Windows Antivirus Pro or Privacy Center Malware

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

< 1 2 3

Windows Antivirus Pro or Privacy Center Malware - Can't open any p, Windows Antivirus Pro or Privacy Center Malware - Can't open any p

Options

guitarroman1 View Member Profile	Aug 12 2009, 11:15 PM Post #31
Member Posts: 32 OS: Windows Vista	I'm sorry I could not read the blue screen before it vanished. now I start up my comp and I can't access taskmanager. but a new virus has popped up , something called "Advanced Virus Remover(al?)" It seems like I keep getting more viruses? Why is this happening? My system tried to get windows updates and it couldnt. System restore also failed. I think I have my vista disk somewhere, it seems like all else is lost, or losing. Will reformatting even fix these problems? (I am not going to reformat right now) Should I continue with the above posts (OST..etc) in safemode? Thanks!

guitarroman1 View Member Profile	Aug 12 2009, 11:21 PM Post #32
Member Posts: 32 OS: Windows Vista	Oh and FireFox and IE experienced Data Execution Prevention where it just shut down. Very frustrating and I dont think i have a vista CD, the comp came with it installed. Could I install xp on a vista computer...I guess thats a different topic altogether.

handhfan View Member Profile	Aug 12 2009, 11:26 PM Post #33
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Try to follow the steps posted in my last reply. Let me know how it goes. As for installing XP on a Vista machine, no. That's a bad mix. I've heard many stories on how it just doesn't work like you'd think it should.

guitarroman1 View Member Profile	Aug 14 2009, 07:04 PM Post #34
Member Posts: 32 OS: Windows Vista	ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/14 20:45 Program Version: Version 1.3.3.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8E684000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8E679000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x8E77E000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{62b96136-7e24-11de-879f-001f165cff39}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{a58c3ff3-7c85-11de-9c79-001f165cff39}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{E7148~1 Status: Locked to the Windows API! Path: C:\System Volume Information\{f518ca28-7a0c-11de-bd40-001f165cff39}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{FEA04~1 Status: Locked to the Windows API! Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Users\Sanyal\Downloads\WAKING~1.MP4:Zone.Identifier Status: Visible to the Windows API, but not on disk. Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.configuration_b03f5f7f11d50a3a_6.0.6001.18000_none_2b246afa36bbbbbe\$$DeleteMe.System.configuration.dll.01c9efc5be289440.001a Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6001.18000_none_f2c59d87b2191ef0\$$DeleteMe.System.Web.Services.dll.01c9efc5bcc38600.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.0.6001.18000_none_30ebd8ea438a84a0\$$DeleteMe.System.Windows.Forms.dll.01c9efc5bdf8f8c0.0011 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.0.6001.18000_none_b54a0107031f6e7c\$$DeleteMe.System.Design.dll.01c9efc5bdd2e2c0.0010 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.0.6001.18000_none_8f9330c1f0d495a8\$$DeleteMe.System.Drawing.dll.01c9efc5bdfdbb80.0012 Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system_b77a5c561934e089_6.0.6001.18000_none_da8fcc115bf832a8\$$DeleteMe.System.dll.01c9efc5be347b20.001b Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.xml_b77a5c561934e089_6.0.6001.18000_none_81a026374952e8f5\$$DeleteMe.System.XML.dll.01c9efc5be217020.0019 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.1.6001.22000_none_441eba1a267a5ad3\$$DeleteMe.fdProxy.dll.01c975438ab32993.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\$$DeleteMe.rpcss.dll.01c9bd98cf0d5d40.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.01c9bd98ce691e60.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32.dll.01c9bd98ced69da0.0005 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsasrv.dll.01c9bd98cec13140.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.secur32.dll.01c9bd98cec5f400.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e409a96d6223c\$$DeleteMe.msxml3.dll.01c976204ec4b0d0.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18000_none_886dfc4296d66f1f\$$DeleteMe.msxml6.dll.01c976204b303f70.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18000_none_8d341b13018fde32\$$DeleteMe.netapi32.dll.01c976204e9e9ad0.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265adc8633a42\$$DeleteMe.inetpp.dll.01c975438aeeabf3.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\$$DeleteMe.shell32.dll.01c976204e6a3c90.0005 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18000_none_9231f0ab88c213e9\$$DeleteMe.avifil32.dll.01ca1b8ee7c2b8fc.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.0.6001.18000_none_8664137a48407b03\$$DeleteMe.wuapi.dll.01c975438f8db753.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\$$DeleteMe.wuaueng.dll.01c975438f24fad3.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8\$$DeleteMe.fastprox.dll.01c9bd98cf16e2c0.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18000_none_24cdf96ec22363fa\$$DeleteMe.winhttp.dll.01c9bd98cf383600.000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18000_none_c7b68566c15b786b\$$DeleteMe.mscorlib.dll.01c9efc5be027e40.0014 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a54ef540d05f91fc\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e870be4ea01d6ef\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a529d9f6d0b19e9d\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e5e4a92ea5717b0\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscoree_dll_31bf3856ad364e35_6.0.6001.18000_none_b55ffc255629a804\$$DeleteMe.mscoree.dll.01c9efc5bbc4d2e0.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_bf5ca9cf312f74f6\$$DeleteMe.mscorjit.dll.01c9efc5bdd08160.000f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6001.18000_none_1ff6260de878daa7\$$DeleteMe.mscorsvw.exe.01c9efc5bd7d3140.000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.0.6001.18000_none_f727ac131683ca0f\$$DeleteMe.System.Web.dll.01c9efc5bd786e80.0009 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.1.6001.22000_none_449cd701f2cb8c19\$$DeleteMe.fundisc.dll.01c975438aec4a93.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\$$DeleteMe.urlmon.dll.01c976204ca858b0.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52\$$DeleteMe.gdi32.dll.01c9762050927b90.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\$$DeleteMe.wininet.dll.01c976204d268190.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\$$DeleteMe.wininet.dll.01c9bd98ce85aee0.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\$$DeleteMe.wininet.dll.01ca101cf36723c0.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18248_none_b4bfde47d6e3201d\$$DeleteMe.urlmon.dll.01ca101cf3410dc0.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\$$DeleteMe.WmiPrvSD.dll.01c9bd98cf1ba580.0009 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\$$DeleteMe.WmiPrvSE.exe.01c9bd98cf148160.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18000_none_47a3aa598c843043\$$DeleteMe.iertutil.dll.01c976204cf94770.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\$$DeleteMe.iertutil.dll.01c9bd98ce7c2960.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\$$DeleteMe.iertutil.dll.01ca101cf35418c0.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18000_none_39733ab970ea03f2\$$DeleteMe.win32spl.dll.01c976204c7b1e90.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.16720_none_c035c989242f4981\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6000.20883_none_a96de02d3dd18e74\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.18111_none_c010ae3f24815622\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-weblowtrust_config_default_b03f5f7f11d50a3a_6.0.6001.22230_none_a9451edb3e26cf35\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\INSTAL~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_b898612ecd927be5\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_a1d077d2e734c0d8\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_b87345e4cde48886\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_a1a7b680e78a0199\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_6d8c18ba50aebc1f\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_56c42f5e6a510112\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_6d66fd705100c8c0\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_569b6e0c6aa641d3\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorpe_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_f7e3c74d5c37ee6c\$$DeleteMe.mscorpe.dll.01c9efc5bd656380.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_11b154e1f4c6a222\$$DeleteMe.mscorsec.dll.01c9efc5bd193780.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorsvc__dll_b03f5f7f11d50a3a_6.0.6001.18000_none_5af0232c04098a36\$$DeleteMe.mscorsvc.dll.01c9efc5bdb3f0e0.000d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6001.18000_none_325d54542ee2dcf0\$$DeleteMe.mscorwks.dll.01c9efc5bc325220.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_none_84411139aa6edb3f\GROUPE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.workflow.activities_31bf3856ad364e35_6.0.6001.18000_none_28a18f87536aba13\$$DeleteMe.System.Workflow.Activities.dll.01c9efc5bf0d1840.001d Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.workflow.componentmodel_31bf3856ad364e35_6.0.6001.18000_none_e8786c49d067c522\$$DeleteMe.System.Workflow.ComponentModel.dll.01c9efc5bf0f79a0.001e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.16708_none_71e62ab9fe238fad\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6000.20864_none_722ae6d5177571c1\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.22208_none_7456062b1467c068\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_system.workflow.runtime_31bf3856ad364e35_6.0.6001.18000_none_d81f265dbf5cdfe2\$$DeleteMe.System.Workflow.Runtime.dll.01c9efc5c00245e0.001f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\RENDER~1.XML Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPNET~1.UNI Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\XPTHEM~1.MAN Status: Locked to the Windows API! Path: c:\windows\system32\logfiles\scm\scm.evm Status: Allocation size mismatch (API: 491520, Raw: 0) Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.003 Status: Allocation size mismatch (API: 262144, Raw: 0) Path: C:\Windows\winsxs\Temp\PendingDeletes\atl.dll Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\atl.dll Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\wkssvc.dll Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\wmp.dll Status: Locked to the Windows API! Path: C:\Windows\winsxs\Temp\PendingDeletes\wmploc.DLL Status: Locked to the Windows API! Path: C:\Windows\inf\Windows Workflow Foundation 3.0.0.0\0000\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PRESEN~1.CON Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\WEB_LO~1.DEF Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESEN~1.CON Status: Locked to the Windows API! Path: c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat Status: Allocation size mismatch (API: 4096, Raw: 0) Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Locked to the Windows API! Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Hidden Services ------------------- Servi==EOF==

guitarroman1 View Member Profile	Aug 14 2009, 07:06 PM Post #35
Member Posts: 32 OS: Windows Vista	Malwarebytes' Anti-Malware 1.39 Database version: 2547 Windows 6.0.6001 Service Pack 1 8/14/2009 9:05:13 PM mbam-log-2009-08-14 (21-05-13).txt Scan type: Quick Scan Objects scanned: 78627 Time elapsed: 5 minute(s), 8 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 10 Folders Infected: 1 Files Infected: 12 Memory Processes Infected: C:\Windows\System32\drivers\smss.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: C:\Windows\System32\winhelper.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advanced virus remover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\drivers\smss.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\drivers\smss.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\drivers\smss.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. Files Infected: C:\Windows\System32\drivers\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\System32\drivers\smss.exe_ (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Temp\jefdhxnphr.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\Temp\vjndfeoroo.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\advancedvirusremover\PAVRM.exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. C:\Windows\System32\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\Sanyal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. C:\Users\Sanyal\AppData\Roaming\Microsoft\Windows\Start Menu\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully. C:\Windows\System32\AVR09.exe (Adware.AdvancedVirusRemover) -> Quarantined and deleted successfully. C:\Windows\System32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\System32\winhelper.dll (Trojan.FakeAlert) -> Delete on reboot.

handhfan View Member Profile	Aug 15 2009, 06:46 AM Post #36
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Open OTL. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Change the Standard Registry and Extra Registry options to Use Safelist. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

guitarroman1 View Member Profile	Aug 15 2009, 12:36 PM Post #37
Member Posts: 32 OS: Windows Vista	OTL logfile created on: 8/15/2009 2:30:22 PM - Run 4 OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Sanyal\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.76 Gb Available Physical Memory \| 87.88% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 287.21 Gb Total Space \| 168.20 Gb Free Space \| 58.56% Space Free \| Partition Type: NTFS Drive D: \| 10.88 Gb Total Space \| 1.82 Gb Free Space \| 16.71% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SANYAL-PC Current User Name: Sanyal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\SMINST\BLService.exe () PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe () PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.) PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Sanyal\Downloads\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (AppHostSvc [Auto \| Running]) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Basics Service [Auto \| Running]) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [Auto \| Running]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Com4QLBEx [On_Demand \| Running]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) SRV - (ehRecvr [On_Demand \| Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand \| Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto \| Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (Eventlog [Auto \| Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (HP Health Check Service [Auto \| Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) SRV - (hpqwmiex [On_Demand \| Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (LightScribeService [Auto \| Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Net Driver HPZ12 [Auto \| Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (Norton Internet Security [Auto \| Running]) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation) SRV - (nvsvc [Auto \| Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12 [Auto \| Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard) SRV - (Recovery Service for Windows [Auto \| Running]) -- C:\Program Files\SMINST\BLService.exe () SRV - (RichVideo [Auto \| Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe () SRV - (Viewpoint Manager Service [Auto \| Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WAS [On_Demand \| Stopped]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (WinDefend [Auto \| Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (XAudioService [Auto \| Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (adp94xx [Boot \| Running]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Boot \| Running]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Boot \| Running]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Boot \| Running]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (aic78xx [Boot \| Running]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Boot \| Running]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (arc [Boot \| Running]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Boot \| Running]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (athr [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\athr.sys (Atheros Communications, Inc.) DRV - (BHDrvx86 [System \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\BHDrvx86.sys (Symantec Corporation) DRV - (BrFiltLo [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (ccHP [System \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\ccHPx86.sys (Symantec Corporation) DRV - (cmdide [Boot \| Running]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (CnxtHdAudService [On_Demand \| Running]) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (dlqbuqri [Unknown \| Stopped]) -- Service key not found. File not found DRV - (E1G60 [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (eeCtrl [System \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (elxstor [Boot \| Running]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (EraserUtilRebootDrv [On_Demand \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HpCISSs [Boot \| Running]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (HpqKbFiltr [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HSF_DPV [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (iaStorV [Boot \| Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (IDSVix86 [System \| Running]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSvix86.sys (Symantec Corporation) DRV - (iirsp [Boot \| Running]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (iteatapi [Boot \| Running]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Boot \| Running]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (LSI_FC [Boot \| Running]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Boot \| Running]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Boot \| Running]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (MBAMSwissArmy [On_Demand \| Stopped]) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (mdmxsdk [Auto \| Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (megasas [Boot \| Running]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR [Boot \| Running]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (Mraid35x [Boot \| Running]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (NAVENG [On_Demand \| Stopped]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090319.017\NAVENG.SYS (Symantec Corporation) DRV - (NAVEX15 [On_Demand \| Stopped]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090319.017\NAVEX15.SYS (Symantec Corporation) DRV - (NETw3v32 [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel Corporation) DRV - (nfrd960 [Boot \| Running]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (ntrigdigi [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NVENETFD [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation) DRV - (NVHDA [On_Demand \| Running]) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvlddmkm [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvraid [Boot \| Running]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvsmu [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\nvsmu.sys (NVIDIA Corporation) DRV - (nvstor [Boot \| Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (pfc [On_Demand \| Running]) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.) DRV - (ql2300 [Boot \| Running]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Boot \| Running]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (RTSTOR [On_Demand \| Running]) -- C:\Windows\System32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.) DRV - (SCDEmu [System \| Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (secdrv [Auto \| Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid4 [Boot \| Running]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (SRTSP [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX [System \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SRTSPX.SYS (Symantec Corporation) DRV - (Symc8xx [Boot \| Running]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (SYMDNS [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS (Symantec Corporation) DRV - (SymEFA [Boot \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMEFA.SYS (Symantec Corporation) DRV - (SymEvent [On_Demand \| Running]) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMFW [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMFW.SYS (Symantec Corporation) DRV - (SymIM [System \| Running]) -- C:\Windows\System32\DRIVERS\SymIMv.sys (Symantec Corporation) DRV - (SYMNDISV [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMNDISV.SYS (Symantec Corporation) DRV - (SYMREDRV [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMTDI [System \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMTDI.SYS (Symantec Corporation) DRV - (Sym_hi [Boot \| Running]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Boot \| Running]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (uliahci [Boot \| Running]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Boot \| Running]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Boot \| Running]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (viaide [Boot \| Running]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsmraid [Boot \| Running]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (winachsf [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio [Auto \| Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.) DRV - (yukonwlh [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AIM Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=" FF - prefs.js..browser.search.selectedEngine: "AIM Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1 FF - prefs.js..extensions.enabledItems: debatecopy@randomrandomemail.com:0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 FF - prefs.js..keyword.URL: "" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/17 23:29:49 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/14 21:41:37 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 18:20:38 \| 00,000,000 \| ---D \| M] [2009/01/12 18:42:19 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Extensions [2009/01/12 18:42:19 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/08/14 23:31:58 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions [2009/01/25 19:45:35 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/01/13 15:50:37 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/08/06 00:05:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions\debatecopy@randomrandomemail.com [2009/08/15 14:08:03 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/08/04 23:05:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/08 18:20:46 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/08/04 23:05:19 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/08/04 23:05:19 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/08/08 18:19:35 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/11/06 12:33:48 \| 01,332,224 \| ---- \| M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2008/12/10 20:33:34 \| 00,098,304 \| ---- \| M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008/09/26 12:40:34 \| 00,053,248 \| ---- \| M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll [2009/01/16 18:40:44 \| 00,279,888 \| ---- \| M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll [2009/08/04 23:05:22 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2003/07/14 23:56:52 \| 00,013,888 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2009/07/08 00:49:16 \| 00,136,768 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009/07/08 00:49:23 \| 00,008,192 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009/07/08 00:49:12 \| 00,094,208 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008/09/10 13:49:12 \| 06,583,016 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2007/04/16 13:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2009/03/07 01:03:44 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/07 01:03:44 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/03/07 01:03:44 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/07 01:03:44 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/03/07 01:03:44 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/07 01:03:44 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/03/07 01:03:45 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (1454 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC) O4 - HKCU..\Run: [Google Update] C:\Users\Sanyal\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites) O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0d102417-26bf-11de-b58c-001f165cff39}\Shell - "" = AutoRun O33 - MountPoints2\{0d102417-26bf-11de-b58c-001f165cff39}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{a2a93011-e3ea-11dd-86bd-001f165cff39}\Shell - "" = AutoRun O33 - MountPoints2\{a2a93011-e3ea-11dd-86bd-001f165cff39}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/08/14 22:06:45 \| 01,672,656 \| -H-- \| C] () -- C:\Users\Sanyal\AppData\Local\IconCache.db [2009/08/14 21:30:07 \| 29,510,36928 \| -HS- \| C] () -- C:\hiberfil.sys [2009/08/14 20:38:54 \| 00,133,632 \| ---- \| C] (Systemintegrasjon AS) -- C:\MbrFix64.exe [2009/08/14 20:38:54 \| 00,123,904 \| ---- \| C] (Systemintegrasjon AS) -- C:\MbrFix.exe [2009/08/12 00:11:40 \| 00,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll [2009/08/12 00:11:36 \| 00,160,256 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll [2009/08/12 00:11:29 \| 02,066,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll [2009/08/12 00:11:25 \| 00,091,136 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2009/08/12 00:11:10 \| 10,626,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll [2009/08/12 00:11:07 \| 00,313,344 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll [2009/08/12 00:11:06 \| 00,007,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2009/08/12 00:11:04 \| 00,004,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2009/08/12 00:11:04 \| 00,004,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2009/08/12 00:11:01 \| 08,147,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2009/08/12 00:11:00 \| 00,043,520 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2009/08/12 00:11:00 \| 00,018,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2009/08/11 23:44:21 \| 00,000,000 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\settings.dat [2009/08/11 23:30:26 \| 00,470,528 \| ---- \| C] ( ) -- C:\Users\Sanyal\Desktop\RootRepeal.exe [2009/08/11 23:30:01 \| 00,463,768 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\RootRepeal.rar [2009/08/09 22:20:39 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\is-S8GBO [2009/08/09 21:04:32 \| 53,937,371 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\Brian Blade Live at Newport August 2009.mp3 [2009/08/09 20:49:12 \| 00,000,000 \| ---D \| C] -- C:\Users\Sanyal\Documents\Ask and Record Toolbar [2009/08/09 20:49:11 \| 00,000,000 \| ---D \| C] -- C:\Users\Sanyal\AppData\Local\FLVService [2009/08/09 20:48:55 \| 00,000,000 \| ---D \| C] -- C:\Windows\Ask & Record Toolbar [2009/08/09 20:48:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Ask & Record Toolbar [2009/08/09 20:45:39 \| 00,000,067 \| ---- \| C] () -- C:\Windows\AudioMidRecorder.INI [2009/08/08 18:20:38 \| 00,411,368 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2009/08/08 18:20:38 \| 00,149,280 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009/08/08 18:20:38 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009/08/08 18:20:38 \| 00,145,184 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009/08/08 17:52:23 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/08/08 15:27:07 \| 00,000,000 \| ---D \| C] -- C:\32788R22FWJFW [2009/08/07 17:03:27 \| 00,339,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf [2009/08/07 17:01:42 \| 03,122,735 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\Combo-Fix.exe [2009/08/04 23:24:55 \| 00,001,834 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\HijackThis.lnk [2009/08/04 23:24:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/08/02 14:32:47 \| 00,000,000 \| ---D \| C] -- C:\Users\Sanyal\AppData\Roaming\Malwarebytes [2009/08/02 14:32:39 \| 00,000,778 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/02 14:32:35 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/08/02 14:32:32 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/08/02 14:32:32 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/08/02 14:32:32 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/08/02 14:08:20 \| 00,002,734 \| ---- \| C] () -- C:\Users\Sanyal\Documents\cc_20090802_140812.reg [2009/08/01 16:14:34 \| 00,000,091 \| ---- \| C] () -- C:\Windows\System32\vsfocexcyiiuio.dat [2009/08/01 15:48:59 \| 00,000,000 \| ---D \| C] -- C:\Windows\Minidump [2009/08/01 15:46:25 \| 00,017,408 \| ---- \| C] () -- C:\Windows\System32\vsfoceeshccvpt.dll [2009/08/01 15:46:24 \| 00,065,534 \| ---- \| C] () -- C:\Windows\System32\vsfocenjlpwqox.dat [2009/08/01 15:46:16 \| 00,064,512 \| ---- \| C] () -- C:\Windows\System32\drivers\vsfoceetepwivf.sys [2009/08/01 15:46:16 \| 00,038,912 \| ---- \| C] () -- C:\Windows\System32\vsfocevvfnwhqw.dll [2009/08/01 15:42:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Antares Audio Technologies [2009/07/28 23:51:54 \| 05,666,816 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\Erick Sermon Marvin Gaye - Just Like Music.mp3 [2009/07/28 19:05:06 \| 03,583,488 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/07/28 19:05:04 \| 00,146,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/07/28 19:05:02 \| 06,069,248 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/07/28 19:05:00 \| 01,166,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/07/28 19:04:59 \| 00,827,904 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/07/28 19:04:58 \| 00,458,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/07/28 19:04:58 \| 00,389,120 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/07/28 19:04:58 \| 00,270,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/07/28 19:04:57 \| 00,230,400 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/07/28 19:04:56 \| 00,671,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/07/28 19:04:56 \| 00,389,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/07/28 19:04:56 \| 00,078,336 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/07/28 19:04:56 \| 00,028,160 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/07/28 19:04:56 \| 00,026,624 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/07/28 19:04:54 \| 01,383,424 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/07/26 15:45:15 \| 00,040,398 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\10 You Can Make It If You Try (2.1).mp3 [2009/07/25 15:47:29 \| 00,027,648 \| ---- \| C] () -- C:\Users\Sanyal\Documents\College Essay Ideas.doc [2009/07/22 05:01:27 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\WindowsSearch [2009/05/21 22:56:47 \| 00,000,066 \| ---- \| C] () -- C:\Windows\BBW_INFO.INI [2009/04/17 22:15:26 \| 00,000,011 \| ---- \| C] () -- C:\Windows\BRVIDEO.INI [2009/04/17 22:15:26 \| 00,000,000 \| ---- \| C] () -- C:\Windows\brmx2001.ini [2009/04/17 22:15:25 \| 00,000,114 \| ---- \| C] () -- C:\Windows\System32\brlmw03a.ini [2009/04/17 22:15:23 \| 00,000,426 \| ---- \| C] () -- C:\Windows\BRWMARK.INI [2009/04/17 22:13:44 \| 00,000,223 \| ---- \| C] () -- C:\Windows\Brownie.ini [2009/01/13 21:45:42 \| 00,000,376 \| ---- \| C] () -- C:\Windows\ODBC.INI [2009/01/12 19:28:28 \| 00,058,792 \| ---- \| C] () -- C:\Windows\System32\wbload.dll [2008/11/06 12:37:32 \| 03,596,288 \| ---- \| C] () -- C:\Windows\System32\qt-dx331.dll [2008/11/06 12:34:00 \| 00,000,416 \| ---- \| C] () -- C:\Windows\System32\dtu100.dll.manifest [2008/11/06 12:34:00 \| 00,000,416 \| ---- \| C] () -- C:\Windows\System32\dpl100.dll.manifest [2008/11/06 12:33:02 \| 00,012,288 \| ---- \| C] () -- C:\Windows\System32\DivXWMPExtType.dll [2006/11/02 08:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:23:31 \| 00,000,240 \| ---- \| C] () -- C:\Windows\win.ini [2006/11/02 06:23:31 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 03:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2006/03/09 05:58:00 \| 01,060,424 \| ---- \| C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2003/01/07 16:05:08 \| 00,002,695 \| ---- \| C] () -- C:\Windows\System32\OUTLPERF.INI ========== Files - Modified Within 30 Days ========== [4 C:\Users\Sanyal\Desktop\*.tmp files] [2009/08/15 14:09:50 \| 00,000,246 \| ---- \| M] () -- C:\ProgramData\hpqp.ini [2009/08/15 14:09:42 \| 00,027,934 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2009/08/15 14:09:41 \| 00,027,934 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2009/08/15 14:09:02 \| 00,000,223 \| ---- \| M] () -- C:\Windows\Brownie.ini [2009/08/15 14:07:23 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/08/15 14:07:23 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/08/15 14:07:14 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/08/15 14:06:59 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/08/15 14:06:19 \| 29,510,36928 \| -HS- \| M] () -- C:\hiberfil.sys [2009/08/15 01:55:42 \| 01,672,656 \| -H-- \| M] () -- C:\Users\Sanyal\AppData\Local\IconCache.db [2009/08/15 01:37:03 \| 00,000,912 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000UA.job [2009/08/14 23:35:41 \| 00,002,191 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [2009/08/14 19:53:33 \| 00,065,534 \| ---- \| M] () -- C:\Windows\System32\vsfocenjlpwqox.dat [2009/08/14 19:48:35 \| 00,000,091 \| ---- \| M] () -- C:\Windows\System32\vsfocexcyiiuio.dat [2009/08/11 23:44:21 \| 00,000,000 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\settings.dat [2009/08/11 23:30:03 \| 00,463,768 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\RootRepeal.rar [2009/08/10 23:10:00 \| 00,000,472 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/08/10 15:37:02 \| 00,000,860 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000Core.job [2009/08/10 04:11:47 \| 00,000,326 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForSanyal.job [2009/08/09 22:13:07 \| 53,937,371 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\Brian Blade Live at Newport August 2009.mp3 [2009/08/09 20:45:41 \| 00,000,067 \| ---- \| M] () -- C:\Windows\AudioMidRecorder.INI [2009/08/08 18:19:34 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll [2009/08/08 18:19:34 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009/08/08 18:19:34 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009/08/08 18:19:34 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009/08/08 15:27:33 \| 00,339,456 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf [2009/08/07 17:01:44 \| 03,122,735 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\Combo-Fix.exe [2009/08/07 01:19:48 \| 00,008,268 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Local\d3d9caps.dat [2009/08/05 21:55:54 \| 00,123,904 \| ---- \| M] (Systemintegrasjon AS) -- C:\MbrFix.exe [2009/08/05 21:55:44 \| 00,133,632 \| ---- \| M] (Systemintegrasjon AS) -- C:\MbrFix64.exe [2009/08/05 16:37:02 \| 00,870,128 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Roaming\mcs.rma [2009/08/05 16:37:02 \| 00,000,004 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Roaming\1C8A3E [2009/08/05 00:36:27 \| 00,694,964 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/08/05 00:36:27 \| 00,598,588 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/08/05 00:36:27 \| 00,102,194 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/08/04 23:24:55 \| 00,001,834 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\HijackThis.lnk [2009/08/04 18:58:16 \| 00,000,376 \| ---- \| M] () -- C:\Windows\ODBC.INI [2009/08/03 13:36:28 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/08/03 13:36:06 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/08/02 14:32:39 \| 00,000,778 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/02 14:08:25 \| 00,002,734 \| ---- \| M] () -- C:\Users\Sanyal\Documents\cc_20090802_140812.reg [2009/08/01 16:15:06 \| 00,002,717 \| ---- \| M] () -- C:\Users\Public\Desktop\Drive Manager.lnk [2009/08/01 15:46:25 \| 00,017,408 \| ---- \| M] () -- C:\Windows\System32\vsfoceeshccvpt.dll [2009/08/01 15:46:16 \| 00,064,512 \| ---- \| M] () -- C:\Windows\System32\drivers\vsfoceetepwivf.sys [2009/08/01 15:46:16 \| 00,038,912 \| ---- \| M] () -- C:\Windows\System32\vsfocevvfnwhqw.dll [2009/07/30 15:45:37 \| 00,470,528 \| ---- \| M] ( ) -- C:\Users\Sanyal\Desktop\RootRepeal.exe [2009/07/29 23:49:08 \| 00,000,066 \| ---- \| M] () -- C:\Windows\BBW_INFO.INI [2009/07/29 23:22:51 \| 00,054,272 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/29 02:17:19 \| 00,027,648 \| ---- \| M] () -- C:\Users\Sanyal\Documents\College Essay Ideas.doc [2009/07/28 23:53:04 \| 05,666,816 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\Erick Sermon Marvin Gaye - Just Like Music.mp3 [2009/07/26 15:45:19 \| 00,040,398 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\10 You Can Make It If You Try (2.1).mp3 [2009/07/18 17:47:20 \| 00,086,016 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\LexingtonFile.dot [2009/07/18 12:06:20 \| 00,827,904 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/07/18 12:06:05 \| 01,166,336 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/07/18 12:04:41 \| 00,146,432 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/07/18 12:03:16 \| 00,671,232 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/07/18 12:02:53 \| 03,583,488 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/07/18 12:02:50 \| 00,458,240 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/07/18 12:02:05 \| 00,028,160 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/07/18 12:01:49 \| 06,069,248 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/07/18 12:01:49 \| 00,270,848 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/07/18 12:01:48 \| 00,389,120 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/07/18 12:01:48 \| 00,230,400 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/07/18 12:01:48 \| 00,078,336 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/07/18 06:16:01 \| 00,389,632 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/07/18 05:46:14 \| 00,026,624 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/07/18 05:45:19 \| 01,383,424 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/07/17 10:35:11 \| 00,071,680 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll ========== LOP Check ========== [2009/08/02 14:32:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming [2009/01/12 19:54:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\acccore [2009/01/25 16:44:54 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Auslogics [2009/04/17 22:16:55 \| 00,000,000 \| R--D \| M] -- C:\Users\Sanyal\AppData\Roaming\Brother [2009/06/20 10:49:18 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\CyberLink [2009/01/18 12:06:01 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\funkitron [2006/11/02 08:37:34 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Media Center Programs [2009/04/08 01:21:18 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Red Kawa [2009/03/11 16:37:58 \| 00,000,000 \| RH-D \| M] -- C:\Users\Sanyal\AppData\Roaming\SecuROM [2009/03/12 16:09:57 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Sibelius Software [2009/01/14 17:23:39 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Spore [2009/01/28 23:08:42 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Thinstall [2009/08/01 15:41:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\uTorrent [2009/01/13 15:55:38 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\wsInspector [2009/08/10 23:10:00 \| 00,000,472 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009/08/10 15:37:02 \| 00,000,860 \| ---- \| M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000Core.job [2009/08/15 01:37:03 \| 00,000,912 \| ---- \| M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000UA.job [2009/08/10 04:11:47 \| 00,000,326 \| ---- \| M] () -- C:\Windows\Tasks\HPCeeScheduleForSanyal.job [2009/08/15 14:07:14 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/08/15 02:00:11 \| 00,032,638 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 8/15/2009 2:30:22 PM - Run 4 OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Sanyal\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.76 Gb Available Physical Memory \| 87.88% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 287.21 Gb Total Space \| 168.20 Gb Free Space \| 58.56% Space Free \| Partition Type: NTFS Drive D: \| 10.88 Gb Total Space \| 1.82 Gb Free Space \| 16.71% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SANYAL-PC Current User Name: Sanyal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B9ACBA-8F3F-487D-B23B-C7F7A6B32BBD}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{07069F98-D4BE-486D-B788-4515E7C8C79B}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{3502A2BF-FBD9-432C-9402-24E6AFA5A407}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{40427F6B-CB3A-41CF-98A3-457C16A1BDFD}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{44CEF0E3-5D13-418C-8065-4F94966847D3}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{4D3A73EB-C18F-44BA-ABE4-627C4843B41B}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{6C400418-BB2A-4305-9B82-34D82122C71C}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{6CBC6707-4E45-4787-8C97-6B7E427996F1}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{6CC2BC9D-4FAE-499F-AFD2-AAB89753D060}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{76011C32-5968-4560-9D68-69BA375EF34F}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{783EF5C0-F628-48E0-8967-26EFDE9BE8C9}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{80C1F322-14DB-45A0-92DF-F8E051E7CAC8}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{97C397DB-5F34-49F1-8CD6-63580DA8B537}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{98D13113-9481-4AE4-A59A-88AD881AA323}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{A23D91D3-6D24-419E-932D-3771E3CB8C30}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{B0C598F0-FA70-43E5-BAC1-8C34E013D6A5}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{D34732C2-28F0-42F7-B031-864F6D03C3A3}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{D4E32749-0956-403B-B97C-E5337AA0E043}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A99DDE7-A16F-4E56-9364-D35DA2A35F66}" = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{0D7B65F9-D886-4ECE-AF0C-EDC8F8DF06CC}" = dir=in \| app=c:\program files\hp\quickplay\qp.exe \| "{0E3994D8-1CC7-49B5-B496-663EDCE1AF97}" = dir=in \| app=c:\program files\hp\quickplay\qpservice.exe \| "{22B6259F-75E8-43A2-9A4A-DEF73FB03A29}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{2F6E7113-D9DB-4D85-8574-8D5F5DDCEBBA}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{356CDF95-8CF1-45E3-8949-0CA37A4BADDA}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{42A68B98-7D7F-4B9A-86DF-77C5CC60EB5A}" = protocol=17 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.dll \| "{4902CBA3-3773-4B14-B6C8-7E215919B83C}" = dir=in \| app=c:\program files\cyberlink\powerdirector\pdr.exe \| "{673D26F9-513D-49AE-B597-ACFAFABCC71D}" = protocol=17 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.exe \| "{6B41B0F7-AB22-428E-8F2E-48A149EB25F3}" = protocol=17 \| dir=in \| app=c:\program files\utorrent\utorrent.exe \| "{6E815EB3-3977-44D8-8C96-180E9940D609}" = protocol=17 \| dir=in \| app=c:\program files\common files\aol\loader\aolload.exe \| "{6F4FCB6B-C97F-47A4-BFD0-3988D1709D22}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{79A1CB3B-8963-4340-96D4-08F0828DE5DA}" = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{7BC6ED4C-360C-42CD-946F-B9D3797CDCE5}" = protocol=17 \| dir=in \| app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe \| "{89379DE9-CB67-4267-A88A-25F76CA7E1C4}" = protocol=6 \| dir=in \| app=c:\program files\common files\aol\loader\aolload.exe \| "{898FC0FF-AC07-49E9-BBE9-371C365463FB}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{A3051711-8C7D-4DCF-A6FF-CA3B7DD4FE45}" = protocol=6 \| dir=in \| app=c:\program files\utorrent\utorrent.exe \| "{ADAB3E6B-7D22-4A80-A907-F40EB3FCF679}" = protocol=17 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "{B406F2D2-C31F-48EB-B203-2CAD6ADC7597}" = protocol=6 \| dir=in \| app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe \| "{B751D9D9-C4EE-4265-8CA3-C0CA12356FFE}" = protocol=6 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.dll \| "{BCAEF5D0-AE20-4EB5-A1D1-035BDD1F4EA6}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{BE8C952A-A7D1-4C61-A2E1-6AD2213520A9}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{C77E9E86-1BCB-4579-B3BF-326B8CD0A4E8}" = protocol=6 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "{F8F34E80-0FBB-4771-9B7C-C80C2C80FB65}" = protocol=6 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.exe \| "TCP Query User{013B4797-ADFD-42D2-B9F9-3E8BDCC6D056}C:\program files\mozilla firefox\firefox.exe" = protocol=6 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "UDP Query User{EC46A427-36E9-4C2D-8803-882BEEE14256}C:\program files\mozilla firefox\firefox.exe" = protocol=17 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15 "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0 "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}" = Google Talk Plugin "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "A0 TapeEcho II" = A0 TapeEcho II "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Audition 3.0" = Adobe Audition 3.0 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM Toolbar" = AIM Toolbar "AIM_6" = AIM 6 "AviSynth" = AviSynth 2.5 "BB_is1" = Band-in-a-Box 2007 "CCleaner" = CCleaner (remove only) "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "HijackThis" = HijackThis 2.0.2 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "iZotope Ozone 3_is1" = iZotope Ozone 3 "Kjaerhus Audio - Golden Audio Channel \| GAC-1_is1" = Kjaerhus Audio - Golden Audio Channel \| GAC-1 v1.01 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13) "Musicnotes Player_is1" = Musicnotes Player V1.23.2 "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3 "NIS" = Norton Internet Security "NVIDIA Drivers" = NVIDIA Drivers "PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1 "PowerISO" = PowerISO "RealPlayer 12.0" = RealPlayer "Rhapsody" = Rhapsody "Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.30 "SoftwareUpdUtility" = Download Updater (AOL LLC) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Veoh Web Player Beta" = Veoh Web Player Beta "Videora iPod Converter" = Videora iPod Converter 4.04 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.8a "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = �Torrent ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

handhfan View Member Profile	Aug 15 2009, 12:49 PM Post #38
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. [2009/08/01 16:14:34 \| 00,000,091 \| ---- \| C] () -- C:\Windows\System32\vsfocexcyiiuio.dat [2009/08/01 15:46:25 \| 00,017,408 \| ---- \| C] () -- C:\Windows\System32\vsfoceeshccvpt.dll [2009/08/01 15:46:24 \| 00,065,534 \| ---- \| C] () -- C:\Windows\System32\vsfocenjlpwqox.dat [2009/08/01 15:46:16 \| 00,064,512 \| ---- \| C] () -- C:\Windows\System32\drivers\vsfoceetepwivf.sys [2009/08/01 15:46:16 \| 00,038,912 \| ---- \| C] () -- C:\Windows\System32\vsfocevvfnwhqw.dll :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Is your computer running better now?

guitarroman1 View Member Profile	Aug 15 2009, 02:38 PM Post #39
Member Posts: 32 OS: Windows Vista	It was, then i did the OTL fixand the next time i rebooted it went to a blue screen. the program that made it a blue screen was called fnrkr.sys I Did a malwarebytes scan and after finding 3 things, the scan froze, this happened multiple times, so I think something is still there. I still dont have a desktop background which is strange, the virus did replace my background before and now its just a strange blue color and i cant change it. OTL logfile created on: 8/15/2009 4:33:28 PM - Run 5 OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Sanyal\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.84 Gb Available Physical Memory \| 92.02% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 287.21 Gb Total Space \| 167.93 Gb Free Space \| 58.47% Space Free \| Partition Type: NTFS Drive D: \| 10.88 Gb Total Space \| 1.82 Gb Free Space \| 16.71% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SANYAL-PC Current User Name: Sanyal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\SMINST\BLService.exe () PRC - C:\Program Files\CyberLink\Shared files\RichVideo.exe () PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC) PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.) PRC - C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Sanyal\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google) PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) PRC - C:\Users\Sanyal\Downloads\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (AppHostSvc [Auto \| Running]) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Basics Service [Auto \| Running]) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [Auto \| Running]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Com4QLBEx [On_Demand \| Running]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) SRV - (ehRecvr [On_Demand \| Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand \| Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto \| Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (Eventlog [Auto \| Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (HP Health Check Service [Auto \| Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) SRV - (hpqwmiex [On_Demand \| Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand \| Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (LightScribeService [Auto \| Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Net Driver HPZ12 [Auto \| Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (Norton Internet Security [Auto \| Running]) -- C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation) SRV - (nvsvc [Auto \| Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (ose [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12 [Auto \| Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard) SRV - (Recovery Service for Windows [Auto \| Running]) -- C:\Program Files\SMINST\BLService.exe () SRV - (RichVideo [Auto \| Running]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe () SRV - (Viewpoint Manager Service [Auto \| Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WAS [On_Demand \| Stopped]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (WinDefend [Auto \| Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (XAudioService [Auto \| Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (adp94xx [Boot \| Running]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Boot \| Running]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Boot \| Running]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Boot \| Running]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (aic78xx [Boot \| Running]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Boot \| Running]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (arc [Boot \| Running]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Boot \| Running]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (athr [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\athr.sys (Atheros Communications, Inc.) DRV - (BHDrvx86 [System \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\BHDrvx86.sys (Symantec Corporation) DRV - (BrFiltLo [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (ccHP [System \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\ccHPx86.sys (Symantec Corporation) DRV - (cmdide [Boot \| Running]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (CnxtHdAudService [On_Demand \| Running]) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (dlqbuqri [Unknown \| Stopped]) -- Service key not found. File not found DRV - (E1G60 [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (eeCtrl [System \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (elxstor [Boot \| Running]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (EraserUtilRebootDrv [On_Demand \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (HpCISSs [Boot \| Running]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (HpqKbFiltr [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HSF_DPV [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (iaStorV [Boot \| Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (IDSVix86 [System \| Running]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSvix86.sys (Symantec Corporation) DRV - (iirsp [Boot \| Running]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (iteatapi [Boot \| Running]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Boot \| Running]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (LSI_FC [Boot \| Running]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Boot \| Running]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Boot \| Running]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (MBAMSwissArmy [On_Demand \| Stopped]) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (mdmxsdk [Auto \| Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (megasas [Boot \| Running]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR [Boot \| Running]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (Mraid35x [Boot \| Running]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (NAVENG [On_Demand \| Stopped]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090319.017\NAVENG.SYS (Symantec Corporation) DRV - (NAVEX15 [On_Demand \| Stopped]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090319.017\NAVEX15.SYS (Symantec Corporation) DRV - (NETw3v32 [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel Corporation) DRV - (nfrd960 [Boot \| Running]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (ntrigdigi [On_Demand \| Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NVENETFD [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation) DRV - (NVHDA [On_Demand \| Running]) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvlddmkm [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvraid [Boot \| Running]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvsmu [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\nvsmu.sys (NVIDIA Corporation) DRV - (nvstor [Boot \| Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (pfc [On_Demand \| Running]) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.) DRV - (ql2300 [Boot \| Running]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Boot \| Running]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (RTSTOR [On_Demand \| Running]) -- C:\Windows\System32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.) DRV - (SCDEmu [System \| Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (secdrv [Auto \| Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid4 [Boot \| Running]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (SRTSP [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX [System \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SRTSPX.SYS (Symantec Corporation) DRV - (Symc8xx [Boot \| Running]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (SYMDNS [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS (Symantec Corporation) DRV - (SymEFA [Boot \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMEFA.SYS (Symantec Corporation) DRV - (SymEvent [On_Demand \| Running]) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMFW [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMFW.SYS (Symantec Corporation) DRV - (SymIM [System \| Running]) -- C:\Windows\System32\DRIVERS\SymIMv.sys (Symantec Corporation) DRV - (SYMNDISV [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMNDISV.SYS (Symantec Corporation) DRV - (SYMREDRV [On_Demand \| Stopped]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMTDI [System \| Running]) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMTDI.SYS (Symantec Corporation) DRV - (Sym_hi [Boot \| Running]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Boot \| Running]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (uliahci [Boot \| Running]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Boot \| Running]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Boot \| Running]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (viaide [Boot \| Running]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsmraid [Boot \| Running]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (winachsf [On_Demand \| Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio [Auto \| Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.) DRV - (yukonwlh [On_Demand \| Stopped]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AIM Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=" FF - prefs.js..browser.search.selectedEngine: "AIM Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1 FF - prefs.js..extensions.enabledItems: debatecopy@randomrandomemail.com:0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 FF - prefs.js..keyword.URL: "" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/17 23:29:49 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/14 21:41:37 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/08 18:20:38 \| 00,000,000 \| ---D \| M] [2009/01/12 18:42:19 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Extensions [2009/01/12 18:42:19 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/08/14 23:31:58 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions [2009/01/25 19:45:35 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/01/13 15:50:37 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/08/06 00:05:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\mozilla\Firefox\Profiles\0y4obc9q.default\extensions\debatecopy@randomrandomemail.com [2009/08/15 16:30:26 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2009/08/04 23:05:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/08 18:20:46 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/08/04 23:05:19 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/08/04 23:05:19 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/08/08 18:19:35 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/11/06 12:33:48 \| 01,332,224 \| ---- \| M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2008/12/10 20:33:34 \| 00,098,304 \| ---- \| M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2008/09/26 12:40:34 \| 00,053,248 \| ---- \| M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll [2009/01/16 18:40:44 \| 00,279,888 \| ---- \| M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll [2009/08/04 23:05:22 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2003/07/14 23:56:52 \| 00,013,888 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2009/07/08 00:49:16 \| 00,136,768 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/01/12 19:43:42 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009/07/08 00:49:23 \| 00,008,192 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009/07/08 00:49:12 \| 00,094,208 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008/09/10 13:49:12 \| 06,583,016 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2007/04/16 13:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2009/03/07 01:03:44 \| 00,001,394 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/03/07 01:03:44 \| 00,002,193 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/03/07 01:03:44 \| 00,001,534 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/03/07 01:03:44 \| 00,002,343 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/03/07 01:03:44 \| 00,001,706 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/03/07 01:03:44 \| 00,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/03/07 01:03:45 \| 00,000,792 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (1454 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC) O4 - HKCU..\Run: [Google Update] C:\Users\Sanyal\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites) O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (Symantec Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0d102417-26bf-11de-b58c-001f165cff39}\Shell - "" = AutoRun O33 - MountPoints2\{0d102417-26bf-11de-b58c-001f165cff39}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{a2a93011-e3ea-11dd-86bd-001f165cff39}\Shell - "" = AutoRun O33 - MountPoints2\{a2a93011-e3ea-11dd-86bd-001f165cff39}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found ========== Files/Folders - Created Within 14 Days ========== [2009/08/15 16:12:28 \| 22,646,1768 \| ---- \| C] () -- C:\Windows\MEMORY.DMP [2009/08/14 22:06:45 \| 01,672,656 \| -H-- \| C] () -- C:\Users\Sanyal\AppData\Local\IconCache.db [2009/08/14 21:30:07 \| 29,510,32832 \| -HS- \| C] () -- C:\hiberfil.sys [2009/08/14 20:38:54 \| 00,133,632 \| ---- \| C] (Systemintegrasjon AS) -- C:\MbrFix64.exe [2009/08/14 20:38:54 \| 00,123,904 \| ---- \| C] (Systemintegrasjon AS) -- C:\MbrFix.exe [2009/08/11 23:44:21 \| 00,000,000 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\settings.dat [2009/08/11 23:30:26 \| 00,470,528 \| ---- \| C] ( ) -- C:\Users\Sanyal\Desktop\RootRepeal.exe [2009/08/11 23:30:01 \| 00,463,768 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\RootRepeal.rar [2009/08/09 22:20:39 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\is-S8GBO [2009/08/09 21:04:32 \| 53,937,371 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\Brian Blade Live at Newport August 2009.mp3 [2009/08/09 20:49:12 \| 00,000,000 \| ---D \| C] -- C:\Users\Sanyal\Documents\Ask and Record Toolbar [2009/08/09 20:49:11 \| 00,000,000 \| ---D \| C] -- C:\Users\Sanyal\AppData\Local\FLVService [2009/08/09 20:48:55 \| 00,000,000 \| ---D \| C] -- C:\Windows\Ask & Record Toolbar [2009/08/09 20:48:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Ask & Record Toolbar [2009/08/09 20:45:39 \| 00,000,067 \| ---- \| C] () -- C:\Windows\AudioMidRecorder.INI [2009/08/08 17:52:23 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/08/08 15:27:07 \| 00,000,000 \| ---D \| C] -- C:\32788R22FWJFW [2009/08/07 17:01:42 \| 03,122,735 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\Combo-Fix.exe [2009/08/04 23:24:55 \| 00,001,834 \| ---- \| C] () -- C:\Users\Sanyal\Desktop\HijackThis.lnk [2009/08/04 23:24:55 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/08/02 14:32:47 \| 00,000,000 \| ---D \| C] -- C:\Users\Sanyal\AppData\Roaming\Malwarebytes [2009/08/02 14:32:39 \| 00,000,778 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/02 14:32:35 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/08/02 14:32:32 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/08/02 14:32:32 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/08/02 14:32:32 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/08/02 14:08:20 \| 00,002,734 \| ---- \| C] () -- C:\Users\Sanyal\Documents\cc_20090802_140812.reg ========== Files - Modified Within 14 Days ========== [4 C:\Users\Sanyal\Desktop\*.tmp files] [2009/08/15 16:37:03 \| 00,000,912 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000UA.job [2009/08/15 16:31:03 \| 00,000,246 \| ---- \| M] () -- C:\ProgramData\hpqp.ini [2009/08/15 16:29:55 \| 00,027,934 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2009/08/15 16:29:55 \| 00,027,934 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2009/08/15 16:29:46 \| 00,000,223 \| ---- \| M] () -- C:\Windows\Brownie.ini [2009/08/15 16:29:45 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/08/15 16:29:44 \| 00,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/08/15 16:29:20 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/08/15 16:29:03 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/08/15 16:28:57 \| 29,510,32832 \| -HS- \| M] () -- C:\hiberfil.sys [2009/08/15 16:28:55 \| 22,646,1768 \| ---- \| M] () -- C:\Windows\MEMORY.DMP [2009/08/15 15:37:05 \| 00,000,860 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000Core.job [2009/08/15 01:55:42 \| 01,672,656 \| -H-- \| M] () -- C:\Users\Sanyal\AppData\Local\IconCache.db [2009/08/14 23:35:41 \| 00,002,191 \| ---- \| M] () -- C:\Users\Public\Desktop\iTunes.lnk [2009/08/11 23:44:21 \| 00,000,000 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\settings.dat [2009/08/11 23:30:03 \| 00,463,768 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\RootRepeal.rar [2009/08/10 23:10:00 \| 00,000,472 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/08/10 04:11:47 \| 00,000,326 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForSanyal.job [2009/08/09 22:13:07 \| 53,937,371 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\Brian Blade Live at Newport August 2009.mp3 [2009/08/09 20:45:41 \| 00,000,067 \| ---- \| M] () -- C:\Windows\AudioMidRecorder.INI [2009/08/07 17:01:44 \| 03,122,735 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\Combo-Fix.exe [2009/08/07 01:19:48 \| 00,008,268 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Local\d3d9caps.dat [2009/08/05 21:55:54 \| 00,123,904 \| ---- \| M] (Systemintegrasjon AS) -- C:\MbrFix.exe [2009/08/05 21:55:44 \| 00,133,632 \| ---- \| M] (Systemintegrasjon AS) -- C:\MbrFix64.exe [2009/08/05 16:37:02 \| 00,870,128 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Roaming\mcs.rma [2009/08/05 16:37:02 \| 00,000,004 \| ---- \| M] () -- C:\Users\Sanyal\AppData\Roaming\1C8A3E [2009/08/05 00:36:27 \| 00,694,964 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/08/05 00:36:27 \| 00,598,588 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009/08/05 00:36:27 \| 00,102,194 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009/08/04 23:24:55 \| 00,001,834 \| ---- \| M] () -- C:\Users\Sanyal\Desktop\HijackThis.lnk [2009/08/04 18:58:16 \| 00,000,376 \| ---- \| M] () -- C:\Windows\ODBC.INI [2009/08/03 13:36:28 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/08/03 13:36:06 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/08/02 14:32:39 \| 00,000,778 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/02 14:08:25 \| 00,002,734 \| ---- \| M] () -- C:\Users\Sanyal\Documents\cc_20090802_140812.reg ========== LOP Check ========== [2009/08/02 14:32:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming [2009/01/12 19:54:56 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\acccore [2009/01/25 16:44:54 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Auslogics [2009/04/17 22:16:55 \| 00,000,000 \| R--D \| M] -- C:\Users\Sanyal\AppData\Roaming\Brother [2009/06/20 10:49:18 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\CyberLink [2009/01/18 12:06:01 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\funkitron [2006/11/02 08:37:34 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Media Center Programs [2009/04/08 01:21:18 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Red Kawa [2009/03/11 16:37:58 \| 00,000,000 \| RH-D \| M] -- C:\Users\Sanyal\AppData\Roaming\SecuROM [2009/03/12 16:09:57 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Sibelius Software [2009/01/14 17:23:39 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Spore [2009/01/28 23:08:42 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\Thinstall [2009/08/01 15:41:14 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\uTorrent [2009/01/13 15:55:38 \| 00,000,000 \| ---D \| M] -- C:\Users\Sanyal\AppData\Roaming\wsInspector [2009/08/10 23:10:00 \| 00,000,472 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009/08/15 15:37:05 \| 00,000,860 \| ---- \| M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000Core.job [2009/08/15 16:37:03 \| 00,000,912 \| ---- \| M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135529040-3170769566-524876570-1000UA.job [2009/08/10 04:11:47 \| 00,000,326 \| ---- \| M] () -- C:\Windows\Tasks\HPCeeScheduleForSanyal.job [2009/08/15 16:29:20 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\Tasks\SA.DAT [2009/08/15 16:02:41 \| 00,032,638 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 8/15/2009 4:33:28 PM - Run 5 OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Sanyal\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.84 Gb Available Physical Memory \| 92.02% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 287.21 Gb Total Space \| 167.93 Gb Free Space \| 58.47% Space Free \| Partition Type: NTFS Drive D: \| 10.88 Gb Total Space \| 1.82 Gb Free Space \| 16.71% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SANYAL-PC Current User Name: Sanyal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B9ACBA-8F3F-487D-B23B-C7F7A6B32BBD}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{07069F98-D4BE-486D-B788-4515E7C8C79B}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{3502A2BF-FBD9-432C-9402-24E6AFA5A407}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{40427F6B-CB3A-41CF-98A3-457C16A1BDFD}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{44CEF0E3-5D13-418C-8065-4F94966847D3}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{4D3A73EB-C18F-44BA-ABE4-627C4843B41B}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{6C400418-BB2A-4305-9B82-34D82122C71C}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{6CBC6707-4E45-4787-8C97-6B7E427996F1}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{6CC2BC9D-4FAE-499F-AFD2-AAB89753D060}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{76011C32-5968-4560-9D68-69BA375EF34F}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{783EF5C0-F628-48E0-8967-26EFDE9BE8C9}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{80C1F322-14DB-45A0-92DF-F8E051E7CAC8}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{97C397DB-5F34-49F1-8CD6-63580DA8B537}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{98D13113-9481-4AE4-A59A-88AD881AA323}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{A23D91D3-6D24-419E-932D-3771E3CB8C30}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{B0C598F0-FA70-43E5-BAC1-8C34E013D6A5}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{D34732C2-28F0-42F7-B031-864F6D03C3A3}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{D4E32749-0956-403B-B97C-E5337AA0E043}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A99DDE7-A16F-4E56-9364-D35DA2A35F66}" = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{0D7B65F9-D886-4ECE-AF0C-EDC8F8DF06CC}" = dir=in \| app=c:\program files\hp\quickplay\qp.exe \| "{0E3994D8-1CC7-49B5-B496-663EDCE1AF97}" = dir=in \| app=c:\program files\hp\quickplay\qpservice.exe \| "{22B6259F-75E8-43A2-9A4A-DEF73FB03A29}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{2F6E7113-D9DB-4D85-8574-8D5F5DDCEBBA}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{356CDF95-8CF1-45E3-8949-0CA37A4BADDA}" = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{42A68B98-7D7F-4B9A-86DF-77C5CC60EB5A}" = protocol=17 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.dll \| "{4902CBA3-3773-4B14-B6C8-7E215919B83C}" = dir=in \| app=c:\program files\cyberlink\powerdirector\pdr.exe \| "{673D26F9-513D-49AE-B597-ACFAFABCC71D}" = protocol=17 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.exe \| "{6B41B0F7-AB22-428E-8F2E-48A149EB25F3}" = protocol=17 \| dir=in \| app=c:\program files\utorrent\utorrent.exe \| "{6E815EB3-3977-44D8-8C96-180E9940D609}" = protocol=17 \| dir=in \| app=c:\program files\common files\aol\loader\aolload.exe \| "{6F4FCB6B-C97F-47A4-BFD0-3988D1709D22}" = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| "{79A1CB3B-8963-4340-96D4-08F0828DE5DA}" = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{7BC6ED4C-360C-42CD-946F-B9D3797CDCE5}" = protocol=17 \| dir=in \| app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe \| "{89379DE9-CB67-4267-A88A-25F76CA7E1C4}" = protocol=6 \| dir=in \| app=c:\program files\common files\aol\loader\aolload.exe \| "{898FC0FF-AC07-49E9-BBE9-371C365463FB}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{A3051711-8C7D-4DCF-A6FF-CA3B7DD4FE45}" = protocol=6 \| dir=in \| app=c:\program files\utorrent\utorrent.exe \| "{ADAB3E6B-7D22-4A80-A907-F40EB3FCF679}" = protocol=17 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "{B406F2D2-C31F-48EB-B203-2CAD6ADC7597}" = protocol=6 \| dir=in \| app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe \| "{B751D9D9-C4EE-4265-8CA3-C0CA12356FFE}" = protocol=6 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.dll \| "{BCAEF5D0-AE20-4EB5-A1D1-035BDD1F4EA6}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{BE8C952A-A7D1-4C61-A2E1-6AD2213520A9}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{C77E9E86-1BCB-4579-B3BF-326B8CD0A4E8}" = protocol=6 \| dir=in \| app=c:\program files\aim6\aim6.exe \| "{F8F34E80-0FBB-4771-9B7C-C80C2C80FB65}" = protocol=6 \| dir=in \| app=c:\users\sanyal\appdata\local\google\google talk plugin\googletalkplugin.exe \| "TCP Query User{013B4797-ADFD-42D2-B9F9-3E8BDCC6D056}C:\program files\mozilla firefox\firefox.exe" = protocol=6 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "UDP Query User{EC46A427-36E9-4C2D-8803-882BEEE14256}C:\program files\mozilla firefox\firefox.exe" = protocol=17 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15 "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2 "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0 "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}" = Google Talk Plugin "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "A0 TapeEcho II" = A0 TapeEcho II "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Audition 3.0" = Adobe Audition 3.0 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM Toolbar" = AIM Toolbar "AIM_6" = AIM 6 "AviSynth" = AviSynth 2.5 "BB_is1" = Band-in-a-Box 2007 "CCleaner" = CCleaner (remove only) "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "HijackThis" = HijackThis 2.0.2 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "iZotope Ozone 3_is1" = iZotope Ozone 3 "Kjaerhus Audio - Golden Audio Channel \| GAC-1_is1" = Kjaerhus Audio - Golden Audio Channel \| GAC-1 v1.01 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13) "Musicnotes Player_is1" = Musicnotes Player V1.23.2 "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3 "NIS" = Norton Internet Security "NVIDIA Drivers" = NVIDIA Drivers "PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1 "PowerISO" = PowerISO "RealPlayer 12.0" = RealPlayer "Rhapsody" = Rhapsody "Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.30 "SoftwareUpdUtility" = Download Updater (AOL LLC) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Veoh Web Player Beta" = Veoh Web Player Beta "Videora iPod Converter" = Videora iPod Converter 4.04 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 0.9.8a "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = �Torrent ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

handhfan View Member Profile	Aug 15 2009, 07:50 PM Post #40
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

guitarroman1 View Member Profile	Aug 16 2009, 10:24 AM Post #41
Member Posts: 32 OS: Windows Vista	;********************************************************************************************************************* ******************************************************** ANALYSIS: 2009-08-16 12:22:59 PROTECTIONS: 1 MALWARE: 7 SUSPECTS: 0 ;******************************************************************************************************************* ********************************************************** PROTECTIONS Description Version Active Updated ;======================================================================================================================= ============================================================ Windows Defender 1.1.1505.0 No Yes ;======================================================================================================================= ============================================================ MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;======================================================================================================================= ============================================================ 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Sanyal\AppData\Roaming\Microsoft\Windows\Cookies\sanyal@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Sanyal\AppData\Roaming\Microsoft\Windows\Cookies\sanyal@atdmt[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Sanyal\AppData\Roaming\Microsoft\Windows\Cookies\sanyal@advertising[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Sanyal\AppData\Roaming\Microsoft\Windows\Cookies\sanyal@atwola[2].txt 00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\_OTL\MovedFiles\08082009_175223\Windows\System32\drivers\jzkxjdwj.sys 01650472 Trj/Rebooter.J Virus/Trojan No 0 Yes No C:\Users\Sanyal\Desktop\Unused Desktop Shortcuts\SmitfraudFix.exe 02493231 Generic Trojan Virus/Trojan No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CGSC213V\SetupAdvancedVirusRemover[1].exe ;======================================================================================================================= ============================================================ SUSPECTS Sent Location 󝛇��9 ;======================================================================================================================= ============================================================ ;======================================================================================================================= ============================================================ VULNERABILITIES Id Severity Description 󝛇��9 ;======================================================================================================================= ============================================================ ;======================================================================================================================= ============================================================ My desktop background is still messed up and video programs like youtube and audio programs like adobe audition, my computer is too slow to work them.

handhfan View Member Profile	Aug 16 2009, 05:56 PM Post #42
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	The malware may have messed with a bunch of preferences and other system settings, but all the malware is gone now. If you are still having trouble with applications and video, I would ask it in the Windows forum, as they can help you with any of those technical issues that are left over. My tech skills are lacking, but they have some awesome techs over there that should get you sorted out. Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set. Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Make sure you have an Internet Connection. Download OTC to your desktop and run it A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so. Click Yes to beging the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. Please update Adobe Reader, by downloading and installing Adobe Reader 9.1. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard gives you realtime protection from spyware. Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask. To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit. Have a safe and happy computing day! This post has been edited by handhfan: Aug 16 2009, 05:56 PM

guitarroman1 View Member Profile	Aug 16 2009, 07:12 PM Post #43
Member Posts: 32 OS: Windows Vista	Thank you so much for your time, I really appreciate it!!!

handhfan View Member Profile	Aug 16 2009, 08:11 PM Post #44
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

< 1 2 3

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Windows XP�, 2000, 2003, NT Can't Open Windows Security Center	8 / 5,557	15th June 2007 - 02:40 PM jman4878 started - last by krmooo
Virus, Spyware and Trojan Removal 1st Fakealert.d!gen 2nd Windows Antivirus pro 2009 Can't run M 12	27 / 993	19th August 2009 - 10:51 AM DLoc0420 started - last by fenzodahl512
Virus, Spyware and Trojan Removal Unknown Virus or Malware (Windows Antivirus Pro?) [Solved]	7 / 229	23rd August 2009 - 07:11 AM Will H started - last by Essexboy
Virus, Spyware and Trojan Removal Windows Antivirus PRO I Can`t open any exe files, system restore, cmd 123	37 / 681	14th October 2009 - 12:31 AM indyboi2 started - last by indyboi2