Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

BSOD, Virus or computer based? HELP!

Started by nelly4u2NV , Aug 23 2010 05:36 AM

This topic is locked

#1
nelly4u2NV

Posted 23 August 2010 - 05:36 AM

New Member

Member
3 posts

The first unexpected error to occur was that a RunDLL message which came up every time I logged on showing 'Error loading C:\Users\(username)\AppData\Roaming\uivethmx.dll' Been happening for about a month now. Whether this regards the BSOD I am unsure.

About two weeks ago, the mouse was pulled out of the computer (with a bit of force unfortunately) and when I put it back in and started the computer it would freeze as soon as the acer screen (first screen to show) appeared. So, one by one I took all the plugs (i.e keyboard, speakers, etc) out the back of the computer and found that without the mouse, my computer carried on working like normal, and also (using the keyboard) I checked the mouse via control panel and there was no hardware installed for it, (so it said) but I went and bought a mouse worked. Whether this has anything to do with the BSOD, again i am not sure, however i have read the the BSOD can be caused with issues regarding the drivers/hardware.

I still kept getting the RunDll messages. But I simply used msconfig in run and unchecked it, but should there be a box for such a message in the first place?

Then about 3 days after that was the first time I saw the BSOD and after restarting it never came again until a week ago when then it became frequent; every time I logged on after about 5-10 minutes or so. I found out how to stop the computer from automatically starting so I could read what was written in BSOD. Then I realised that stop messages keep changing and from what i read about the net, it is not the norm, however once i got to stop the auto restart this is what the code was at that time:

0x0000008E (0xC0000005,0x81EC5053, 0x813FF9CC 0x00000000)

Today it is the first time the BSOD occurred before i could even log in and the code is now at:

0x0000000A (0x00000001, 0x00000002, 0x00000001, 0x81E92919)

... however i tried to log in again, and the BSOD went back to its previous timing of about 5-10 minutes after log on

The fact that it continuously changes each time, gives the feel of a virus, as if it is slowly 'eating away' at my computer. Any haste in help would be greatly be appreciated, as I hope this problem doest go to far as to damage the computer to such an extent it becomes irreversible. I have now resolved to using a laptop stationed near my computer to take action.

Computer Information:
Acer Aspire T671
MS Windows Vista
Home Premium
Service Pack 2

Rating: 3.8
Processor: Intel® Pentium® D
CPU 2.80 GHz
Total Disk Capacity: 142.1 GB
Memory (Ram): 1 GB
System Type: 32-bit

Google Chrome
Avast Free antivirus

Thank you beforehand

_______________________________________________________________________

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4465

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

23/08/2010 14:30:37
mbam-log-2010-08-23 (14-30-37).txt

Scan type: Quick scan
Objects scanned: 143129
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by nelly4u2NV, 23 August 2010 - 08:13 AM.

#2
BlackOxide

Posted 23 August 2010 - 01:07 PM

Trusted Helper

Malware Removal
1,976 posts

Hi, nelly4u2NV! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note:

I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

OK, lets start

First of all lets try and get some logs created and we'll go forward from there

As you are having trouble in Normal Mode with the PC restarting, try running both of the programs shown below, in Safe Mode.

Please follow the steps below....

To boot your PC into Safe Mode...

Switch on your PC and immediately start tapping the F8 key on the keyboard
Keep tapping it until a menu comes on the screen whereby you have several options to choose from, one of which is Safe Mode with Networking
Make sure Safe Mode with Networking is highlighted and then press Enter
Your PC will now boot into Safe Mode

Once in Safe Mode...

1)
OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Standard Output is selected.
Tick the Lop Check and Purity Check boxes.
Copy and Paste the following into the Custom Scans/Fixes box at the bottom.

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%|bak;true;false;false /fp
%systemroot%\system32|bak;true;false;false /fp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

2)
GMER Rootkit Scanner

GMER Rootkit Scanner - Download - Homepage
Download GMER
Extract the contents of the zipped file to desktop.
Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

In your next reply
Please post the contents of...
OTL log
GMER log

#3
nelly4u2NV

Posted 26 August 2010 - 12:39 PM

New Member

Topic Starter
Member
3 posts

OTL logfile created on: 26/08/2010 18:34:58 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Neelam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 557.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71.28 Gb Total Space | 41.96 Gb Free Space | 58.86% Space Free | Partition Type: NTFS
Drive D: | 70.94 Gb Total Space | 68.30 Gb Free Space | 96.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEELAM-PC
Current User Name: Neelam
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/26 18:25:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Neelam\Desktop\OTL.exe
PRC - [2009/08/26 19:36:34 | 000,277,504 | ---- | M] (SearchHelp, Inc.) -- C:\Windows\System32\atibrtmonc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/08/26 18:25:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Neelam\Desktop\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/26 19:36:34 | 000,277,504 | ---- | M] (SearchHelp, Inc.) [Auto | Running] -- C:\Windows\System32\atibrtmonc.exe -- (Brseridk) System kernel integrity service (adsiC)
SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Neelam\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/26 19:37:26 | 000,038,784 | ---- | M] (SearchHelp, Inc.) [Kernel | System | Running] -- C:\Windows\System32\KEYBOARDQ.SYS -- (drmkaudm) System kernel configuration (IPBusEnumL)
DRV - [2009/08/26 19:36:58 | 000,024,704 | ---- | M] (SearchHelp, Inc.) [Kernel | System | Running] -- C:\Windows\System32\NTIOJ804.SYS -- (dot3svcK) Remote Procedure Call RT4s (ulsata2d)
DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/30 06:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/08/30 06:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/03/16 09:01:07 | 000,000,000 | ---D | M]

[2010/07/23 18:46:25 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\Mozilla\Extensions
[2010/03/31 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/07/23 22:48:14 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\Mozilla\Firefox\Profiles\crdh8u4z.default\extensions
[2010/07/23 22:48:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Neelam\AppData\Roaming\Mozilla\Firefox\Profiles\crdh8u4z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/23 18:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 22:44:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/13 22:44:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/13 22:44:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/13 22:44:53 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/22 19:40:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BrowserConnector Object) - {B24A5F3C-E1D2-4ee6-8A3F-4B19D0DAF1A2} - C:\Windows\System32\NlsLexiconsm0026.dll (SearchHelp, Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: youtube.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\Windows\System32\wevtapiq.dll) - C:\Windows\System32\wevtapiq.dll (SearchHelp, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/26 18:25:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Neelam\Desktop\OTL.exe
[2010/08/23 13:20:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/23 13:12:32 | 000,000,000 | ---D | C] -- C:\Users\Neelam\AppData\Roaming\Malwarebytes
[2010/08/23 13:12:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/23 13:12:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/23 13:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/23 13:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/23 13:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/23 12:58:56 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Neelam\Desktop\erunt-setup.exe
[2010/08/23 12:46:16 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Neelam\Desktop\TFC.exe
[2010/08/22 23:02:16 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Neelam\Desktop\HijackThis (1).exe
[2010/08/22 22:49:38 | 000,000,000 | ---D | C] -- C:\Users\Neelam\AppData\Local\temp
[2010/08/22 22:49:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/22 22:35:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/22 20:03:48 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/22 20:03:48 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/22 20:03:46 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/22 20:03:45 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/22 20:03:43 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/22 20:02:42 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/22 20:02:41 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/22 20:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/22 20:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/22 19:39:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/22 19:32:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/22 19:32:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/22 19:32:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/22 19:24:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/21 14:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/08/19 14:43:40 | 000,000,000 | ---D | C] -- C:\Users\Neelam\AppData\Roaming\AVG9
[2010/08/16 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2010/08/16 17:30:41 | 000,000,000 | ---D | C] -- C:\Users\Neelam\AppData\Roaming\Uniblue
[2010/08/13 13:07:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/13 13:07:25 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/13 13:07:25 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/13 13:07:25 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/13 13:07:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/13 13:07:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/13 13:07:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/13 13:07:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/13 13:07:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/13 13:07:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/13 13:07:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/13 13:07:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/13 13:07:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/13 13:07:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/13 13:07:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/13 13:07:20 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/13 13:07:10 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/13 13:07:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/13 13:06:45 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/13 13:06:45 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/11 15:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LEADTools
[2010/08/11 15:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Pearson VUE
[2010/08/09 13:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2010/08/09 13:29:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/07 11:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/07 11:52:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/07 11:52:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/07 11:52:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/06 18:11:17 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

========== Files - Modified Within 30 Days ==========

[2010/08/26 18:31:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/26 18:30:21 | 001,835,008 | -HS- | M] () -- C:\Users\Neelam\ntuser.dat
[2010/08/26 18:29:09 | 000,020,338 | ---- | M] () -- C:\Users\Neelam\Desktop\Untitled 1.odt54.odt
[2010/08/26 18:25:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Neelam\Desktop\OTL.exe
[2010/08/26 18:25:01 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{03189014-115F-4140-98C8-37F13AD383F6}.job
[2010/08/26 18:22:33 | 000,005,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 18:22:33 | 000,005,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 18:22:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/26 18:22:14 | 146,925,753 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/24 21:56:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2941390614-601168641-1490812442-1000UA.job
[2010/08/24 20:58:05 | 000,002,013 | ---- | M] () -- C:\Users\Neelam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/24 20:58:04 | 000,002,051 | ---- | M] () -- C:\Users\Neelam\Desktop\Google Chrome.lnk
[2010/08/23 13:48:17 | 000,524,288 | -HS- | M] () -- C:\Users\Neelam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 13:48:17 | 000,065,536 | -HS- | M] () -- C:\Users\Neelam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/23 13:20:05 | 000,000,737 | ---- | M] () -- C:\Users\Neelam\Desktop\NTREGOPT.lnk
[2010/08/23 13:20:05 | 000,000,718 | ---- | M] () -- C:\Users\Neelam\Desktop\ERUNT.lnk
[2010/08/23 13:12:21 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 12:58:59 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Neelam\Desktop\erunt-setup.exe
[2010/08/23 12:46:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Neelam\Desktop\TFC.exe
[2010/08/22 23:02:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Neelam\Desktop\HijackThis (1).exe
[2010/08/22 22:50:07 | 000,011,234 | ---- | M] () -- C:\Users\Neelam\Desktop\puppy.exe
[2010/08/22 22:46:23 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/22 22:35:11 | 003,821,152 | R--- | M] () -- C:\Users\Neelam\Desktop\ComboFix.exe
[2010/08/22 20:03:49 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/22 20:03:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/22 20:01:09 | 054,835,272 | ---- | M] () -- C:\Users\Neelam\Desktop\setup_av_free.exe
[2010/08/22 19:56:16 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2941390614-601168641-1490812442-1000Core.job
[2010/08/22 19:40:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/21 14:09:18 | 000,001,051 | ---- | M] () -- C:\Users\Neelam\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/08/21 14:09:18 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/08/21 13:36:28 | 000,080,384 | ---- | M] () -- C:\Users\Neelam\Desktop\MBRCheck.exe
[2010/08/21 13:22:54 | 000,000,251 | ---- | M] () -- C:\Users\Neelam\Desktop\Security Center.lnk
[2010/08/19 19:51:52 | 000,712,556 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/19 19:51:52 | 000,613,256 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/19 19:51:52 | 000,112,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/19 18:42:54 | 000,004,216 | ---- | M] () -- C:\Users\Neelam\Desktop\Attach.zip
[2010/08/19 17:18:13 | 000,024,500 | ---- | M] () -- C:\Users\Neelam\Documents\2.odt
[2010/08/19 16:44:12 | 000,293,376 | ---- | M] () -- C:\Users\Neelam\Desktop\gmer.exe
[2010/08/19 15:36:54 | 000,525,824 | ---- | M] () -- C:\Users\Neelam\Desktop\dds.scr
[2010/08/17 18:24:57 | 000,022,812 | ---- | M] () -- C:\Users\Neelam\Documents\Untitled 123.odt
[2010/08/17 18:17:21 | 000,021,041 | ---- | M] () -- C:\Users\Neelam\Documents\Untitled 12.odt
[2010/08/17 18:17:21 | 000,000,116 | -H-- | M] () -- C:\Users\Neelam\Documents\.~lock.Untitled 12.odt#
[2010/08/17 17:53:50 | 000,012,955 | ---- | M] () -- C:\Users\Neelam\Documents\Untitled 1.odt
[2010/08/17 17:53:50 | 000,000,116 | -H-- | M] () -- C:\Users\Neelam\Documents\.~lock.Untitled 1.odt#
[2010/08/16 20:26:45 | 000,001,356 | ---- | M] () -- C:\Users\Neelam\AppData\Local\d3d9caps.dat
[2010/08/14 19:38:02 | 000,391,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/11 15:10:55 | 000,002,507 | ---- | M] () -- C:\Users\Neelam\Desktop\PearsonVUE Tutorial and Practice Exam.lnk

========== Files Created - No Company Name ==========

[2010/08/26 18:29:06 | 000,020,338 | ---- | C] () -- C:\Users\Neelam\Desktop\Untitled 1.odt54.odt
[2010/08/23 13:12:21 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/23 13:10:01 | 000,000,737 | ---- | C] () -- C:\Users\Neelam\Desktop\NTREGOPT.lnk
[2010/08/23 13:10:01 | 000,000,718 | ---- | C] () -- C:\Users\Neelam\Desktop\ERUNT.lnk
[2010/08/22 22:50:07 | 000,011,234 | ---- | C] () -- C:\Users\Neelam\Desktop\puppy.exe
[2010/08/22 21:51:10 | 003,821,152 | R--- | C] () -- C:\Users\Neelam\Desktop\ComboFix.exe
[2010/08/22 20:03:49 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/22 19:59:10 | 054,835,272 | ---- | C] () -- C:\Users\Neelam\Desktop\setup_av_free.exe
[2010/08/22 19:32:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/22 19:32:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/22 19:32:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/22 19:32:32 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/22 19:32:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/21 14:09:18 | 000,001,051 | ---- | C] () -- C:\Users\Neelam\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/08/21 14:09:17 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/08/21 13:36:26 | 000,080,384 | ---- | C] () -- C:\Users\Neelam\Desktop\MBRCheck.exe
[2010/08/21 13:22:54 | 000,000,251 | ---- | C] () -- C:\Users\Neelam\Desktop\Security Center.lnk
[2010/08/19 18:42:54 | 000,004,216 | ---- | C] () -- C:\Users\Neelam\Desktop\Attach.zip
[2010/08/19 17:16:11 | 000,024,500 | ---- | C] () -- C:\Users\Neelam\Documents\2.odt
[2010/08/19 15:36:54 | 000,525,824 | ---- | C] () -- C:\Users\Neelam\Desktop\dds.scr
[2010/08/17 18:24:55 | 000,022,812 | ---- | C] () -- C:\Users\Neelam\Documents\Untitled 123.odt
[2010/08/17 17:59:37 | 000,000,116 | -H-- | C] () -- C:\Users\Neelam\Documents\.~lock.Untitled 12.odt#
[2010/08/17 17:59:36 | 000,021,041 | ---- | C] () -- C:\Users\Neelam\Documents\Untitled 12.odt
[2010/08/17 17:40:42 | 000,000,116 | -H-- | C] () -- C:\Users\Neelam\Documents\.~lock.Untitled 1.odt#
[2010/08/17 17:40:40 | 000,012,955 | ---- | C] () -- C:\Users\Neelam\Documents\Untitled 1.odt
[2010/08/16 17:59:52 | 146,925,753 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/11 15:10:55 | 000,002,507 | ---- | C] () -- C:\Users\Neelam\Desktop\PearsonVUE Tutorial and Practice Exam.lnk
[2010/05/10 15:31:12 | 000,001,356 | ---- | C] () -- C:\Users\Neelam\AppData\Local\d3d9caps.dat
[2010/03/14 22:48:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/03/14 22:48:47 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/02/08 19:01:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/19 21:51:03 | 000,031,007 | ---- | C] () -- C:\Users\Neelam\AppData\Roaming\UserTile.png
[2009/10/19 21:47:08 | 000,011,264 | ---- | C] () -- C:\Users\Neelam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/05 19:36:26 | 000,294,912 | ---- | C] () -- C:\Windows\System32\msvcrtm40.dll
[2009/10/05 19:36:25 | 000,294,912 | ---- | C] () -- C:\Windows\System32\WMPhotoy.dll
[2009/10/05 18:27:40 | 000,151,552 | ---- | C] () -- C:\Windows\System32\libexpat.dll
[2009/09/29 14:59:33 | 000,009,888 | ---- | C] () -- C:\Windows\System32\sbnetkey.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/08/19 14:43:40 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\AVG9
[2010/03/16 07:41:43 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/10/06 18:35:32 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\GetRightToGo
[2010/04/20 21:00:16 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\LimeWire
[2010/02/11 19:06:12 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\OpenOffice.org
[2010/03/14 23:17:44 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\PC Suite
[2010/03/14 22:47:38 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\Samsung
[2010/08/16 17:30:41 | 000,000,000 | ---D | M] -- C:\Users\Neelam\AppData\Roaming\Uniblue
[2010/08/23 14:21:46 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/26 18:25:01 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{03189014-115F-4140-98C8-37F13AD383F6}.job

========== Purity Check ==========

< End of report >
OTL Extras logfile created on: 26/08/2010 18:34:59 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Neelam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 557.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71.28 Gb Total Space | 41.96 Gb Free Space | 58.86% Space Free | Partition Type: NTFS
Drive D: | 70.94 Gb Total Space | 68.30 Gb Free Space | 96.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEELAM-PC
Current User Name: Neelam
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Neelam\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31E403A6-34EF-4DC1-9A82-27B70162C98D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA979F03-ECE9-4DD2-A2F9-6A5E3F5078EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{54FFC589-7071-4C61-B8B3-9E75A1B7FBF1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BC2C347-43EA-401C-9533-BC4A1B6C0787}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{8C118D50-C32B-46F0-BD9D-139422C43F4B}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{9633D33A-3575-47AD-97A1-590F7F4D3345}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{B8495F23-99DA-42AB-A405-AF08E045E362}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{D15421B8-8BCC-43B8-82E0-8FCA41B0FAB4}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{E084EEF5-6F6C-49C1-AEAA-EC5F63002B61}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{F6D0EF48-4BF6-4D31-8FC6-BD0E24261915}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{FF6E99E3-A798-4145-9B3D-3AB404D12AA3}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"TCP Query User{8AA2B3B3-8D75-43B0-B301-1492A44DF607}C:\users\neelam\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\neelam\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{8EF5C502-FB9C-403B-94A2-13B67B4CD93E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CEAF35E8-9E60-452B-A1A7-ED3A866E2016}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4AB3F021-47AF-466A-9B80-5FFAF1F3C5CD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4B4CB762-91A8-4D77-9875-77B7A3B20C24}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{D8764C14-7FE5-4694-BA6C-1A9725957C96}C:\users\neelam\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\neelam\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17A869F2-4ABC-446D-B497-F08A7450A923}" = PearsonVUE Tutorial and Practice Exam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99D7BD24-E8BB-485C-B502-C1DE0A33161D}" = GoGear ARIAZ Device Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Recovery for PowerPoint" = Recovery for PowerPoint
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/08/2010 06:07:13 | Computer Name = Neelam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/08/2010 06:07:13 | Computer Name = Neelam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/08/2010 06:07:13 | Computer Name = Neelam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/08/2010 06:12:07 | Computer Name = Neelam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 23/08/2010 06:12:09 | Computer Name = Neelam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 23/08/2010 07:47:02 | Computer Name = Neelam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23/08/2010 07:47:02 | Computer Name = Neelam-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24/08/2010 15:54:02 | Computer Name = Neelam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 24/08/2010 15:54:04 | Computer Name = Neelam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 26/08/2010 13:32:11 | Computer Name = Neelam-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 26/08/2010 13:33:02 | Computer Name = Neelam-PC | Source = Service Control Manager | ID = 7001
Description =

< End of report >

____________________________________________________

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-26 19:05:45
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Neelam\AppData\Local\Temp\kwlyqpod.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[592] kernel32.dll!ExitProcess 770A41D8 5 Bytes JMP 0099EF80 C:\Windows\system32\mydocsd.dll (SearchHelp, Inc.)
.text C:\Windows\system32\svchost.exe[592] ADVAPI32.dll!OpenServiceA 774E2EBD 5 Bytes JMP 0099E4A0 C:\Windows\system32\mydocsd.dll (SearchHelp, Inc.)
.text C:\Windows\system32\svchost.exe[592] ADVAPI32.dll!CloseServiceHandle 774E82A5 5 Bytes JMP 0099E160 C:\Windows\system32\mydocsd.dll (SearchHelp, Inc.)
.text C:\Windows\system32\svchost.exe[592] ADVAPI32.dll!OpenServiceW 774E8354 5 Bytes JMP 0099E3B0 C:\Windows\system32\mydocsd.dll (SearchHelp, Inc.)
.text C:\Windows\system32\svchost.exe[592] ADVAPI32.dll!ControlService 77509FB8 5 Bytes JMP 0099E2A0 C:\Windows\system32\mydocsd.dll (SearchHelp, Inc.)
.text C:\Windows\system32\svchost.exe[592] ADVAPI32.dll!DeleteService 7750A07E 5 Bytes JMP 0099E080 C:\Windows\system32\mydocsd.dll (SearchHelp, Inc.)
.text C:\Windows\system32\atibrtmonc.exe[768] kernel32.dll!ExitProcess 770A41D8 5 Bytes JMP 00EEEF80 C:\Windows\system32\mydocsd.dll (SearchHelp, Inc.)

---- EOF - GMER 1.0.15 ----

#4
nelly4u2NV

Posted 26 August 2010 - 12:39 PM

New Member

Topic Starter
Member
3 posts

#5
nelly4u2NV

Posted 26 August 2010 - 12:41 PM

New Member

Topic Starter
Member
3 posts

#6
BlackOxide

Posted 27 August 2010 - 01:23 PM

Trusted Helper

Malware Removal
1,976 posts

I've noticed that you are already receiving help for this problem over on the Techguy forum. Due to this, we will be closing this topic here shortly and you should continue to respond to the Techguy topic for assistance, unless we are made aware of any specific problems you have with this.

Thanks for your understanding.