Solved Google Redirect Issue

[oltraff]

Ran it and it rebooted the computer. I don't see a log for it however. I still get the blank screen when Windows boots up. Thanks

 

[Broni]

Re-run OTL "Quick scan" and post its log.

After that, delete your Combofix file, download fresh one and try to run it again.

 

[oltraff]

Found this. Is this the log from the last operation (post #25)? Will run OTL quick scan and ComboFix again shortly.

All processes killed
========== OTL ==========
Process ViewpointService.exe killed successfully!
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\Windows\Updreg.EXE moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swetaswxxx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {A903E5AB-C67E-40FB-94F1-E1305982F6E0}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A903E5AB-C67E-40FB-94F1-E1305982F6E0}\ not found.
Starting removal of ActiveX control {D4003189-95B1-4A2F-9A87-F2B03665960D}
C:\Windows\Downloaded Program Files\vjocx.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Ashish\AppData\Roaming\Arlu folder moved successfully.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG folder moved successfully.
C:\ProgramData\AVG10\update\prepare folder moved successfully.
C:\ProgramData\AVG10\update\download folder moved successfully.
C:\ProgramData\AVG10\update\backup folder moved successfully.
C:\ProgramData\AVG10\update folder moved successfully.
C:\ProgramData\AVG10\Temp folder moved successfully.
C:\ProgramData\AVG10\SetupBackup folder moved successfully.
C:\ProgramData\AVG10\scanlogs folder moved successfully.
C:\ProgramData\AVG10\lsdb\prev folder moved successfully.
C:\ProgramData\AVG10\lsdb folder moved successfully.
C:\ProgramData\AVG10\log\IDP\log folder moved successfully.
C:\ProgramData\AVG10\log\IDP folder moved successfully.
C:\ProgramData\AVG10\log folder moved successfully.
C:\ProgramData\AVG10\IDS\quarantine folder moved successfully.
C:\ProgramData\AVG10\IDS\profile folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\9 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\8 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\7 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\6 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\5 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\4 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\3 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\2 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\1 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox\0 folder moved successfully.
C:\ProgramData\AVG10\IDS\outbox folder moved successfully.
C:\ProgramData\AVG10\IDS\malwareprofile folder moved successfully.
C:\ProgramData\AVG10\IDS\log folder moved successfully.
C:\ProgramData\AVG10\IDS\download folder moved successfully.
C:\ProgramData\AVG10\IDS\config\EN_US folder moved successfully.
C:\ProgramData\AVG10\IDS\config folder moved successfully.
C:\ProgramData\AVG10\IDS folder moved successfully.
C:\ProgramData\AVG10\EMC folder moved successfully.
C:\ProgramData\AVG10\Dumps folder moved successfully.
C:\ProgramData\AVG10\Chjw\e822595b22593034 folder moved successfully.
C:\ProgramData\AVG10\Chjw\8eb45628b45612d7 folder moved successfully.
C:\ProgramData\AVG10\Chjw folder moved successfully.
C:\ProgramData\AVG10\avgam folder moved successfully.
C:\ProgramData\AVG10\Antispam folder moved successfully.
C:\ProgramData\AVG10\admincli folder moved successfully.
C:\ProgramData\AVG10 folder moved successfully.
C:\ProgramData\Norton\NPE folder moved successfully.
C:\ProgramData\Norton folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG\AVG10\PCTuneup folder moved successfully.
C:\Program Files\AVG\AVG10\Icons folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox\Components folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox\Chrome folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox folder moved successfully.
C:\Program Files\AVG\AVG10\3rd_party\licenses folder moved successfully.
C:\Program Files\AVG\AVG10\3rd_party folder moved successfully.
C:\Program Files\AVG\AVG10 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\ProgramData\io.ini moved successfully.
C:\ProgramData\1rphcipg0fz62yxo23ox8gd3li86yuho.ini moved successfully.
C:\Users\Ashish\AppData\Local\Rlekozugi.dat moved successfully.
C:\Users\Ashish\AppData\Local\Rnajevamiku.bin moved successfully.
C:\Windows\System32\drivers\fjkwetbl.sys moved successfully.
C:\Users\Ashish\AppData\Roaming\vqdlkr.dat moved successfully.
C:\Users\Ashish\AppData\Local\J3CVYoQ5 moved successfully.
C:\Users\Ashish\AppData\Roaming\025EE49533BAB044CB74A2A78C0E406A folder moved successfully.
ADS C:\ProgramData\TempFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents folder moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Program Files\Viewpoint\Common folder moved successfully.
C:\Program Files\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ashish
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67177273 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2992 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37756 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb


[EMPTYFLASH]

User: All Users

User: Ashish
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11272010_142039

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[oltraff]

Here's the new OTL quick scan log:

OTL logfile created on: 11/27/2010 2:57:09 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ashish\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 132.91 Gb Free Space | 46.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.28 Gb Free Space | 32.77% Space Free | Partition Type: NTFS

Computer Name: ASHISH-PC | User Name: Ashish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
PRC - [2010/10/31 00:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/31 00:14:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/03 12:54:15 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2007/12/02 23:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/04/16 23:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/09 18:45:27 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/05 13:26:18 | 000,025,936 | ---- | M] (Apple, Inc.) [Auto | Stopped] -- C:\Program Files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exe -- (Apple iPhone Configuration Web Utility)
SRV - [2008/04/03 20:29:26 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/04/03 13:12:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/03 12:54:15 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/15 09:28:20 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/12/02 23:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ashish\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/09/15 15:04:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2008/04/03 20:36:47 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/04/03 20:36:47 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/04/03 20:36:47 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/02 23:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/28 01:40:24 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/28 01:24:16 | 007,620,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/07 04:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007/09/07 04:22:34 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/07 03:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 01:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 01:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 01:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 00:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 00:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/07/16 10:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/04/16 22:44:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/03/21 14:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/06 20:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 18:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 18:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080404
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/06 16:05:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/27 14:20:39 | 000,000,000 | ---D | M]

[2008/06/17 18:59:27 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Extensions
[2010/11/27 02:42:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\extensions
[2010/08/16 22:47:37 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\extensions\vshareus@toolbar
[2010/11/27 02:42:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 01:56:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/03 19:55:51 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/11/27 12:54:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 13:46:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
[2010/11/27 13:33:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/27 13:33:34 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\temp
[2010/11/27 13:27:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/27 12:41:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/27 12:41:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/27 12:41:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/27 12:41:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/27 12:41:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/27 02:47:52 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\Sunbelt Software
[2010/11/27 02:33:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/26 21:16:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 18:21:28 | 000,000,000 | ---D | C] -- C:\Users\Ashish\Desktop\Logs
[2010/11/26 18:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/20 13:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/20 13:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/11 23:03:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/07 19:41:21 | 000,000,000 | ---D | C] -- C:\Users\Ashish\DoctorWeb
[2010/11/06 01:03:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/06 00:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/06 00:48:04 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Users\Ashish\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/05 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\NPE
[2010/11/03 21:27:42 | 006,565,383 | ---- | C] (McAfee Inc.) -- C:\Users\Ashish\Desktop\stinger10101096.exe
[2010/11/03 21:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/31 00:59:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2008/05/31 10:55:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ashish\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/27 14:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/27 14:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000UA.job
[2010/11/27 14:22:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 14:22:06 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 14:22:06 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 14:21:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/27 14:21:51 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 14:21:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
[2010/11/27 13:17:57 | 001,228,013 | ---- | M] () -- C:\Users\Ashish\Desktop\tdsskiller.zip
[2010/11/27 13:06:26 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/27 12:54:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/27 12:45:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000Core.job
[2010/11/27 12:40:47 | 003,910,097 | R--- | M] () -- C:\Users\Ashish\Desktop\ComboFix.exe
[2010/11/27 12:18:28 | 000,080,384 | ---- | M] () -- C:\Users\Ashish\Desktop\MBRCheck.exe
[2010/11/27 12:13:50 | 000,630,272 | ---- | M] () -- C:\Users\Ashish\Desktop\dds.scr
[2010/11/27 12:13:47 | 000,296,448 | ---- | M] () -- C:\Users\Ashish\Desktop\triqxjj5.exe
[2010/11/27 12:12:22 | 000,253,046 | ---- | M] () -- C:\Users\Ashish\AppData\Roaming\nvModes.001
[2010/11/27 11:52:25 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/11/27 02:34:40 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/27 02:34:40 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/27 02:22:14 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job
[2010/11/26 00:49:43 | 000,149,504 | ---- | M] () -- C:\Users\Ashish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/23 21:12:06 | 000,093,571 | ---- | M] () -- C:\Users\Ashish\Desktop\nfl-parity-2010.jpg
[2010/11/22 21:51:09 | 301,514,147 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/18 21:37:00 | 000,016,165 | ---- | M] () -- C:\Users\Ashish\Documents\Publications.docx
[2010/11/14 22:45:20 | 000,000,227 | ---- | M] () -- C:\Users\Ashish\Desktop\Sound - Shortcut.lnk
[2010/11/13 16:50:46 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/11/09 22:11:04 | 000,002,049 | ---- | M] () -- C:\Users\Ashish\Desktop\Google Chrome.lnk
[2010/11/09 22:11:04 | 000,002,011 | ---- | M] () -- C:\Users\Ashish\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/09 21:36:14 | 000,023,214 | ---- | M] () -- C:\Users\Ashish\Documents\Resume.docx
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 19:57:32 | 000,001,356 | ---- | M] () -- C:\Users\Ashish\AppData\Local\d3d9caps.dat
[2010/11/07 19:05:32 | 000,145,656 | ---- | M] () -- C:\Users\Ashish\AppData\Local\prvlcl.dat
[2010/11/06 00:48:12 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Users\Ashish\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/05 23:49:42 | 000,001,508 | ---- | M] () -- C:\Users\Ashish\AppData\Roaming\SMRResults130.dat
[2010/11/03 23:25:23 | 000,000,017 | ---- | M] () -- C:\Users\Ashish\Desktop\stinger10101096.opt
[2010/11/03 23:21:05 | 000,079,968 | ---- | M] () -- C:\Users\Ashish\Desktop\Heat.Jazz Tickets 11.9.10.pdf
[2010/11/03 21:28:17 | 006,565,383 | ---- | M] (McAfee Inc.) -- C:\Users\Ashish\Desktop\stinger10101096.exe
[2010/10/31 21:45:45 | 000,079,978 | ---- | M] () -- C:\Users\Ashish\Desktop\Heat.Celtics Tickets 11.11.10.pdf

========== Files Created - No Company Name ==========

[2010/11/27 12:41:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/27 12:41:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/27 12:41:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/27 12:41:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/27 12:41:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/27 12:40:40 | 003,910,097 | R--- | C] () -- C:\Users\Ashish\Desktop\ComboFix.exe
[2010/11/27 12:18:28 | 000,080,384 | ---- | C] () -- C:\Users\Ashish\Desktop\MBRCheck.exe
[2010/11/27 12:13:49 | 000,630,272 | ---- | C] () -- C:\Users\Ashish\Desktop\dds.scr
[2010/11/27 12:13:34 | 000,296,448 | ---- | C] () -- C:\Users\Ashish\Desktop\triqxjj5.exe
[2010/11/26 23:20:49 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/23 21:12:06 | 000,093,571 | ---- | C] () -- C:\Users\Ashish\Desktop\nfl-parity-2010.jpg
[2010/11/14 22:45:20 | 000,000,227 | ---- | C] () -- C:\Users\Ashish\Desktop\Sound - Shortcut.lnk
[2010/11/09 21:40:54 | 000,016,165 | ---- | C] () -- C:\Users\Ashish\Documents\Publications.docx
[2010/11/07 19:05:31 | 000,145,656 | ---- | C] () -- C:\Users\Ashish\AppData\Local\prvlcl.dat
[2010/11/06 00:25:33 | 001,228,013 | ---- | C] () -- C:\Users\Ashish\Desktop\tdsskiller.zip
[2010/11/05 23:49:42 | 000,001,508 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\SMRResults130.dat
[2010/11/03 23:25:23 | 000,000,017 | ---- | C] () -- C:\Users\Ashish\Desktop\stinger10101096.opt
[2010/11/03 23:21:05 | 000,079,968 | ---- | C] () -- C:\Users\Ashish\Desktop\Heat.Jazz Tickets 11.9.10.pdf
[2010/10/31 21:45:45 | 000,079,978 | ---- | C] () -- C:\Users\Ashish\Desktop\Heat.Celtics Tickets 11.11.10.pdf
[2010/08/29 16:29:24 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/07/14 22:58:40 | 000,000,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/02 22:38:18 | 000,000,036 | ---- | C] () -- C:\Users\Ashish\AppData\Local\housecall.guid.cache
[2010/03/08 22:47:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2009/10/31 20:48:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2008/12/31 18:20:59 | 000,001,356 | ---- | C] () -- C:\Users\Ashish\AppData\Local\d3d9caps.dat
[2008/05/31 10:56:38 | 000,001,036 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\vso_ts_preview.xml
[2008/05/31 10:56:00 | 000,000,034 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.log
[2008/05/31 10:55:41 | 000,007,887 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.cat
[2008/05/31 10:55:41 | 000,001,144 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.inf
[2008/04/09 20:22:50 | 000,253,046 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\nvModes.001
[2008/04/09 18:55:28 | 000,149,504 | ---- | C] () -- C:\Users\Ashish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/09 18:34:35 | 000,253,046 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\nvModes.dat
[2008/04/03 20:37:11 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/04/03 20:37:10 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/03 13:10:10 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/04/03 12:56:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/04/03 12:55:08 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/04/03 12:55:07 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/04/03 12:55:07 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/07/16 10:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/10/28 16:42:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

========== LOP Check ==========

[2010/11/10 01:56:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\.BitTornado
[2008/04/13 18:58:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Azureus
[2010/05/24 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\com.adobe.example.NISDesktopAlerts.8B84194D4D9FFDB4F2F41B07D0F160207BFE7624.1
[2008/09/07 10:13:42 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2010/10/16 09:11:43 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Esiz
[2010/10/16 10:02:47 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Ginad
[2010/06/27 23:03:16 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Ginai
[2009/02/13 20:21:52 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Gleim
[2010/06/03 06:54:55 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Hounva
[2010/03/26 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Opera
[2010/06/24 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Pacayv
[2008/09/08 19:21:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\PDFCreator
[2010/05/29 19:43:36 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\StreamTorrent
[2010/07/26 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\tmp
[2010/08/11 22:52:00 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Vso
[2010/11/27 14:21:00 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/27 02:22:14 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job

========== Purity Check ==========



< End of report >

 

[oltraff]

Here's the ComboFix log:

ComboFix 10-11-26.07 - Ashish 11/27/2010 15:14:27.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3581.2672 [GMT -5:00]
Running from: c:\users\Ashish\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

--------

.
((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 20:18 . 2010-11-27 20:18 -------- d-----w- c:\users\Ashish\AppData\Local\temp
2010-11-27 07:47 . 2010-11-27 07:47 -------- d-----w- c:\users\Ashish\AppData\Local\Sunbelt Software
2010-11-27 07:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EE14487-3D27-40F9-8575-B5BF69ECAA20}\mpengine.dll
2010-11-26 23:00 . 2010-11-26 23:00 -------- d-----w- c:\program files\ESET
2010-11-20 18:38 . 2010-11-20 18:38 -------- d-----w- c:\programdata\Avira
2010-11-20 18:38 . 2010-11-20 18:38 -------- d-----w- c:\program files\Avira
2010-11-12 04:03 . 2010-11-12 04:03 -------- d-----w- C:\_OTL
2010-11-08 00:41 . 2010-11-08 01:31 -------- d-----w- c:\users\Ashish\DoctorWeb
2010-11-06 06:03 . 2010-11-06 06:03 -------- d--h--w- c:\programdata\Common Files
2010-11-06 05:48 . 2010-11-06 05:58 -------- d-----w- c:\programdata\MFAData
2010-11-06 04:39 . 2010-11-06 04:49 -------- d-----w- c:\users\Ashish\AppData\Local\NPE
2010-11-04 02:20 . 2010-09-15 08:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-04 02:20 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 05:59 . 2010-11-13 21:50 12872 ----a-w- c:\windows\system32\bootdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-27 18:06 . 2010-08-29 21:29 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-19 15:41 . 2010-06-14 05:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-07-09 23:45 . 2010-07-09 23:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 68856]
"Google Update"="c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-22 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-04 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-03 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-28 81920]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2010-09-24 237408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-4-13 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 Apple iPhone Configuration Web Utility;Apple iPhone Configuration Web Utility;c:\program files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exe [2008-07-05 25936]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-09 30192]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:16]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:16]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000Core.job
- c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 02:01]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000UA.job
- c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 02:01]

2010-11-27 c:\windows\Tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080404
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Ashish\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
SafeBoot-klmdb.sys
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 15:18
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-27 15:21:04
ComboFix-quarantined-files.txt 2010-11-27 20:20

Pre-Run: 142,700,777,472 bytes free
Post-Run: 142,626,607,104 bytes free

- - End Of File - - 8D029925A9236B0E9AE410772F7E9C00

 

[Broni]

Cool

Combofix log looks good.

How is computer doing....before we go any farther?

 

[oltraff]

I'm still navigating through the task manager (desktop still a blank screen)

 

[Broni]

What will happen if you use "New task", type in:
explorer.exe
and click OK?
Will this bring your desktop back?

 

[oltraff]

I get the Error box titled "explorer.exe - Ordinal Not Found" In the box it says "The ordinal 874 could not be located in the dynamic link library SHELL32.dll"

 

[Broni]

Re-run OTL.

Use the following settings:

• Check Scan All Users.
• For Processes choose none.
• For Modules choose none.
• For Services choose none.
• For Drivers choose none.
• For Standard Registry choose none.
• For Extra Registry choose none.
• For Files Created Within choose none.
• For Files Modified Within choose none.
• Under Custom Scans/Fixes paste:

/md5start
SHELL32.dll
/md5stop

• Finally hit Run Scan and wait for the log to open.
• Please post the content of the log into your next reply.

 

[oltraff]

Here's the OTL Log. Thanks

OTL logfile created on: 11/27/2010 4:03:33 PM - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ashish\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 132.87 Gb Free Space | 46.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.28 Gb Free Space | 32.77% Space Free | Partition Type: NTFS

Computer Name: ASHISH-PC | User Name: Ashish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: SHELL32.DLL >
[2006/11/02 04:46:13 | 011,314,688 | ---- | M] (Microsoft Corporation) MD5=0A8317FF6D77DA369C34F88693373A6C -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16386_none_69f268e21510dceb\shell32.dll
[2008/01/19 02:36:10 | 011,580,416 | ---- | M] (Microsoft Corporation) MD5=33E9CE9110597F1A47BA18B96EAFA6FA -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18000_none_6c292ade11fbedbf\shell32.dll
[2008/04/23 23:40:28 | 011,319,808 | ---- | M] (Microsoft Corporation) MD5=3D58E32AA9A5C7F408D97675C81C9AED -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll
[2008/11/06 07:59:27 | 011,582,976 | ---- | M] (Microsoft Corporation) MD5=4A21B11997C1F14D8707C8C501CA59A7 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll
[2008/11/06 07:59:14 | 011,320,832 | ---- | M] (Microsoft Corporation) MD5=4F72C8F593AAB1B83FB5D62CBFBB51F9 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll
[2008/11/06 08:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation) MD5=5D62692EEB77E32F67A966F1BDEB551B -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll
[2008/04/23 23:58:20 | 011,580,416 | ---- | M] (Microsoft Corporation) MD5=61509AF47F663A6EA941492ED181D60C -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll
[2008/04/03 20:34:30 | 011,315,200 | ---- | M] (Microsoft Corporation) MD5=7BA541CD1EAFB4D38DBA594FCF611A62 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20628_none_6abee9952dfc020b\shell32.dll
[2008/04/23 23:45:45 | 011,581,440 | ---- | M] (Microsoft Corporation) MD5=82A0A2AB2C637C11F28C1E37F76A284E -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll
[2008/04/03 20:34:29 | 011,315,200 | ---- | M] (Microsoft Corporation) MD5=AF54933386F459CEC04AC91C49423B25 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll
[2008/04/23 23:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation) MD5=FF37AF2D5DCAFC00BC46AF07B53699B0 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll
[2008/11/06 07:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shell32.dll
[2008/11/06 07:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll

< End of report >

 

[Broni]

OK. I can see the issue....
See, if we can fix it.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll | C:\Windows\System32\shell32.dll

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[oltraff]

Here's the ComboFix log:

ComboFix 10-11-27.01 - Ashish 11/27/2010 16:22:38.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3581.2485 [GMT -5:00]
Running from: c:\users\Ashish\Desktop\ComboFix.exe
Command switches used :: c:\users\Ashish\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll --> c:\windows\System32\shell32.dll
.
((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 21:25 . 2010-11-27 21:25 -------- d-----w- c:\users\Ashish\AppData\Local\temp
2010-11-27 21:25 . 2010-11-27 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-27 07:47 . 2010-11-27 07:47 -------- d-----w- c:\users\Ashish\AppData\Local\Sunbelt Software
2010-11-27 07:24 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EE14487-3D27-40F9-8575-B5BF69ECAA20}\mpengine.dll
2010-11-26 23:00 . 2010-11-26 23:00 -------- d-----w- c:\program files\ESET
2010-11-20 18:38 . 2010-11-20 18:38 -------- d-----w- c:\programdata\Avira
2010-11-20 18:38 . 2010-11-20 18:38 -------- d-----w- c:\program files\Avira
2010-11-12 04:03 . 2010-11-12 04:03 -------- d-----w- C:\_OTL
2010-11-08 00:41 . 2010-11-08 01:31 -------- d-----w- c:\users\Ashish\DoctorWeb
2010-11-06 06:03 . 2010-11-06 06:03 -------- d--h--w- c:\programdata\Common Files
2010-11-06 05:48 . 2010-11-06 05:58 -------- d-----w- c:\programdata\MFAData
2010-11-06 04:39 . 2010-11-06 04:49 -------- d-----w- c:\users\Ashish\AppData\Local\NPE
2010-11-04 02:20 . 2010-09-15 08:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-04 02:20 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 05:59 . 2010-11-13 21:50 12872 ----a-w- c:\windows\system32\bootdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-27 18:06 . 2010-08-29 21:29 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-19 15:41 . 2010-06-14 05:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-07-09 23:45 . 2010-07-09 23:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 68856]
"Google Update"="c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-22 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-04 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-03 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-28 81920]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2010-09-24 237408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-4-13 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 Apple iPhone Configuration Web Utility;Apple iPhone Configuration Web Utility;c:\program files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exe [2008-07-05 25936]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-09 30192]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:16]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 21:16]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000Core.job
- c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 02:01]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000UA.job
- c:\users\Ashish\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-22 02:01]

2010-11-27 c:\windows\Tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080404
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Ashish\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Ashish\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 16:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-27 16:26:59
ComboFix-quarantined-files.txt 2010-11-27 21:26
ComboFix2.txt 2010-11-27 20:21

Pre-Run: 142,650,925,056 bytes free
Post-Run: 142,605,721,600 bytes free

- - End Of File - - 759BB8C6BFB44624B4BE254A4E9A7F53

 

[Broni]

Is your desktop back?

 

[oltraff]

Nope, it's still blank. I get the same error when I type in explorer.exe as a new task.

 

[Broni]

Re-run OTL...

Use the following settings:

• Check Scan All Users.
• For Processes choose none.
• For Modules choose none.
• For Services choose none.
• For Drivers choose none.
• For Standard Registry choose none.
• For Extra Registry choose none.
• For Files Created Within choose none.
• For Files Modified Within choose none.
• Under Custom Scans/Fixes paste:

/md5start
shell32.dll
wininit.exe
winlogon.exe
explorer.exe
/md5stop

• Finally hit Run Scan and wait for the log to open.
• Please post the content of the log into your next reply.

 

[oltraff]

Here's the OTL log: Thanks

OTL logfile created on: 11/27/2010 4:39:24 PM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ashish\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 132.86 Gb Free Space | 46.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.28 Gb Free Space | 32.77% Space Free | Partition Type: NTFS

Computer Name: ASHISH-PC | User Name: Ashish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/04/03 20:28:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/04/03 20:28:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SHELL32.DLL >
[2006/11/02 04:46:13 | 011,314,688 | ---- | M] (Microsoft Corporation) MD5=0A8317FF6D77DA369C34F88693373A6C -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16386_none_69f268e21510dceb\shell32.dll
[2008/01/19 02:36:10 | 011,580,416 | ---- | M] (Microsoft Corporation) MD5=33E9CE9110597F1A47BA18B96EAFA6FA -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18000_none_6c292ade11fbedbf\shell32.dll
[2008/04/23 23:40:28 | 011,319,808 | ---- | M] (Microsoft Corporation) MD5=3D58E32AA9A5C7F408D97675C81C9AED -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll
[2008/11/06 07:59:27 | 011,582,976 | ---- | M] (Microsoft Corporation) MD5=4A21B11997C1F14D8707C8C501CA59A7 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll
[2008/11/06 07:59:14 | 011,320,832 | ---- | M] (Microsoft Corporation) MD5=4F72C8F593AAB1B83FB5D62CBFBB51F9 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll
[2008/11/06 08:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation) MD5=5D62692EEB77E32F67A966F1BDEB551B -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll
[2008/04/23 23:58:20 | 011,580,416 | ---- | M] (Microsoft Corporation) MD5=61509AF47F663A6EA941492ED181D60C -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll
[2008/04/03 20:34:30 | 011,315,200 | ---- | M] (Microsoft Corporation) MD5=7BA541CD1EAFB4D38DBA594FCF611A62 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20628_none_6abee9952dfc020b\shell32.dll
[2008/04/23 23:45:45 | 011,581,440 | ---- | M] (Microsoft Corporation) MD5=82A0A2AB2C637C11F28C1E37F76A284E -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll
[2008/04/03 20:34:29 | 011,315,200 | ---- | M] (Microsoft Corporation) MD5=AF54933386F459CEC04AC91C49423B25 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16513_none_6a3b1b4414dac79d\shell32.dll
[2008/04/23 23:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation) MD5=FF37AF2D5DCAFC00BC46AF07B53699B0 -- C:\Windows\System32\shell32.dll
[2008/04/23 23:51:39 | 011,315,712 | ---- | M] (Microsoft Corporation) MD5=FF37AF2D5DCAFC00BC46AF07B53699B0 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll
[2008/11/06 07:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll

< MD5 for: WININIT.EXE >
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2006/11/02 04:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\ERDNT\cache\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >

 

[Broni]

Hmmm.....all looks good now...

Post fresh OTL "Quick scan" without any custom codes.

 

[oltraff]

Here it is:

OTL logfile created on: 11/27/2010 4:54:56 PM - Run 7
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Ashish\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.51 Gb Total Space | 132.86 Gb Free Space | 46.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.28 Gb Free Space | 32.77% Space Free | Partition Type: NTFS

Computer Name: ASHISH-PC | User Name: Ashish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
PRC - [2010/10/31 00:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/31 00:14:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/03 12:54:15 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2007/12/02 23:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/04/16 23:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/09 18:45:27 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/05 13:26:18 | 000,025,936 | ---- | M] (Apple, Inc.) [Auto | Stopped] -- C:\Program Files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exe -- (Apple iPhone Configuration Web Utility)
SRV - [2008/04/03 20:29:26 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/04/03 13:12:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/03 12:54:15 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/15 09:28:20 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/12/02 23:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Ashish\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/09/15 15:04:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2008/04/03 20:36:47 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/04/03 20:36:47 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/04/03 20:36:47 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/02 23:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/28 01:40:24 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/28 01:24:16 | 007,620,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/07 04:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007/09/07 04:22:34 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/07 03:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 01:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 01:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 01:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 00:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 00:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/07/16 10:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/04/16 22:44:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/03/21 14:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/06 20:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 18:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 18:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080404
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/06 16:05:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/27 14:20:39 | 000,000,000 | ---D | M]

[2008/06/17 18:59:27 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Extensions
[2010/11/27 02:42:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\extensions
[2010/08/16 22:47:37 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Mozilla\Firefox\Profiles\y7md83ls.default\extensions\vshareus@toolbar
[2010/11/27 02:42:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 01:56:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/03 19:55:51 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/11/27 12:54:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MFARestart] C:\ProgramData\MFAData\pack\avgrunasx.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Black.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 16:27:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/27 16:27:01 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\temp
[2010/11/27 13:46:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
[2010/11/27 12:41:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/27 12:41:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/27 12:41:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/27 12:41:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/27 12:41:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/27 02:47:52 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\Sunbelt Software
[2010/11/27 02:33:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/26 21:16:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 18:21:28 | 000,000,000 | ---D | C] -- C:\Users\Ashish\Desktop\Logs
[2010/11/26 18:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/20 13:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/20 13:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/11 23:03:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/07 19:41:21 | 000,000,000 | ---D | C] -- C:\Users\Ashish\DoctorWeb
[2010/11/06 01:03:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/06 00:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/06 00:48:04 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Users\Ashish\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/05 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\Ashish\AppData\Local\NPE
[2010/11/03 21:27:42 | 006,565,383 | ---- | C] (McAfee Inc.) -- C:\Users\Ashish\Desktop\stinger10101096.exe
[2010/11/03 21:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/31 00:59:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2008/05/31 10:55:41 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ashish\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/27 16:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000UA.job
[2010/11/27 16:22:00 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 16:22:00 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 16:20:14 | 003,981,232 | R--- | M] () -- C:\Users\Ashish\Desktop\ComboFix.exe
[2010/11/27 15:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/27 14:22:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 14:21:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/27 14:21:51 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 14:21:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/27 13:46:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ashish\Desktop\OTL.exe
[2010/11/27 13:17:57 | 001,228,013 | ---- | M] () -- C:\Users\Ashish\Desktop\tdsskiller.zip
[2010/11/27 13:06:26 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/27 12:54:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/27 12:45:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2160984431-3788846443-898008396-1000Core.job
[2010/11/27 12:18:28 | 000,080,384 | ---- | M] () -- C:\Users\Ashish\Desktop\MBRCheck.exe
[2010/11/27 12:13:50 | 000,630,272 | ---- | M] () -- C:\Users\Ashish\Desktop\dds.scr
[2010/11/27 12:13:47 | 000,296,448 | ---- | M] () -- C:\Users\Ashish\Desktop\triqxjj5.exe
[2010/11/27 12:12:22 | 000,253,046 | ---- | M] () -- C:\Users\Ashish\AppData\Roaming\nvModes.001
[2010/11/27 11:52:25 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/11/27 02:34:40 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/27 02:34:40 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/27 02:22:14 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job
[2010/11/26 00:49:43 | 000,149,504 | ---- | M] () -- C:\Users\Ashish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/23 21:12:06 | 000,093,571 | ---- | M] () -- C:\Users\Ashish\Desktop\nfl-parity-2010.jpg
[2010/11/22 21:51:09 | 301,514,147 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/18 21:37:00 | 000,016,165 | ---- | M] () -- C:\Users\Ashish\Documents\Publications.docx
[2010/11/14 22:45:20 | 000,000,227 | ---- | M] () -- C:\Users\Ashish\Desktop\Sound - Shortcut.lnk
[2010/11/13 16:50:46 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/11/09 22:11:04 | 000,002,049 | ---- | M] () -- C:\Users\Ashish\Desktop\Google Chrome.lnk
[2010/11/09 22:11:04 | 000,002,011 | ---- | M] () -- C:\Users\Ashish\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/09 21:36:14 | 000,023,214 | ---- | M] () -- C:\Users\Ashish\Documents\Resume.docx
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 19:57:32 | 000,001,356 | ---- | M] () -- C:\Users\Ashish\AppData\Local\d3d9caps.dat
[2010/11/07 19:05:32 | 000,145,656 | ---- | M] () -- C:\Users\Ashish\AppData\Local\prvlcl.dat
[2010/11/06 00:48:12 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Users\Ashish\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/05 23:49:42 | 000,001,508 | ---- | M] () -- C:\Users\Ashish\AppData\Roaming\SMRResults130.dat
[2010/11/03 23:25:23 | 000,000,017 | ---- | M] () -- C:\Users\Ashish\Desktop\stinger10101096.opt
[2010/11/03 23:21:05 | 000,079,968 | ---- | M] () -- C:\Users\Ashish\Desktop\Heat.Jazz Tickets 11.9.10.pdf
[2010/11/03 21:28:17 | 006,565,383 | ---- | M] (McAfee Inc.) -- C:\Users\Ashish\Desktop\stinger10101096.exe
[2010/10/31 21:45:45 | 000,079,978 | ---- | M] () -- C:\Users\Ashish\Desktop\Heat.Celtics Tickets 11.11.10.pdf

========== Files Created - No Company Name ==========

[2010/11/27 15:08:08 | 003,981,232 | R--- | C] () -- C:\Users\Ashish\Desktop\ComboFix.exe
[2010/11/27 12:41:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/27 12:41:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/27 12:41:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/27 12:41:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/27 12:41:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/27 12:18:28 | 000,080,384 | ---- | C] () -- C:\Users\Ashish\Desktop\MBRCheck.exe
[2010/11/27 12:13:49 | 000,630,272 | ---- | C] () -- C:\Users\Ashish\Desktop\dds.scr
[2010/11/27 12:13:34 | 000,296,448 | ---- | C] () -- C:\Users\Ashish\Desktop\triqxjj5.exe
[2010/11/26 23:20:49 | 3756,064,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/23 21:12:06 | 000,093,571 | ---- | C] () -- C:\Users\Ashish\Desktop\nfl-parity-2010.jpg
[2010/11/14 22:45:20 | 000,000,227 | ---- | C] () -- C:\Users\Ashish\Desktop\Sound - Shortcut.lnk
[2010/11/09 21:40:54 | 000,016,165 | ---- | C] () -- C:\Users\Ashish\Documents\Publications.docx
[2010/11/07 19:05:31 | 000,145,656 | ---- | C] () -- C:\Users\Ashish\AppData\Local\prvlcl.dat
[2010/11/06 00:25:33 | 001,228,013 | ---- | C] () -- C:\Users\Ashish\Desktop\tdsskiller.zip
[2010/11/05 23:49:42 | 000,001,508 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\SMRResults130.dat
[2010/11/03 23:25:23 | 000,000,017 | ---- | C] () -- C:\Users\Ashish\Desktop\stinger10101096.opt
[2010/11/03 23:21:05 | 000,079,968 | ---- | C] () -- C:\Users\Ashish\Desktop\Heat.Jazz Tickets 11.9.10.pdf
[2010/10/31 21:45:45 | 000,079,978 | ---- | C] () -- C:\Users\Ashish\Desktop\Heat.Celtics Tickets 11.11.10.pdf
[2010/08/29 16:29:24 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/07/14 22:58:40 | 000,000,885 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/02 22:38:18 | 000,000,036 | ---- | C] () -- C:\Users\Ashish\AppData\Local\housecall.guid.cache
[2010/03/08 22:47:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2009/10/31 20:48:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2008/12/31 18:20:59 | 000,001,356 | ---- | C] () -- C:\Users\Ashish\AppData\Local\d3d9caps.dat
[2008/05/31 10:56:38 | 000,001,036 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\vso_ts_preview.xml
[2008/05/31 10:56:00 | 000,000,034 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.log
[2008/05/31 10:55:41 | 000,007,887 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.cat
[2008/05/31 10:55:41 | 000,001,144 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\pcouffin.inf
[2008/04/09 20:22:50 | 000,253,046 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\nvModes.001
[2008/04/09 18:55:28 | 000,149,504 | ---- | C] () -- C:\Users\Ashish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/09 18:34:35 | 000,253,046 | ---- | C] () -- C:\Users\Ashish\AppData\Roaming\nvModes.dat
[2008/04/03 20:37:11 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/04/03 20:37:10 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/03 13:10:10 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/04/03 12:56:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/04/03 12:55:08 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/04/03 12:55:07 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/04/03 12:55:07 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/07/16 10:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/10/28 16:42:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

========== LOP Check ==========

[2010/11/10 01:56:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\.BitTornado
[2008/04/13 18:58:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Azureus
[2010/05/24 21:58:07 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\com.adobe.example.NISDesktopAlerts.8B84194D4D9FFDB4F2F41B07D0F160207BFE7624.1
[2008/09/07 10:13:42 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2010/10/16 09:11:43 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Esiz
[2010/10/16 10:02:47 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Ginad
[2010/06/27 23:03:16 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Ginai
[2009/02/13 20:21:52 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Gleim
[2010/06/03 06:54:55 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Hounva
[2010/03/26 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Opera
[2010/06/24 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Pacayv
[2008/09/08 19:21:35 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\PDFCreator
[2010/05/29 19:43:36 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\StreamTorrent
[2010/07/26 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\tmp
[2010/08/11 22:52:00 | 000,000,000 | ---D | M] -- C:\Users\Ashish\AppData\Roaming\Vso
[2010/11/27 14:21:00 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/27 02:22:14 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A4B73A2F-2A3B-47BA-A4BC-52146962777B}.job

========== Purity Check ==========



< End of report >

 

[Broni]

All looks very normal.

See, if this will help: http://www.spywareinfoforum.com/index.php?showtopic=47228&view=findpost&p=227741
Disregard lower half of that post, where talking about HJT.

 

[oltraff]

I only have cqw32.exe, DIINXOptions, IEInstal.exe, and wpwin8.EXE under Image File Execution Options. Thanks

 

[Broni]

Try to create new profile with admin rights and see, if desktop is OK there.

 

[oltraff]

I'm having difficulty opening the control panel from the task manager to add a user. Typing in control.exe in New Task gives me the same ordinal not found error.

 

[Broni]

Use this command: CONTROL USERPASSWORDS

 

[oltraff]

I get the ordinal error after typing in CONTROL USERPASSWORDS as well.