13F2-3786-A9A8-115A1FE7FFC1}" = ATI Catalyst Install Manager
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{7579822E-65DD-0016-D4AA-E7028CA42996}" = ccc-utility64
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"DFEA59689C004DFD0378309F3A583EA32D78A1B3" = Windows Driver Package - Broadcom Bluetooth (01/06/2010 6.2.0.9416)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Minefield 4.0b10pre (x64 en-US)" = Minefield 4.0b10pre (x64 en-US)
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{031E99E6-CFB5-86D2-E781-ABB59FEFE7F9}" = ccc-core-static
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{087C73E4-1F5F-8076-C460-38FB0985C82E}" = CCC Help Dutch
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B12F597-F346-840F-923A-0D6C27739EA6}" = CCC Help Czech
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15314AB9-AA3C-F93D-81F1-ACFDCC4FAF1E}" = CCC Help Greek
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2022BA2B-0473-7494-13E9-B9DDCDDD6D56}" = CCC Help Swedish
"{23166152-0968-047C-8B1C-9E26C029D132}" = CCC Help Spanish
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}" = Lenovo MuteSync
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CA2332F-E8EE-50C9-7CCD-7514D318A734}" = CCC Help Norwegian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4425901D-1347-04FB-C48C-040E4BDD98B2}" = PX Profile Update
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DFE2035-FCC7-CCF9-6DA8-CA798CFC7CBD}" = CCC Help Chinese Standard
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54A8CEB5-43EB-69CD-72BE-A8BC11869FAE}" = Catalyst Control Center Graphics Previews Common
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5A33AE1F-6F70-76BC-FE71-46EF2F592983}" = CCC Help Polish
"{5B36F08E-DC81-E672-1472-A145CF499A73}" = CCC Help Finnish
"{5CA178AC-08C9-57EE-928F-BFE8B7A85499}" = Catalyst Control Center Graphics Light
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{668842FC-6827-4B6F-82BF-3828BE6D3007}" = Cisco AnyConnect VPN Client
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BC27278-28F6-D98A-587C-591FD8DDDC4C}" = PowerXpressHybrid
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D739CFA-F1E2-547F-A62D-7B64F3C38B5A}" = CCC Help Thai
"{7D9CEBD0-0CAE-462D-8191-591ACC79E430}" = Catalyst Control Center - Branding
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{833330D8-5751-7965-3B70-3FD0B36CBEE3}" = CCC Help Chinese Traditional
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D289B05-E91B-5470-68EF-488CC2899D5F}" = Catalyst Control Center Localization All
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB76CA4-B4EE-E837-0B24-7256A2144626}" = CCC Help English
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2DCEC03-EC54-D9D1-B81E-CCEE6360EC51}" = CCC Help French
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABE960C6-8021-4CF5-0715-60585FBBCD62}" = Catalyst Control Center Graphics Previews Vista
"{AC44D352-909B-846F-A217-2756902909D9}" = CCC Help Danish
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADFBBAF0-6C88-EF43-9B37-737C75FBE0F8}" = CCC Help German
"{AF04EDB5-5624-196C-EE7C-AA2D788D3F5D}" = CCC Help Japanese
"{AF959F87-4F17-C216-BA91-39669C2D8CE3}" = Catalyst Control Center InstallProxy
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B8F589E9-2EAE-5EBD-5D59-E11F2BDA6E03}" = CCC Help Portuguese
"{B914FC95-C386-A758-1006-DCCEE9AE360B}" = Catalyst Control Center Core Implementation
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCA8A486-5FF7-F52B-EEF3-CB8C3EDBA6F8}" = CCC Help Italian
"{C01A1083-0C1F-864E-8C47-A36E35C2072B}" = CCC Help Turkish
"{C23DD57A-09D0-5322-26C9-7BBA08305CCF}" = CCC Help Hungarian
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4919919-8D68-0F2A-0997-165291D1B71E}" = CCC Help Korean
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CA58DD20-49F6-F5F9-A87D-AC2FF5B56BE2}" = CCC Help Russian
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E4487C27-5F10-41BF-95BD-13856FE97CBC}" = Cisco IP Communicator 7.0.3
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EF000E82-0615-8FC0-631C-B120D4D1A618}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5608FF7-17C0-440A-80C7-29C48363BD87}" = Lenovo EasyCamera
"{F6E3D70F-A4FC-53C2-761B-7CE0648A7404}" = Catalyst Control Center Graphics Full New
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fences" = Fences
"Game Booster_is1" = Game Booster
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}" = Lenovo MuteSync
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"KeatProX" = KeatProX 2.1.3.1
"Lenovo SlideNav2" = Lenovo SlideNav
"Lenovo SplitScreen" = Lenovo SplitScreen
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"OpenAL" = OpenAL
"uTorrent" = µTorrent
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2011 1:49:18 PM | Computer Name = nks | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
0xfe4 Faulting application start time: 0x01cbba5cb136c4a3 Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: ef40252e-264f-11e0-8fc2-c80aa9dbdeae

Error - 1/22/2011 1:49:37 PM | Computer Name = nks | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
0x17d8 Faulting application start time: 0x01cbba5cba1cb9ec Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: fa7b93db-264f-11e0-8fc2-c80aa9dbdeae

Error - 1/22/2011 1:49:50 PM | Computer Name = nks | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
0x78 Faulting application start time: 0x01cbba5cc1ab3d2d Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: 02459983-2650-11e0-8fc2-c80aa9dbdeae

Error - 1/22/2011 1:50:00 PM | Computer Name = nks | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
0x16b0 Faulting application start time: 0x01cbba5cc9c8353e Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: 07d3f729-2650-11e0-8fc2-c80aa9dbdeae

Error - 1/22/2011 1:50:19 PM | Computer Name = nks | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b2bd Faulting process id:
0xee0 Faulting application start time: 0x01cbba5cd2f7494f Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: 1372b3c2-2650-11e0-8fc2-c80aa9dbdeae

Error - 1/22/2011 1:50:44 PM | Computer Name = nks | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
0x15d8 Faulting application start time: 0x01cbba5ce43d4a8e Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: 22490c7a-2650-11e0-8fc2-c80aa9dbdeae

Error - 1/22/2011 1:51:23 PM | Computer Name = nks | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b3d3 Faulting process id:
0xb20 Faulting application start time: 0x01cbba5cf80b7d9d Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: 395f8549-2650-11e0-8fc2-c80aa9dbdeae

Error - 1/22/2011 1:51:32 PM | Computer Name = nks | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.50.1.3, time stamp:
0x4d0fe807 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x0003b1c0 Faulting process id:
0xabc Faulting application start time: 0x01cbba5d009865fc Faulting application path:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: 3ea68947-2650-11e0-8fc2-c80aa9dbdeae

Error - 1/22/2011 1:55:03 PM | Computer Name = nks | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc6b7 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b29c Exception code: 0xc0000374 Fault offset: 0x000cdc9b Faulting process
id: 0x7bc Faulting application start time: 0x01cbba5d7d464548 Faulting application
path: C:\windows\SysWOW64\DllHost.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report
Id: bc877a17-2650-11e0-8fc2-c80aa9dbdeae

Error - 1/22/2011 2:07:18 PM | Computer Name = nks | Source = Application Hang | ID = 1002
Description = The program mmc.exe version 6.1.7600.16385 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1454 Start
Time: 01cbba5b8c3d854f Termination Time: 15 Application Path: C:\windows\system32\mmc.exe

Report
Id:

[ Cisco AnyConnect VPN Client Events ]
Error - 1/23/2011 3:41:40 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 1/23/2011 3:41:40 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 1/23/2011 3:52:08 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 1/23/2011 3:52:08 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 1/23/2011 4:00:13 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 1/23/2011 4:00:13 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 1/23/2011 4:13:08 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 1/23/2011 4:13:08 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 1/23/2011 4:41:52 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

Error - 1/23/2011 4:41:52 AM | Computer Name = nks | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available

[ Media Center Events ]
Error - 1/19/2011 12:13:06 PM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 21:42:45 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 1/19/2011 12:13:31 PM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 21:43:27 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 1/19/2011 1:14:27 PM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 22:44:27 - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 1/19/2011 1:15:30 PM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 22:45:09 - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 1/19/2011 1:16:12 PM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 22:45:51 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 1/19/2011 1:16:34 PM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 22:46:33 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 1/20/2011 1:06:26 PM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 22:36:26 - Error connecting to the internet. 22:36:26 - Unable
to contact server..

Error - 1/20/2011 1:06:37 PM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 22:36:32 - Error connecting to the internet. 22:36:32 - Unable
to contact server..

Error - 1/21/2011 10:48:22 AM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 20:18:22 - Error connecting to the internet. 20:18:22 - Unable
to contact server..

Error - 1/21/2011 10:48:32 AM | Computer Name = nks | Source = MCUpdate | ID = 0
Description = 20:18:28 - Error connecting to the internet. 20:18:28 - Unable
to contact server..

[ System Events ]
Error - 1/22/2011 1:37:27 PM | Computer Name = nks | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll


Error - 1/22/2011 1:38:43 PM | Computer Name = nks | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the vpnagent service.

Error - 1/22/2011 1:40:15 PM | Computer Name = nks | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/22/2011 1:40:15 PM | Computer Name = nks | Source = Service Control Manager | ID = 7031
Description = The Intel(R) Management and Security Application Local Management
Service service terminated unexpectedly. It has done this 1 time(s). The following
corrective action will be taken in 10000 milliseconds: Restart the service.

Error - 1/22/2011 1:40:24 PM | Computer Name = nks | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 1/22/2011 1:40:39 PM | Computer Name = nks | Source = Service Control Manager | ID = 7000
Description = The Intel(R) Management and Security Application Local Management
Service service failed to start due to the following error: %%109

Error - 1/22/2011 1:42:23 PM | Computer Name = nks | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%109

Error - 1/22/2011 1:42:23 PM | Computer Name = nks | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2

Error - 1/22/2011 1:42:26 PM | Computer Name = nks | Source = Service Control Manager | ID = 7000
Description = The Intel(R) Management and Security Application Local Management
Service service failed to start due to the following error: %%109

Error - 1/22/2011 1:42:26 PM | Computer Name = nks | Source = Service Control Manager | ID = 7001
Description = The Intel(R) Management & Security Application User Notification Service
service depends on the Intel(R) Management and Security Application Local Management
Service service which failed to start because of the following error: %%109


< End of report >
 
Seems like Avast Antivirus was the problem. After uninstalling it in safe mode, I have not received any further crashes. Thanks a lot. I have been using two antivirus since long, but on 16th, I upgraded the Avast with latest software update and the problem seemed to have started after that.
 
Good :)

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2467260372-2878141997-3226734072-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/01/16 12:52:19 | 000,237,168 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2467260372-2878141997-3226734072-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\SysNative\aswBoot.exe moved successfully.
C:\windows\SysWow64\tmp8D12.tmp deleted successfully.
C:\windows\SysWow64\tmp8D23.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nitesh
->Temp folder emptied: 404145495 bytes
->Temporary Internet Files folder emptied: 8866963 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73279774 bytes
->Google Chrome cache emptied: 12451413 bytes
->Flash cache emptied: 1219 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2596369 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 478.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Nitesh
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.5 log created on 01242011_230102

Files\Folders moved on Reboot...
C:\Users\Nitesh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH9O86V9\ads[3].htm moved successfully.
C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZY9ZGBH\crosspixel-dest[1].htm moved successfully.
C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZY9ZGBH\sh30[1].html moved successfully.
C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4V34XL8B\topic160008[3].html moved successfully.
C:\Users\Nitesh\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Seems like OTL was not able to create restore point.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nitesh
->Temp folder emptied: 680153 bytes
->Temporary Internet Files folder emptied: 20168263 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53537983 bytes
->Google Chrome cache emptied: 8130989 bytes
->Flash cache emptied: 1235 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1943231 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 81.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Nitesh
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.20.5 log created on 01262011_205024

Files\Folders moved on Reboot...
C:\Users\Nitesh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\startupCache\startupCache.8.little moved successfully.
C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\urlclassifier3.sqlite moved successfully.
C:\Users\Nitesh\AppData\Local\Mozilla\Firefox\Profiles\9dh3ri0t.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...
 
I checked the system restore was already turned off. I turned it on.

Thanks a lot for the help. I do not see any problems with my PC now.
 
Status
Not open for further replies.

Similar threads

P
Solved Computer Running Slow -- IObit\ASCDownloader Won't Delete
Replies
15
Views
4K
Broni
Broni
B
  • Locked
Inactive Applications crash randomly
Replies
3
Views
5K
Bobbye
Bobbye
T
Solved Virus scanner is blocked -- zeroaccess found and "cleaned"
2
Replies
48
Views
6K
Broni
Broni

Latest posts

Back