Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vista Smart Security 2010 : Virus, Malware [Solved]

Started by shishirgupta77 , Apr 05 2010 02:47 PM

This topic is locked

#1
shishirgupta77

Posted 05 April 2010 - 02:47 PM

Member

Member
19 posts

Hi all,

I have similar problem as below link:
http://www.geekstogo...en-t273062.html
I got an warning from Vista Smart Security 2010 that my computer is infected and I got list of below virus:

Email-Worm.JS.Gigger
IM-Worm.Win32.Kelvir.k
BWME.Twelve.1378
Devices.2000
IRC-Worm.DOS.Septic
IRC-Worm.DOS.Loa
P2P-Worm.Win32.Duload.a
Happy_II.506
Joke.1068
P2P-Worm.Win32.Duload.a

Lemena.3544
Kot.b
EICAR-Test-File
Virus.Boot-DOS.V.1526
Macro.Visio.Radiant
Virus.BAT.8Fish
Trojan-Clicker.Win32.Small.k
Trojan-Clicker-Spy.HTML.Bankfraud
DoS.Win32.DieWar
Exploit.CodeBaseExec
Trojan-Spy.HTML.Bankfraud
Trojan-Proxy.Win32.Agent.x
Email-Worm.VBC.Peach
Virus.Boot-DOS.V.1536"
Macro.PPoint.shapeshift
Backdoor.Perl.AEI.16
Trojan-SMS.J2ME.RedBrows

Issue is that I cannot even log on properly. After giving my user password, I can only see one folder and nothing more. No program menu, no desktop, nothing. I only see warning signs asking me to get full version of the security. Cannot go to internet as it results in many different screens popping up. I wanted to follow the instructions given on http://www.geekstogo...uide-t2852.html. However unable to open any internet browsers. Please advice. I will really appreciate your help.

Shishir

#2
Essexboy

Posted 05 April 2010 - 03:47 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi do you have access to another computer that you could use to burn a CD ? If so

OK this file is big about 276.7Mb, print these instruction out so that you know what you are doing

File details
Bytes - 290,236,416
MB - 276.7
MD5 - 3BD19DB0ADB880A39DD80C704CB907D0

Two programmes to download

First

ISOBurner this will allow you to burn OTLPE.iso to a CD and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions Only required if you do not have a CD burining programme

Second

Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7Mb in size so it may take some time to download.
When downloaded double click and this will then open ISOBurner to burn the file to CD
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
Double-click on the OTLPE icon.
Select the Windows folder of the infected drive if it asks for a location
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Drag and drop this attached scan.txt into the Custom scans and fixes box
[attachment=40624:scan.txt]
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system.
Right click the file and select send to : select the USB drive.
Confirm that it has copied to the USB drive by selecting it
You can backup any files that you wish from this OS
Please post the contents of the C:\OTL.txt file in your reply.

#3
shishirgupta77

Posted 05 April 2010 - 04:47 PM

Member

Topic Starter
Member
19 posts

Hello,

While I was waiting for reply. I somehow managed to run my antivirus. It found 68 viruses and after the restart I could see the desktop. I used another computer to download TFC, ERUNT, MBAM, GMER and OTL. Used the memory stick to install the program on infected computer. Here is the results till now:

TFC: Could not run
ERUNT: Did run however could only back up 6 out of 9 files.
MBAM: Could install and run. 38 infections found. I removed them as instructed.

WIN32.VIRTOB is the virus name indicated. I could not open the MBAM again to get the log file and no log file was automatically created when I finished the remove selected.

OTL: Trying to generate the log file now. It is running and taking a lot of time. Waiting for almost an hour...Doing some manual file scan.

I guess your previous instruction might not be needed any more. Will post the log as soon as I get them.

Thanks for your help.

Shishir

#4
shishirgupta77

Posted 05 April 2010 - 05:30 PM

Member

Topic Starter
Member
19 posts

Here are the OTL logs (two of them, Extra and OTL):

OTL Extras logfile created on: 06/04/2010 00:25:11 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\shishirgupta77\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.80 Gb Total Space | 56.85 Gb Free Space | 31.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.97 Gb Total Space | 1.85 Gb Free Space | 94.16% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHISHIRGUPTA-PC
Current User Name: shishirgupta77
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- C:\Program Files\Net Protector 2010\ZVScan\EXECSCAN.EXE ()
.com [@ = comfile] -- C:\Program Files\Net Protector 2010\ZVScan\EXECSCAN.EXE ()
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- C:\Program Files\Net Protector 2010\ZVScan\EXECSCAN.EXE ()
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- C:\Program Files\Net Protector 2010\ZVScan\EXECSCAN.EXE ()
.scr [@ = scrfile] -- C:\Program Files\Net Protector 2010\ZVScan\EXECSCAN.EXE ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %* ()
cmdfile [open] -- "%1" %*
comfile [open] -- C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %* ()
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %* ()
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %* ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" /S ()
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [ZERO-V] -- C:\Program Files\Net Protector 2010\ZVScan\RunScan.exe %1 (Biz Secure Labs Pvt Ltd.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"UacDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\" = C:\Windows\system\svchost.exe:*:Enabled:KL -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{100302C0-BD19-4B29-9383-7650CABD4419}" = lport=50641 | protocol=6 | dir=in | name=akamai netsession interface |
"{AD753781-2EA0-4D42-B853-B57992E8899F}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{BABCE7F1-48D0-4DF6-9D5B-C461A374ABC3}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A529E3-78C8-41DF-A7FC-095E831774E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{152237F1-5694-43C4-8848-5DF4EBF32B06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{32A9F6F9-80B7-405C-B0D1-AFE569C4445D}" = protocol=17 | dir=in | app=c:\users\shishirgupta77\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{368FE1D8-E2A3-44FB-BBDD-0C5E32C96BE8}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3EE9859D-6B0A-4602-8359-D265F76CF13B}" = protocol=17 | dir=in | app=c:\users\shishirgupta77\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6CE39E1F-DF11-4DF7-9E9F-19E34F03E402}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{794FCE45-F438-414E-95D5-FDBB3AF6139D}" = protocol=6 | dir=in | app=c:\users\shishirgupta77\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{7C5E216F-C13B-4219-A86E-EC7B76F64453}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95061044-B457-4C64-962B-696013C62DBD}" = protocol=17 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{A3A44125-BEFC-4BCA-91C2-CFA2FEF12BA0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A9A3C76A-6DF3-446A-B984-41B9E0C6EACC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ABA51493-2D3F-4F4E-A5EC-ED695C12709C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B85CE150-26C0-479D-91C1-D8B32FB3B7DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BCDD9BAE-C118-4B4D-BC8D-6CDED050713C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BEDFF169-4DFE-4630-AF9B-C23746DE33F9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C248B102-CD65-46A9-969F-A14525A05F98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CD1E98EA-D6A3-428A-A321-CB0D9C55BC33}" = protocol=6 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{EB49E562-24B7-4E98-9B7F-884DCDEDB9C7}" = protocol=6 | dir=in | app=c:\users\shishirgupta77\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{0291A992-AF13-43F7-80D5-8EA7112C6393}C:\users\shishirgupta77\appdata\local\temp\khvcol.exe" = protocol=6 | dir=in | app=c:\users\shishirgupta77\appdata\local\temp\khvcol.exe |
"TCP Query User{2E3565CC-AEF9-40FF-8E23-8E2CCED7DD2A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{40FA6CE5-1839-4410-9F06-CA42A4C9C28B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{FE86E73F-2E09-4159-BC7F-F68845D7C6BA}C:\users\shishirgupta77\appdata\local\temp\khvcol.exe" = protocol=6 | dir=in | app=c:\users\shishirgupta77\appdata\local\temp\khvcol.exe |
"UDP Query User{838D906E-3047-4C67-BC30-53C769B8D389}C:\users\shishirgupta77\appdata\local\temp\khvcol.exe" = protocol=17 | dir=in | app=c:\users\shishirgupta77\appdata\local\temp\khvcol.exe |
"UDP Query User{9A395CF8-1303-440A-810C-B74162738537}C:\users\shishirgupta77\appdata\local\temp\khvcol.exe" = protocol=17 | dir=in | app=c:\users\shishirgupta77\appdata\local\temp\khvcol.exe |
"UDP Query User{A0B6DCCA-8E42-49A7-9541-3540F2474DEB}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{E035CA9B-6543-4C3C-B7BD-2AD150F60503}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{235915A8-1C0D-4920-95EA-FE8B773E5F57}" = VAIO Teal Whisper Wallpaper
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{359DF682-BC8F-429D-AB6D-3C8002099F38}" = VAIO Content Metadata Intelligent Analyzing Manager
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{638BAD93-701B-482A-86C6-72DFF3E6FE51}" =
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}" = Playchess
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741A865D-253E-43C7-A727-AF6500E2599B}" = Playchess
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D716354-2C08-48DC-9AC5-957348048817}" = VAIO Help And Support
"{7E545666-F419-45FD-B3DF-C0B99A1A579F}" = QuickBooks Simple Start Free Starter Edition
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B59B3DA8-06F8-4B4C-AE94-5180753EF108}" = VAIO Floral Dusk Wallpaper
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BBF6D0CD-A081-369F-B0B8-F168594CBB6B}" = Google Talk Plugin
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0B6A41F-4FE2-499E-A909-398972F91CDD}" = Symantec Real Time Storage Protection Component
"{D124C1D1-963E-485A-AF7C-52E5CAA2CEF6}" = Net Protector 2010
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E58AB36F-9D50-4969-9228-AC24270741BF}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Aangifte Buitenland 2007" = Aangifte Buitenland 2007
"Aangifte inkomstenbelasting 2007" = Aangifte inkomstenbelasting 2007
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crackle Screen Saver_is1" = Crackle Screen Saver 1.0
"Dynamic-Photo HDR 4_is1" = Dynamic-Photo HDR 4.4
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"Kinderopvangtoeslag 2009" = Kinderopvangtoeslag 2009
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"screensaver_circus" = screensaver_circus
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.2.0 for Windows Vista
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Service Utility" = VAIO Service Utility
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/04/2010 20:21:04 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0x10d0, application start time 0x01cad51f0724698d.

Error - 05/04/2010 20:21:11 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0x54c, application start time 0x01cad51f0b65e3cd.

Error - 05/04/2010 20:21:18 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0x113c, application start time 0x01cad51f0f9d24dd.

Error - 05/04/2010 20:21:25 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0x1600, application start time 0x01cad51f13a2596d.

Error - 05/04/2010 20:21:31 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0xe60, application start time 0x01cad51f17a4cedd.

Error - 05/04/2010 20:21:38 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0x15c8, application start time 0x01cad51f1bb1a48d.

Error - 05/04/2010 20:21:46 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0x10a4, application start time 0x01cad51f1fe3193d.

Error - 05/04/2010 20:21:53 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0x155c, application start time 0x01cad51f2465e23d.

Error - 05/04/2010 20:22:00 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0x17ac, application start time 0x01cad51f288bbe2d.

Error - 05/04/2010 20:22:07 | Computer Name = shishirgupta-PC | Source = Application Error | ID = 1000
Description = Faulting application EXECSCAN.EXE, version 0.0.0.0, time stamp 0x177038e4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6578652e, process id 0x1068, application start time 0x01cad51f2cb347cd.

[ Media Center Events ]
Error - 17/04/2008 12:21:07 | Computer Name = shishirgupta-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 10/02/2008 19:07:59 | Computer Name = shishirgupta-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1274
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/04/2010 18:28:54 | Computer Name = shishirgupta-PC | Source = DCOM | ID = 10010
Description =

Error - 05/04/2010 18:30:00 | Computer Name = shishirgupta-PC | Source = DCOM | ID = 10001
Description =

Error - 05/04/2010 18:30:00 | Computer Name = shishirgupta-PC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 05/04/2010 18:33:59 | Computer Name = shishirgupta-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:31:31 on 05/04/2010 was unexpected.

Error - 05/04/2010 18:40:17 | Computer Name = shishirgupta-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:38:35 on 05/04/2010 was unexpected.

Error - 05/04/2010 18:42:21 | Computer Name = shishirgupta-PC | Source = PlugPlayManager | ID = 12
Description = The device 'zfvembitoxsuj9' (Root\LEGACY_ZFVEMBITOXSUJ9\0000) disappeared
from the system without first being prepared for removal.

Error - 05/04/2010 18:54:31 | Computer Name = shishirgupta-PC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 05/04/2010 19:01:23 | Computer Name = shishirgupta-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description =

Error - 05/04/2010 19:01:23 | Computer Name = shishirgupta-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 05/04/2010 19:13:51 | Computer Name = shishirgupta-PC | Source = PlugPlayManager | ID = 12
Description = The device 'zfvembitoxsuj9' (Root\LEGACY_ZFVEMBITOXSUJ9\0000) disappeared
from the system without first being prepared for removal.

< End of report >

OTL logfile created on: 06/04/2010 00:25:11 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\shishirgupta77\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.80 Gb Total Space | 56.85 Gb Free Space | 31.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.97 Gb Total Space | 1.85 Gb Free Space | 94.16% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHISHIRGUPTA-PC
Current User Name: shishirgupta77
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/06 00:10:01 | 000,061,952 | ---- | M] (Portable Library) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/06 00:09:58 | 000,061,952 | ---- | M] (Portable Library) -- C:\Program Files\Net Protector 2010\Email Scan\emailscn.exe
PRC - [2010/04/05 23:22:08 | 000,569,856 | ---- | M] (OldTimer Tools) -- C:\Users\shishirgupta77\Desktop\OTL.exe
PRC - [2010/04/05 21:19:31 | 000,372,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2010/04/05 21:19:30 | 000,892,928 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WPN111\WPN111.exe
PRC - [2010/01/23 10:23:14 | 000,428,016 | ---- | M] (Biz Secure Labs. Pvt Ltd.) -- C:\Program Files\Net Protector 2010\Email Scan\emailscn .exe
PRC - [2010/01/23 10:23:02 | 000,096,240 | ---- | M] (Biz Secure Labs. Pvt Ltd.) -- C:\Program Files\Net Protector 2010\ZVScan\PROCDISP.EXE
PRC - [2010/01/13 12:45:54 | 000,229,376 | ---- | M] (Biz Secure Labs Pvt Ltd.) -- C:\Program Files\Net Protector 2010\IFD.EXE
PRC - [2009/09/10 16:29:33 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/08/17 23:46:52 | 000,180,224 | ---- | M] (Biz Secure Labs Pvt Ltd.) -- C:\Program Files\Net Protector 2010\ZVScan\ZVMONNT.EXE
PRC - [2009/04/05 01:58:24 | 000,065,536 | ---- | M] (Message Labs Pvt Ltd.) -- C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe
PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 08:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/02/14 16:17:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Net Protector 2010\ZVScan\EXECSCAN.EXE
PRC - [2007/07/25 03:26:38 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/07/25 03:26:38 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/29 14:47:12 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/06/28 16:53:02 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/06/28 16:53:00 | 000,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/06/28 16:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/20 22:04:20 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2007/06/15 20:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/06/14 16:40:46 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/05/23 00:57:26 | 002,781,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/04/26 22:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007/03/01 11:04:58 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/02/28 04:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/02/26 05:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/10 05:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/02 10:45:54 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2006/11/02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006/01/24 07:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

========== Modules (SafeList) ==========

MOD - [2010/04/05 23:22:08 | 000,569,856 | ---- | M] (OldTimer Tools) -- C:\Users\shishirgupta77\Desktop\OTL.exe
MOD - [2010/04/05 21:05:42 | 000,020,000 | ---- | M] () -- C:\Windows\System32\vof2n.dll
MOD - [2006/11/02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/04/05 12:27:59 | 002,504,280 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3653.dll -- (Akamai)
SRV - [2010/04/05 10:32:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/17 23:46:52 | 000,180,224 | ---- | M] (Biz Secure Labs Pvt Ltd.) [Auto | Running] -- C:\Program Files\Net Protector 2010\ZVScan\ZVMONNT.EXE -- (ZeroVProtect)
SRV - [2009/04/05 01:58:24 | 000,065,536 | ---- | M] (Message Labs Pvt Ltd.) [Auto | Running] -- C:\Program Files\Net Protector 2010\ZVRegMon\ZVRegMon.exe -- (ZVRegMon)
SRV - [2008/01/23 22:07:50 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/25 01:39:13 | 000,265,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/25 03:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/07/13 18:55:56 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/07/06 01:43:04 | 000,079,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/06/28 16:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 16:53:02 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/06/28 16:53:00 | 000,188,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/06/28 16:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/20 23:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 23:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 23:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/06/20 23:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/06/20 23:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/06/20 23:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/03/01 11:04:58 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/02/26 05:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/13 03:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/11 00:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/10 05:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 05:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 05:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 03:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 10:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 10:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 09:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/09 23:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/11/14 09:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.rsm.nl:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.mail.yahoo.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 00:29:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 00:29:08 | 000,000,000 | ---D | M]

[2010/03/15 04:05:47 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\Mozilla\Extensions
[2010/04/04 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\Mozilla\Firefox\Profiles\d9uo8vbb.default\extensions
[2009/09/03 18:44:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\shishirgupta77\AppData\Roaming\Mozilla\Firefox\Profiles\d9uo8vbb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/07 09:57:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\shishirgupta77\AppData\Roaming\Mozilla\Firefox\Profiles\d9uo8vbb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/15 04:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/06 00:13:15 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.Brenz.pl
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (C:\Windows\system32\vof2n.dll) - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\Windows\System32\vof2n.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe File not found
O4 - HKLM..\Run: [Zero-V Virus Shield] C:\Program Files\Net Protector 2010\Email Scan\EMAILSCN.EXE (Portable Library)
O4 - Startup: C:\Users\shishirgupta77\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\shishirgupta77\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\shishirgupta77\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Users\shishirgupta77\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwwpt32.exe (Portable Library)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: freemoviehq.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NPLogon: DllName - NPlogon.dll - C:\Windows\System32\NPLOGON.DLL (Message Labs Pvt Ltd)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - hasiufhiusdfjdhfudd - C:\Windows\System32\vof2n.dll ()
O24 - Desktop WallPaper: C:\Users\shishirgupta77\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shishirgupta77\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27 - HKLM IFEO\antiviruspro_2010.exe: Debugger - NPAV File not found
O27 - HKLM IFEO\AutoDrive.exe: Debugger - NPAV File not found
O27 - HKLM IFEO\COOL_GAMESETUP.EXE: Debugger - NPAV File not found
O27 - HKLM IFEO\lizkavd.exe: Debugger - NPAV File not found
O27 - HKLM IFEO\MSA.EXE: Debugger - NPAV File not found
O27 - HKLM IFEO\NISSAN.EXE: Debugger - NPAV File not found
O27 - HKLM IFEO\Passwords.exe: Debugger - NPAV File not found
O27 - HKLM IFEO\photo_id.exe: Debugger - NPAV File not found
O27 - HKLM IFEO\RESTORER64_A.EXE: Debugger - NPAV File not found
O27 - HKLM IFEO\SDRA64.EXE: Debugger - NPAV File not found
O27 - HKLM IFEO\seres.exe: Debugger - NPAV File not found
O27 - HKLM IFEO\svcst.exe: Debugger - NPAV File not found
O27 - HKLM IFEO\SYSDATE.EXE: Debugger - NPAV File not found
O27 - HKLM IFEO\TXP1ATFORM.EXE: Debugger - NPAV File not found
O27 - HKLM IFEO\unwise_.exe: Debugger - NPAV File not found
O27 - HKLM IFEO\userini.exe: Debugger - NPAV File not found
O27 - HKLM IFEO\WIN7.EXE: Debugger - NPAV File not found
O27 - HKLM IFEO\WMISTIP.EXE: Debugger - NPAV File not found
O27 - HKLM IFEO\zavupd32.exe: Debugger - NPAV File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/08/23 12:00:00 | 000,001,688 | ---- | M] () - C:\Autoexec.NT -- [ NTFS ]
O32 - AutoRun File - [2010/04/06 00:18:46 | 000,000,027 | ---- | M] () - F:\AUTORUN.INF.mal -- [ FAT ]
O33 - MountPoints2\{a911a32a-4e9c-11dd-9d19-001a803bb813}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{a911a32a-4e9c-11dd-9d19-001a803bb813}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found
O33 - MountPoints2\{f3291287-71d1-11de-a318-001a803bb813}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
O33 - MountPoints2\{f3291287-71d1-11de-a318-001a803bb813}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %* ()
O35 - HKLM\..exefile [open] -- C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %* ()
O37 - HKLM\...exe [@ = exefile] -- C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 12:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/06 00:24:09 | 000,569,856 | ---- | C] (OldTimer Tools) -- C:\Users\shishirgupta77\Desktop\OTL.exe
[2010/04/06 00:12:15 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/05 23:44:21 | 000,000,000 | ---D | C] -- C:\Users\shishirgupta77\AppData\Roaming\Malwarebytes
[2010/04/05 23:44:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/05 23:44:02 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/05 23:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/05 23:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/05 23:27:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/05 23:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/05 23:22:02 | 000,000,000 | ---D | C] -- C:\Users\shishirgupta77\Desktop\Protection
[2010/04/05 21:06:15 | 000,000,000 | -HSD | C] -- C:\Users\shishirgupta77\.COMMgr
[2010/04/05 21:05:45 | 000,061,952 | ---- | C] (Portable Library) -- C:\Windows\System32\wuaucldt.exe.delme180
[2010/04/05 10:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/04/05 10:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/05 10:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/05 09:15:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/04 17:50:36 | 000,049,152 | ---- | C] (Message Labs Pvt Ltd) -- C:\Windows\System32\NPLOGON.DLL
[2010/04/04 17:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Net Protector
[2010/04/04 17:48:02 | 000,000,000 | ---D | C] -- C:\Users\shishirgupta77\Desktop\Adobe CS4
[2010/04/04 17:40:53 | 000,000,000 | ---D | C] -- C:\Windows\NPReg
[2010/04/04 17:40:42 | 000,135,171 | ---- | C] (MESSAGE LABS PVT. LTD.) -- C:\Windows\UCE.ocx
[2010/04/04 17:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IFD
[2010/04/04 17:40:19 | 000,000,000 | ---D | C] -- C:\ZV
[2010/04/04 17:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Net Protector 2010
[2010/04/04 17:25:26 | 000,000,000 | ---D | C] -- C:\Users\shishirgupta77\Desktop\Adobe PhotoShop
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/06 00:30:29 | 006,553,600 | -HS- | M] () -- C:\Users\shishirgupta77\ntuser.dat
[2010/04/06 00:28:51 | 000,802,304 | ---- | M] () -- C:\Windows\System32\drivers\jjdlqsww.sys
[2010/04/06 00:23:42 | 000,027,648 | ---- | M] () -- C:\Users\shishirgupta77\Desktop\Hi all.doc
[2010/04/06 00:16:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/04/06 00:16:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/04/06 00:16:02 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/04/06 00:16:01 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/04/06 00:15:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/04/06 00:15:58 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/04/06 00:15:57 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/04/06 00:15:55 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/04/06 00:15:54 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/04/06 00:15:53 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/04/06 00:15:51 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/04/06 00:15:49 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/04/06 00:15:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/04/06 00:15:45 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/04/06 00:15:43 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/04/06 00:15:41 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/04/06 00:15:40 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/04/06 00:15:38 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/04/06 00:15:37 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/04/06 00:15:35 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/04/06 00:15:34 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/06 00:15:32 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/06 00:15:28 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/06 00:15:26 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/06 00:13:10 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 00:13:10 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 00:13:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/06 00:13:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/06 00:12:57 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/06 00:09:23 | 003,828,303 | -H-- | M] () -- C:\Users\shishirgupta77\AppData\Local\IconCache.db
[2010/04/06 00:08:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3136852474-454133946-1672995890-1002UA.job
[2010/04/05 23:44:07 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 23:25:28 | 000,000,733 | ---- | M] () -- C:\Users\shishirgupta77\Desktop\NTREGOPT.lnk
[2010/04/05 23:25:28 | 000,000,714 | ---- | M] () -- C:\Users\shishirgupta77\Desktop\ERUNT.lnk
[2010/04/05 23:25:10 | 000,631,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/05 23:25:10 | 000,112,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/05 23:25:09 | 000,729,436 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/05 23:22:08 | 000,569,856 | ---- | M] (OldTimer Tools) -- C:\Users\shishirgupta77\Desktop\OTL.exe
[2010/04/05 23:21:26 | 000,061,952 | ---- | M] (Portable Library) -- C:\Windows\System32\rundll32.exe
[2010/04/05 23:07:26 | 000,026,734 | -HS- | M] () -- C:\Users\shishirgupta77\AppData\Local\VHx0W
[2010/04/05 23:07:26 | 000,026,734 | -HS- | M] () -- C:\ProgramData\VHx0W
[2010/04/05 22:27:21 | 001,369,600 | ---- | M] (Irfan Skiljan) -- C:\Users\shishirgupta77\Desktop\iview425_setup.exe
[2010/04/05 21:19:29 | 000,037,376 | ---- | M] () -- C:\Users\shishirgupta77\wuaucldt .exe
[2010/04/05 21:14:29 | 000,061,952 | ---- | M] (Portable Library) -- C:\Windows\System32\wuaucldt.exe.delme180
[2010/04/05 21:12:39 | 002,269,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/05 21:06:49 | 000,000,024 | ---- | M] () -- C:\ProgramData\kfdtk.ini
[2010/04/05 21:06:30 | 000,020,000 | ---- | M] () -- C:\Windows\System32\l92ji.dll
[2010/04/05 21:05:55 | 000,000,008 | ---- | M] () -- C:\Users\shishirgupta77\AppData\Roaming\jvmoxh.dat
[2010/04/05 21:05:42 | 000,020,000 | ---- | M] () -- C:\Windows\System32\vof2n.dll
[2010/04/05 18:08:07 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3136852474-454133946-1672995890-1002Core.job
[2010/04/05 17:59:49 | 000,084,480 | ---- | M] () -- C:\Users\shishirgupta77\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/05 00:17:26 | 000,000,000 | ---- | M] () -- C:\Windows\tosOBEX.INI
[2010/04/04 17:47:33 | 000,000,141 | ---- | M] () -- C:\ProgramData\license.ini
[2010/04/04 17:40:48 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2010/04/04 17:40:48 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2010/04/04 17:39:23 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Net Protector 2010.lnk
[2010/04/04 16:57:16 | 000,000,132 | ---- | M] () -- C:\Delapp.bat
[2010/04/04 16:55:51 | 000,001,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/29 20:53:09 | 000,567,032 | ---- | M] () -- C:\Users\shishirgupta77\Desktop\Ligne_29_27.pdf
[2010/03/29 03:54:24 | 000,017,920 | ---- | M] () -- C:\Users\shishirgupta77\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/26 12:48:52 | 000,000,849 | ---- | M] () -- C:\Users\shishirgupta77\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK
[2010/03/25 16:11:04 | 000,045,568 | ---- | M] () -- C:\Users\shishirgupta77\Documents\CV_S Gupta.doc
[2010/03/25 11:44:28 | 000,028,672 | ---- | M] () -- C:\Users\shishirgupta77\Desktop\jobs.doc
[2010/03/25 09:11:45 | 000,627,560 | ---- | M] () -- C:\Users\shishirgupta77\Desktop\Surely enjoying.JPG
[2010/03/25 09:11:34 | 000,621,600 | ---- | M] () -- C:\Users\shishirgupta77\Desktop\Avni puzzled or enjoying.JPG
[2010/03/25 09:11:00 | 001,119,388 | ---- | M] () -- C:\Users\shishirgupta77\Desktop\Avni in saree.JPG
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/06 00:24:12 | 000,027,648 | ---- | C] () -- C:\Users\shishirgupta77\Desktop\Hi all.doc
[2010/04/06 00:16:05 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/04/06 00:16:03 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/04/06 00:16:01 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/04/06 00:15:59 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/04/06 00:15:58 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/04/06 00:15:57 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/04/06 00:15:55 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/04/06 00:15:54 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/04/06 00:15:53 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/04/06 00:15:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/04/06 00:15:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/04/06 00:15:47 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/04/06 00:15:45 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/04/06 00:15:43 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/04/06 00:15:41 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/04/06 00:15:40 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/04/06 00:15:38 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/04/06 00:15:37 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/04/06 00:15:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/04/06 00:15:34 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/04/06 00:15:32 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/04/06 00:15:31 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/04/06 00:15:26 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/04/06 00:15:25 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/04/05 23:44:07 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 23:40:07 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/05 23:25:28 | 000,000,733 | ---- | C] () -- C:\Users\shishirgupta77\Desktop\NTREGOPT.lnk
[2010/04/05 23:25:28 | 000,000,714 | ---- | C] () -- C:\Users\shishirgupta77\Desktop\ERUNT.lnk
[2010/04/05 21:06:49 | 000,000,024 | ---- | C] () -- C:\ProgramData\kfdtk.ini
[2010/04/05 21:06:30 | 000,020,000 | ---- | C] () -- C:\Windows\System32\l92ji.dll
[2010/04/05 21:06:19 | 000,026,734 | -HS- | C] () -- C:\Users\shishirgupta77\AppData\Local\VHx0W
[2010/04/05 21:06:19 | 000,026,734 | -HS- | C] () -- C:\ProgramData\VHx0W
[2010/04/05 21:05:55 | 000,000,008 | ---- | C] () -- C:\Users\shishirgupta77\AppData\Roaming\jvmoxh.dat
[2010/04/05 21:05:45 | 000,037,376 | ---- | C] () -- C:\Users\shishirgupta77\wuaucldt .exe
[2010/04/05 21:05:42 | 000,020,000 | ---- | C] () -- C:\Windows\System32\vof2n.dll
[2010/04/05 00:17:26 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2010/04/04 17:50:36 | 000,001,014 | ---- | C] () -- C:\Windows\System32\krnlobj.db
[2010/04/04 17:47:34 | 000,002,577 | ---- | C] () -- C:\Config.NT
[2010/04/04 17:47:34 | 000,001,688 | ---- | C] () -- C:\Autoexec.NT
[2010/04/04 17:47:33 | 000,000,141 | ---- | C] () -- C:\ProgramData\license.ini
[2010/04/04 17:40:48 | 000,000,000 | ---- | C] () -- C:\MSDOS.SYS
[2010/04/04 17:40:48 | 000,000,000 | ---- | C] () -- C:\IO.SYS
[2010/04/04 17:40:43 | 000,000,010 | ---- | C] () -- C:\Windows\cbid32.dll
[2010/04/04 17:40:42 | 000,295,514 | ---- | C] () -- C:\Windows\VB6.OLB
[2010/04/04 17:39:23 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Net Protector 2010.lnk
[2010/04/04 16:57:16 | 000,000,132 | ---- | C] () -- C:\Delapp.bat
[2010/04/04 16:55:51 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/03/29 20:53:09 | 000,567,032 | ---- | C] () -- C:\Users\shishirgupta77\Desktop\Ligne_29_27.pdf
[2010/03/27 12:40:13 | 019,090,688 | ---- | C] () -- C:\Users\shishirgupta77\Desktop\DSC03951.ARW
[2010/03/26 12:48:52 | 000,000,849 | ---- | C] () -- C:\Users\shishirgupta77\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK
[2010/03/25 16:11:04 | 000,045,568 | ---- | C] () -- C:\Users\shishirgupta77\Documents\CV_S Gupta.doc
[2010/03/25 11:44:28 | 000,028,672 | ---- | C] () -- C:\Users\shishirgupta77\Desktop\jobs.doc
[2010/03/25 09:11:45 | 000,627,560 | ---- | C] () -- C:\Users\shishirgupta77\Desktop\Surely enjoying.JPG
[2010/03/25 09:11:34 | 000,621,600 | ---- | C] () -- C:\Users\shishirgupta77\Desktop\Avni puzzled or enjoying.JPG
[2010/03/25 09:10:59 | 001,119,388 | ---- | C] () -- C:\Users\shishirgupta77\Desktop\Avni in saree.JPG
[2010/02/04 00:23:02 | 000,802,304 | ---- | C] () -- C:\Windows\System32\drivers\jjdlqsww.sys
[2010/02/04 00:17:04 | 000,000,016 | ---- | C] () -- C:\Users\shishirgupta77\AppData\Roaming\anvkgp.dat
[2009/10/16 22:31:54 | 000,020,992 | ---- | C] () -- C:\Users\shishirgupta77\Direction.doc
[2009/10/07 19:11:10 | 000,063,488 | ---- | C] () -- C:\Users\shishirgupta77\xobglu16.dll
[2009/10/07 19:11:10 | 000,023,552 | ---- | C] () -- C:\Users\shishirgupta77\xobglu32.dll
[2009/09/02 23:10:38 | 000,000,986 | ---- | C] () -- C:\Users\shishirgupta77\AppData\Roaming\wklnhst.dat
[2009/08/31 16:50:24 | 001,030,656 | ---- | C] () -- C:\Users\shishirgupta77\Turkey and the EU.ppt
[2009/08/17 11:09:15 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/08/10 21:11:36 | 000,024,206 | ---- | C] () -- C:\Users\shishirgupta77\AppData\Roaming\UserTile.png
[2008/12/19 01:06:43 | 000,000,680 | ---- | C] () -- C:\Users\shishirgupta77\AppData\Local\d3d9caps.dat
[2008/02/21 18:49:51 | 000,017,920 | ---- | C] () -- C:\Users\shishirgupta77\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/01 19:14:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/01/29 18:54:04 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2008/01/29 18:54:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2008/01/27 23:09:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/19 01:31:29 | 000,524,288 | -HS- | C] () -- C:\Users\shishirgupta77\ntuser.dat{cf5ad015-c625-11dc-9e90-001bfb5d25be}.TMContainer00000000000000000002.regtrans-ms
[2008/01/19 01:31:29 | 000,524,288 | -HS- | C] () -- C:\Users\shishirgupta77\ntuser.dat{cf5ad015-c625-11dc-9e90-001bfb5d25be}.TMContainer00000000000000000001.regtrans-ms
[2008/01/19 01:31:29 | 000,065,536 | -HS- | C] () -- C:\Users\shishirgupta77\ntuser.dat{cf5ad015-c625-11dc-9e90-001bfb5d25be}.TM.blf
[2008/01/04 22:58:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/04 22:57:22 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/04 22:57:22 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/04 22:56:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/12/18 03:34:35 | 000,262,144 | -H-- | C] () -- C:\Users\shishirgupta77\ntuser.dat.LOG1
[2007/12/18 03:34:35 | 000,104,960 | -H-- | C] () -- C:\Users\shishirgupta77\ntuser.dat.LOG2
[2007/12/18 03:34:35 | 000,000,020 | -HS- | C] () -- C:\Users\shishirgupta77\ntuser.ini
[2007/12/18 03:34:33 | 006,553,600 | -HS- | C] () -- C:\Users\shishirgupta77\ntuser.dat
[2007/10/01 21:32:28 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/10/01 21:30:27 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/08/25 01:38:51 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/08/25 01:36:57 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/25 01:36:57 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/08/25 01:36:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/08/25 01:28:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/06/14 20:02:02 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/06/14 20:02:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2007/06/14 20:01:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/05 21:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/20 14:05:38 | 000,000,833 | ---- | C] () -- C:\Windows\EParse.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/23 05:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/05/24 21:11:08 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\Belastingdienst
[2010/01/27 23:30:15 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\ChessBase
[2009/03/05 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\InterVideo
[2010/03/03 00:15:54 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\IrfanView
[2009/05/25 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\Open Source Applications Foundation
[2009/08/10 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\PeerNetworking
[2010/04/04 17:30:02 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\PlanMyDish
[2009/05/25 09:24:49 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\Python-Eggs
[2008/08/21 00:01:07 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\Subversion
[2009/09/02 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\shishirgupta77\AppData\Roaming\Template
[2010/04/06 00:15:26 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/04/06 00:15:43 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/04/06 00:15:45 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/04/06 00:15:46 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/04/06 00:15:49 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/04/06 00:15:51 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/04/06 00:15:53 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/04/06 00:15:54 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/04/06 00:15:55 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/04/06 00:15:57 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/04/06 00:15:58 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/04/06 00:15:28 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/04/06 00:15:59 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/04/06 00:16:01 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/04/06 00:16:02 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/04/06 00:16:05 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/04/06 00:16:06 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/04/06 00:15:32 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/04/06 00:15:34 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/06 00:15:35 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/04/06 00:15:37 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/04/06 00:15:38 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/04/06 00:15:40 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/04/06 00:15:41 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/04/06 00:11:33 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\agp440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 03:04:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/14 03:04:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 03:04:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 03:04:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 10:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/08/25 01:40:00 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/04/06 01:21:33 | 000,802,304 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\jjdlqsww.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< End of report >

#5
shishirgupta77

Posted 06 April 2010 - 02:54 AM

Member

Topic Starter
Member
19 posts

Here is the latest file from MBAM. Actually I have to rename it to run it. WIN32.VIRTOB still active. Although computer seems more stable. Everytime I run the AV or MBAM, it found entries.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

06/04/2010 10:35:31
mbam-log-2010-04-06 (10-35-31).txt

Scan type: Quick scan
Objects scanned: 103592
Time elapsed: 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\app_dll.dll (Trojan.Agent.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiviruspro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" /S) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\system32\Drivers\jjdlqsww.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\app_dll.dll (Trojan.Agent.Gen) -> Delete on reboot.
C:\Users\shishirgupta77\AppData\Local\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\wmpscfgs.exe (Trojan.Agent) -> Delete on reboot.

#6
shishirgupta77

Posted 06 April 2010 - 03:05 AM

Member

Topic Starter
Member
19 posts

Another run MBAM:
Will look forward for your help. I am getting very worried as this virus seems to be multiplying very quickly. Thanks for your help. With regards, Shishir

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

06/04/2010 11:02:10
mbam-log-2010-04-06 (11-02-10).txt

Scan type: Quick scan
Objects scanned: 104286
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 11
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
C:\Windows\Fonts\services.exe (Trojan.Agent) -> Unloaded process successfully.
c:\Windows\System32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiviruspro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\EXECSCAN.EXE "%1" /S) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Windows\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\2816,568.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\d.bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\kbdsock.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\mshlps.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\system32\Drivers\jjdlqsww.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Fonts\SERVICES.EXE.mal (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

#7
shishirgupta77

Posted 06 April 2010 - 11:04 AM

Member

Topic Starter
Member
19 posts

Hello Essexboy, I will really appreciate your help on this one. Thanks for the same.

regards,

Shishir

#8
Essexboy

Posted 06 April 2010 - 12:37 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi my time zone is GMT

You are very severely infected

I want to check something out first as I believe you may have a file infector. Can you confirm that your antivirus is net protect an Indian product

Download Dr.Web CureIt to the desktop.

Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, chose the Complete Scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look and see if you can click the following icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

#9
shishirgupta77

Posted 06 April 2010 - 12:40 PM

Member

Topic Starter
Member
19 posts

Yes, I confirm the AV is net protect an Indian product. I will start the requested updates in 80 mins from now. Thanks. Shishir

#10
Essexboy

Posted 06 April 2010 - 12:52 PM

GeekU Moderator

Retired Staff
69,964 posts

I will be around for another 3 hours

#11
shishirgupta77

Posted 06 April 2010 - 01:23 PM

Member

Topic Starter
Member
19 posts

Hello, I am not able to download Dr Web Cureit even from another laptop. Do u have alternative links?

Shishir

#12
shishirgupta77

Posted 06 April 2010 - 01:27 PM

Member

Topic Starter
Member
19 posts

http://www.freedrweb...ownload cureit/

I tried the above link as well.

Shishir

#13
Essexboy

Posted 06 April 2010 - 01:34 PM

GeekU Moderator

Retired Staff
69,964 posts

OK I will use another method to test it out

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#14
shishirgupta77

Posted 06 April 2010 - 01:46 PM

Member

Topic Starter
Member
19 posts

Hi, I downloaded the file. However as I tried to run it...pop up window says.

Alert!! It is not safe to continue. The content of COMBO fix package has been compromised.

Download fresh version.

Not: You may be infected with a file patching virus "virut'. PLease advice.

regards,

Shishir

#15
Essexboy

Posted 06 April 2010 - 01:50 PM

GeekU Moderator

Retired Staff
69,964 posts

Unfortunately that confirmed my suspicions

Well, I'm afraid I have bad news for you.

You have been infected with a polymorphic file infector named Virut. This infection will spread to every executable file in your computer, and unfortunately the only cure for it is to Reformat and Reinstall.

Right now, the best thing you can do is to backup, preferably to CD, all your important data, documents, pictures, movies, and songs.

DO NOT backup any applications or installers and DO NOT backup any files with the following extensions:

.exe
.scr
.htm
.html
.xml
.zip
.rar
.doc
.jpg
.pdf

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.

But I will assist in any way that I can to help you