Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Port Scanning Attack and and DNS Cache Poisoning Attack Detected

Started by jolene singh , Aug 21 2011 07:50 AM

  • This topic is locked This topic is locked

#1
jolene singh
Posted 21 August 2011 - 07:50 AM

jolene singh

    Member

  • Member
  • PipPipPip
  • 104 posts
Hi

My ESET Firewall is these days constantly detecting Port Scanning Attacks and DNS Cache poisoning attack.
What should I do?

My ESET Log is:

Time Event Source Target Protocol

8/21/2011 9:32:00 AM Detected Port Scanning attack 125.45.109.166:12200 24.1.179.253:8090 TCP
8/21/2011 9:15:08 AM Detected Port Scanning attack 199.119.204.103:6000 24.1.179.253:8088 TCP
8/21/2011 9:03:48 AM Detected Port Scanning attack 58.218.199.250:12200 24.1.179.253:3246 TCP
8/20/2011 4:59:05 PM Detected Port Scanning attack 58.218.199.147:12200 24.1.179.253:8118 TCP
8/20/2011 4:52:01 PM Detected Port Scanning attack 125.45.109.166:12200 24.1.179.253:2301 TCP
8/20/2011 4:36:05 PM Detected Port Scanning attack 58.218.199.227:12200 24.1.179.253:2479 TCP
8/20/2011 11:46:52 AM Detected Port Scanning attack 58.218.199.147:12200 24.1.179.253:8118 TCP
8/20/2011 11:27:48 AM Detected Port Scanning attack 58.218.199.250:12200 24.1.179.253:3246 TCP
8/20/2011 11:06:08 AM Detected Port Scanning attack 221.194.46.176:12200 24.1.179.253:8090 TCP
8/19/2011 10:30:32 PM Detected Port Scanning attack 221.1.220.185:12200 24.1.179.253:30495 TCP
8/19/2011 9:57:50 PM Detected Port Scanning attack 58.218.199.147:12200 24.1.179.253:8090 TCP
8/19/2011 9:47:37 PM Detected Port Scanning attack 58.218.199.250:12200 24.1.179.253:9090 TCP
8/19/2011 9:40:35 PM Detected Port Scanning attack 221.192.199.49:12200 24.1.179.253:2301 TCP
8/19/2011 1:19:55 PM Detected Port Scanning attack 58.218.199.147:12200 24.1.179.253:8085 TCP
8/19/2011 12:39:30 PM Detected Port Scanning attack 58.218.199.227:12200 24.1.179.253:80 TCP
8/19/2011 12:32:21 PM Detected Port Scanning attack 221.1.220.185:12200 24.1.179.253:2479 TCP
8/18/2011 10:01:50 PM Detected Port Scanning attack 58.218.199.227:12200 24.1.179.253:2479 TCP
8/18/2011 10:00:48 PM Detected Port Scanning attack 58.218.199.250:12200 24.1.179.253:3128 TCP
8/18/2011 9:46:32 PM Detected Port Scanning attack 58.218.199.147:12200 24.1.179.253:8088 TCP
8/18/2011 8:57:14 PM Detected Port Scanning attack 221.192.199.49:12200 24.1.179.253:73 TCP
8/18/2011 8:40:43 PM Detected Port Scanning attack 125.45.109.166:12200 24.1.179.253:9415 TCP
8/18/2011 8:08:29 PM Detected Port Scanning attack 221.1.220.185:12200 24.1.179.253:29777 TCP
8/8/2011 6:32:18 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:53880 UDP
8/8/2011 6:32:18 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:55771 UDP
8/8/2011 6:32:17 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:52805 UDP
8/8/2011 6:32:17 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:57241 UDP
8/8/2011 6:32:17 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:50128 UDP
8/8/2011 6:32:16 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:58268 UDP
8/8/2011 6:32:16 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:60201 UDP
8/8/2011 6:32:14 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:55699 UDP
8/8/2011 6:32:13 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:52439 UDP
8/8/2011 6:32:13 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:56996 UDP
8/8/2011 6:32:13 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:50187 UDP
8/8/2011 6:32:12 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:54669 UDP
8/8/2011 6:32:12 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:65381 UDP
8/8/2011 6:32:11 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:50139 UDP
8/8/2011 6:32:10 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:53880 UDP
8/8/2011 6:32:10 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:52805 UDP
8/8/2011 6:32:10 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:55771 UDP
8/8/2011 6:32:10 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:57241 UDP
8/8/2011 6:32:09 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:50128 UDP
8/8/2011 6:32:09 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:60201 UDP
8/8/2011 6:32:09 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:58268 UDP
8/8/2011 6:32:04 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:57994 UDP
8/8/2011 6:32:03 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:55699 UDP
8/8/2011 6:32:02 AM Detected DNS cache poisoning attack 4.2.2.2:53 14.98.76.115:52439 UDP
8/6/2011 4:08:45 AM Detected Port Scanning attack 94.245.93.40:12200 115.118.234.201:8008 TCP
8/6/2011 3:58:18 AM Detected Port Scanning attack 94.245.93.40:12200 115.118.234.201:8008 TCP
8/5/2011 5:13:32 AM Detected Port Scanning attack 94.245.93.40:12200 115.118.158.136:8008 TCP
8/5/2011 4:50:27 AM Detected Port Scanning attack 94.245.93.40:12200 115.118.158.136:8008 TCP
8/5/2011 4:05:34 AM Detected Port Scanning attack 94.245.93.40:12200 115.118.158.136:8008 TCP
8/4/2011 11:57:48 AM Detected Port Scanning attack 122.172.34.49:49413 59.161.59.97:17601 TCP
8/3/2011 12:49:49 AM Detected Port Scanning attack 218.51.106.103:4250 14.97.195.215:39303 TCP
8/1/2011 3:43:28 AM Detected DNS cache poisoning attack 4.2.2.2:53 59.161.27.194:49961 UDP
7/31/2011 2:03:15 AM Detected Port Scanning attack 126.162.106.217:42203 121.245.133.133:28108 TCP
7/30/2011 12:45:28 AM Detected Port Scanning attack 157.55.196.240:12200 115.118.146.63:8088 TCP
7/29/2011 1:06:54 PM Detected Port Scanning attack 14.97.37.174:61450 14.97.36.68:1433 TCP
7/29/2011 3:27:22 AM Detected Port Scanning attack 14.97.24.212:52939 14.97.18.117:1433 TCP
7/28/2011 2:50:32 AM Detected DNS cache poisoning attack 174.127.87.42:53 14.97.125.149:21523 UDP
7/28/2011 2:05:46 AM Detected DNS cache poisoning attack 174.127.87.42:53 14.97.125.149:21523 UDP
7/28/2011 1:20:56 AM Detected DNS cache poisoning attack 174.127.87.42:53 14.97.125.149:21523 UDP
7/26/2011 11:32:05 AM Detected Port Scanning attack 219.107.163.87:54481 14.97.192.131:27874 TCP
7/26/2011 12:09:51 AM Detected Port Scanning attack 121.245.51.145:62239 121.245.140.135:1433 TCP
7/20/2011 12:13:28 AM Detected Port Scanning attack 14.97.212.10:56906 14.97.97.233:1433 TCP






The OTL log is as follows:

OTL logfile created on: 8/21/2011 9:26:33 AM - Run 5
OTL by OldTimer - Version 3.2.26.5 Folder = E:\softwares
Windows XP Professional Edition Service Pack 3, v.6055 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.00% Memory free
3.84 Gb Paging File | 2.96 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 4.53 Gb Free Space | 15.46% Space Free | Partition Type: NTFS
Drive D: | 7.80 Gb Total Space | 2.19 Gb Free Space | 28.10% Space Free | Partition Type: FAT32
Drive E: | 96.52 Gb Total Space | 5.90 Gb Free Space | 6.11% Space Free | Partition Type: NTFS

Computer Name: JOLENE-239684D0 | User Name: UserXP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/21 09:25:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- E:\softwares\OTL.exe
PRC - [2011/08/05 22:21:27 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/07/21 16:20:08 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/04/20 00:17:18 | 000,958,464 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/04/20 00:17:12 | 002,474,624 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/02/18 02:17:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/13 11:52:34 | 000,016,896 | ---- | M] (Microsoft) -- E:\gulti\TeluguLipi Unicode Editor\TeluguLipiTray.exe
PRC - [2010/05/01 22:01:24 | 002,815,488 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2009/12/16 14:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exe
PRC - [2009/11/08 14:48:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/04/14 05:10:30 | 001,032,192 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/03/09 04:14:12 | 000,130,560 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/04 01:55:12 | 000,621,056 | ---- | M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/02/16 12:43:38 | 000,153,600 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
PRC - [2008/11/26 03:05:00 | 000,119,808 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/03/03 14:13:16 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/03/03 14:12:38 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/03/03 14:12:34 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/03/03 14:10:44 | 000,072,240 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2007/11/30 14:56:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 06:25:46 | 001,628,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/05/15 06:25:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/03/23 04:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/02/06 09:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/06 09:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 16:36:04 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/17 16:35:46 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/17 16:33:42 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/05 22:21:25 | 000,400,440 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\ppgooglenaclpluginchrome.dll
MOD - [2011/08/05 22:21:24 | 004,118,072 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\pdf.dll
MOD - [2011/08/05 22:20:23 | 000,300,088 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\Locales\en-US.dll
MOD - [2011/08/05 22:19:58 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avutil-50.dll
MOD - [2011/08/05 22:19:56 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avformat-52.dll
MOD - [2011/08/05 22:19:55 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avcodec-52.dll
MOD - [2011/08/05 20:29:30 | 006,338,720 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\gcswf32.dll
MOD - [2011/08/02 23:36:28 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2011/06/24 09:41:39 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/10/23 00:36:39 | 000,022,792 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2009/11/03 06:37:58 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\Execute.dll
MOD - [2009/10/02 12:27:12 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll
MOD - [2009/03/09 04:14:12 | 000,130,560 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
MOD - [2009/02/16 12:43:38 | 000,153,600 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
MOD - [2008/11/26 03:05:00 | 000,119,808 | ---- | M] () -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
MOD - [2008/03/03 14:12:14 | 000,080,432 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\zlib1.dll
MOD - [2008/03/03 14:11:08 | 000,970,288 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\libxml2.dll
MOD - [2007/11/30 14:55:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/11/30 14:55:34 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 12:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/03/23 04:03:02 | 000,834,352 | ---- | M] () -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\libeay32.dll
MOD - [2007/03/23 04:02:50 | 000,166,704 | ---- | M] () -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\ssleay32.dll
MOD - [2007/02/06 09:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/06 09:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/02 23:36:28 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/04/20 00:18:00 | 000,183,904 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EShaSrv.exe -- (ESHASRV)
SRV - [2011/04/20 00:17:18 | 000,958,464 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/03/04 01:55:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/03 14:13:16 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/03/03 14:12:38 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/03/03 14:12:34 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/11/30 11:23:02 | 000,186,928 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/05/15 06:25:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/03/23 04:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)


========== Driver Services (SafeList) ==========

DRV - [2011/04/20 00:17:30 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2011/04/20 00:17:30 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2011/04/20 00:17:28 | 000,143,872 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2011/04/20 00:17:16 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/04/20 00:16:50 | 000,153,112 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/12 05:51:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 05:25:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/03/31 00:09:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/26 00:56:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/03 14:14:20 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008/03/03 14:14:16 | 000,925,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008/03/03 14:14:06 | 000,025,136 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008/03/03 14:13:48 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008/03/03 14:10:02 | 000,030,768 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2008/03/03 14:10:02 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008/03/03 14:10:02 | 000,016,816 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/11/30 11:22:16 | 000,019,248 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007/06/28 09:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/05/15 06:25:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 06:25:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 06:25:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/03/23 04:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2007/02/14 08:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 08:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 08:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 08:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 08:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/02 09:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/12/01 19:34:14 | 000,194,200 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/12/01 19:34:14 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XPC4DRVR.SYS -- (XilinxPC4Driver)
DRV - [2006/10/18 19:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2005/07/27 04:10:08 | 000,027,200 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RTWTKRNL.sys -- (RTWTKRNL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.10.14:808

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CSeaMonkey%5Csearchplugins%5Cgoogle.src"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.ftp: "192.168.10.14"
FF - prefs.js..network.proxy.ftp_port: 808
FF - prefs.js..network.proxy.gopher: "192.168.10.14"
FF - prefs.js..network.proxy.gopher_port: 808
FF - prefs.js..network.proxy.http: "192.168.10.14"
FF - prefs.js..network.proxy.http_port: 808
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.ssl: "192.168.10.14"
FF - prefs.js..network.proxy.ssl_port: 808
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\UserXP\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\UserXP\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\UserXP\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/23 23:57:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/06/05 14:32:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/23 23:57:45 | 000,000,000 | ---D | M]

[2009/11/18 22:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\UserXP\Application Data\Mozilla\Extensions
[2009/11/18 22:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\UserXP\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2009/11/18 22:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\UserXP\Application Data\Mozilla\SeaMonkey\Profiles\v5meeiou.default\extensions
File not found (No name found) -- C:\PROGRAM FILES\SEAMONKEY\EXTENSIONS\{59C81DF5-4B7A-477B-912D-4E0FDF64E5F2}
File not found (No name found) -- C:\PROGRAM FILES\SEAMONKEY\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}
File not found (No name found) -- C:\PROGRAM FILES\SEAMONKEY\EXTENSIONS\[email protected]

O1 HOSTS File: ([2001/08/23 13:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [QNPlus] File not found
O4 - HKLM..\RunOnce: [!CleanupNetMeetingDispDriver] File not found
O4 - HKLM..\RunServices: [csrcs] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TeluguLipi Quick Start.lnk = C:\WINDOWS\Installer\{990CA0A1-4EA0-4C39-9EFE-3494F21917E7}\_7809DDD814F44DC2B39EE0CFADC8C435.exe (Flexera Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: csrcs = C:\WINDOWS\system32\csrcs.exe
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1265212679843 (WUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.shockwave...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.arcadetow...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (csrcs.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\UserXP\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\UserXP\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/28 05:03:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{09bdd9ad-b902-11e0-ae24-001e379dd8ce}\Shell - "" = AutoRun
O33 - MountPoints2\{09bdd9ad-b902-11e0-ae24-001e379dd8ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09bdd9ad-b902-11e0-ae24-001e379dd8ce}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1063fa82-b202-11e0-ae14-001e379dd8ce}\Shell - "" = AutoRun
O33 - MountPoints2\{1063fa82-b202-11e0-ae14-001e379dd8ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1063fa82-b202-11e0-ae14-001e379dd8ce}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3b2937a8-b420-11e0-ae19-001e379dd8ce}\Shell - "" = AutoRun
O33 - MountPoints2\{3b2937a8-b420-11e0-ae19-001e379dd8ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b2937a8-b420-11e0-ae19-001e379dd8ce}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{45d6e198-9f11-11df-acfc-001e379dd8ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45d6e198-9f11-11df-acfc-001e379dd8ce}\Shell\AutoRun\command - "" = G:\sejo\\\kalac.exe
O33 - MountPoints2\{45d6e198-9f11-11df-acfc-001e379dd8ce}\Shell\explore\command - "" = G:\sejo\\kalac.exe
O33 - MountPoints2\{45d6e198-9f11-11df-acfc-001e379dd8ce}\Shell\open\command - "" = G:\sejo\\\kalac.exe
O33 - MountPoints2\{4f67c24a-0d76-11df-ac25-005056c00008}\Shell\AutoRun\command - "" = G:\.\EncryptionTool\MaxtorEncryption.exe
O33 - MountPoints2\{6f1039a7-b204-11e0-ae15-001e379dd8ce}\Shell - "" = AutoRun
O33 - MountPoints2\{6f1039a7-b204-11e0-ae15-001e379dd8ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f1039a7-b204-11e0-ae15-001e379dd8ce}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7d9340a8-c9d1-11de-ab7b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7d9340a8-c9d1-11de-ab7b-005056c00008}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d9340a8-c9d1-11de-ab7b-005056c00008}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ba39abee-b8d6-11e0-ae21-001e379dd8ce}\Shell - "" = AutoRun
O33 - MountPoints2\{ba39abee-b8d6-11e0-ae21-001e379dd8ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba39abee-b8d6-11e0-ae21-001e379dd8ce}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d705f595-b74f-11e0-ae20-001e379dd8ce}\Shell - "" = AutoRun
O33 - MountPoints2\{d705f595-b74f-11e0-ae20-001e379dd8ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d705f595-b74f-11e0-ae20-001e379dd8ce}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{df3728ac-b900-11e0-ae23-001e379dd8ce}\Shell - "" = AutoRun
O33 - MountPoints2\{df3728ac-b900-11e0-ae23-001e379dd8ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{df3728ac-b900-11e0-ae23-001e379dd8ce}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 18:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\My Documents\BlackBerry
[2011/08/11 18:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Local Settings\Application Data\Research In Motion
[2011/08/11 18:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\Research In Motion
[2011/08/11 18:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry
[2011/08/11 18:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/08/11 18:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2011/08/11 18:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2011/07/28 06:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tata Photon+
[2011/07/28 06:05:48 | 000,113,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/07/28 06:05:48 | 000,102,528 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/07/28 06:05:48 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbdev.sys
[2011/07/28 06:05:48 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/07/26 05:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.0
[2011/07/26 05:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Desktop\medicalhistory
[2011/07/26 00:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/07/24 00:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\HPAppData
[2011/07/24 00:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Desktop\HP shortcuts
[2011/07/24 00:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\HP
[2011/07/23 23:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/07/23 23:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\Yahoo!
[2011/07/23 23:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/07/23 23:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2011/07/23 23:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2011/07/23 23:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\HpUpdate
[2011/07/23 23:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/07/23 23:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/07/23 23:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/07/23 23:55:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/07/23 23:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/07/23 23:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/07/23 23:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/07/23 23:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/07/23 13:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\My Documents\short stories
[2009/11/09 22:17:03 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

========== Files - Modified Within 30 Days ==========

[2011/08/21 09:27:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-1801674531-1003UA.job
[2011/08/21 09:27:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-838170752-1801674531-1003Core.job
[2011/08/21 09:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/21 09:00:53 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/08/20 16:13:16 | 000,468,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/20 16:13:16 | 000,080,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/20 16:08:43 | 000,002,141 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TeluguLipi Quick Start.lnk
[2011/08/20 16:08:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/20 16:08:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\SpeedOptimizer Startup.job
[2011/08/20 16:08:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/19 21:38:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/08/18 21:40:47 | 000,205,420 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Payment Receipt-1.pdf
[2011/08/17 10:38:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/14 10:47:06 | 000,198,656 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/14 10:44:09 | 000,019,733 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\A.html
[2011/08/13 12:02:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/12 11:32:09 | 000,136,092 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\shankar resume.pdf
[2011/08/11 22:00:53 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Shortcut to Rim.Desktop.lnk
[2011/08/11 21:34:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/08/11 21:34:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/11 18:05:21 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/08/10 08:08:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 06:07:01 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tata Photon+.lnk
[2011/07/26 05:51:14 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
[2011/07/26 05:34:07 | 000,021,702 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\medicalhistory.zip
[2011/07/26 00:58:58 | 000,171,896 | ---- | M] () -- C:\WINDOWS\hphins32.dat
[2011/07/25 00:27:34 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/23 23:56:02 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

========== Files Created - No Company Name ==========

[2011/08/18 21:40:47 | 000,205,420 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Payment Receipt-1.pdf
[2011/08/14 19:11:34 | 002,402,540 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\056 - 45 - Aerosmith - I Don't Want To Miss A Thing.wma
[2011/08/14 10:44:09 | 000,019,733 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\A.html
[2011/08/12 11:32:16 | 000,136,092 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\shankar resume.pdf
[2011/08/11 22:00:53 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Shortcut to Rim.Desktop.lnk
[2011/08/11 21:34:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/08/11 21:34:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/08/11 18:05:21 | 000,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/07/28 06:07:01 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tata Photon+.lnk
[2011/07/26 05:51:14 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
[2011/07/26 05:34:06 | 000,021,702 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\medicalhistory.zip
[2011/07/23 23:56:02 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/07/23 23:49:57 | 000,171,896 | ---- | C] () -- C:\WINDOWS\hphins32.dat
[2011/07/23 23:49:57 | 000,000,558 | ---- | C] () -- C:\WINDOWS\hphmdl32.dat
[2010/12/31 06:41:20 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/12/31 06:41:20 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/10/24 22:49:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/20 12:59:59 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\keyfile3.drm
[2010/08/06 11:10:40 | 001,121,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/14 04:53:53 | 000,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010/03/06 03:37:35 | 000,000,771 | ---- | C] () -- C:\WINDOWS\ISCII.INI
[2010/03/03 05:45:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/23 10:35:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/02/23 10:35:46 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/02/23 10:35:37 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\UserXP\Application Data\$_hpcst$.hpc
[2010/01/18 14:27:14 | 000,027,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTWTKRNL.sys
[2010/01/18 14:27:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\RTWINTGT.EXE
[2010/01/18 14:26:46 | 000,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2009/12/07 11:54:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/24 00:01:40 | 002,309,120 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2009/11/24 00:01:17 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\utility3.dll
[2009/11/24 00:01:17 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\Execute.dll
[2009/11/24 00:01:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009/11/16 10:47:04 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2009/11/16 00:31:30 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\msdlghce.dll
[2009/11/09 22:17:05 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2009/11/09 22:17:04 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2009/11/09 22:17:04 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2009/11/09 22:17:03 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2009/11/08 09:28:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\msds.dat
[2009/11/08 09:26:33 | 000,006,230 | ---- | C] () -- C:\WINDOWS\RIDE.ini
[2009/11/08 09:26:32 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/19 09:08:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/10/05 10:13:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/05 04:39:37 | 000,000,133 | ---- | C] () -- C:\WINDOWS\BCW5.INI
[2009/10/04 00:14:17 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2009/10/03 05:00:35 | 000,000,329 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/10/03 05:00:34 | 000,000,155 | ---- | C] () -- C:\WINDOWS\IGREC.ini
[2009/10/03 05:00:31 | 000,000,665 | ---- | C] () -- C:\WINDOWS\TPR.INI
[2009/10/01 10:45:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/28 15:29:56 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/28 15:29:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/28 15:29:55 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/09/28 15:29:54 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/28 09:35:22 | 000,198,656 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/28 06:45:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/28 06:43:23 | 000,300,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/28 05:17:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2009/09/28 05:17:21 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2009/09/28 05:17:20 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/09/28 05:07:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/28 05:00:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/07 01:32:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/07 01:31:35 | 000,468,166 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/07 01:31:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/09/07 01:31:34 | 000,080,562 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/07 01:31:34 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/09/07 01:31:24 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/09/07 01:31:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/09/07 01:31:03 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/09/07 01:29:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/09/07 01:29:41 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/09/07 01:27:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/09/07 01:27:23 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/05/26 12:29:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 12:29:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/25 07:56:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 01:21:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 01:18:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 01:18:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/06 09:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 08:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/10/12 10:35:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Instx64.exe
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/02/09 22:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Airytec
[2011/06/05 14:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/10/05 12:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/04/11 05:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2011/01/08 08:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2010/03/13 04:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2010/08/06 11:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/08/15 01:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/31 06:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/04/11 01:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/12/31 02:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2010/12/31 05:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/08/11 18:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/31 03:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/05/14 06:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/08/20 16:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/18 07:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/09/21 16:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/02/12 23:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Airytec
[2010/12/05 13:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Conceptworld
[2010/05/20 06:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Desktop Sidebar
[2010/08/25 22:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\ESET
[2009/10/01 10:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Foxit
[2010/04/12 13:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\MysteryStudio
[2010/08/06 11:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Nokia
[2010/05/14 23:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\NVD
[2010/08/06 11:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\PC Suite
[2010/04/11 01:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\PlayFirst
[2011/08/11 18:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Research In Motion
[2010/02/23 13:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Samsung
[2010/05/18 09:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\SoftGrid Client
[2009/12/17 03:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Softland
[2009/12/16 13:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\TeamViewer
[2010/05/14 07:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\TP
[2011/06/11 18:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\uTorrent
[2011/06/11 04:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\ValuSoft
[2010/05/18 10:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Windows Desktop Search
[2010/05/18 10:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Windows Search
[2010/02/13 06:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\Wireshark
[2009/10/04 07:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Application Data\WordWeb
[2011/08/20 16:08:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedOptimizer Startup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD060F93
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0F61BB
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80EFC1E5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED3F622D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:010ADD2C

< End of report >



I have not noticed any effect yet.


Thank you

Regards
Jolene
  • 0

Advertisements

#2
Dakeyras
Posted 26 August 2011 - 03:25 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

My ESET Firewall is these days constantly detecting Port Scanning Attacks and DNS Cache poisoning attack.
What should I do?

As long as ESET is blocking such it is doing its job but by all means we will check this out...

Next:

Please move the executable for OTL to the desktop, it is currently residing here:-

E:\softwares\OTL.exe

We will be using OTL again in due course.

Hard-Drive Free Space Advice:

Drive E: | 96.52 Gb Total Space | 5.90 Gb Free Space | 6.11% Space Free | Partition Type: NTFS

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my opinion.

I advise you create some extra free space otherwise eventually any type of system maintenance will prove to be problematic on this drive.

Scan with GMER:

Please download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Posted Image

    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • GMER Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
jolene singh
Posted 27 August 2011 - 10:02 PM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Thank you for replying.

Note: Do not run any programs while Gmer is running.


Should I disable my Antivirus too?

Regards
Jolene
  • 0

#4
Dakeyras
Posted 28 August 2011 - 02:39 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thank you for replying.

You're welcome!

Should I disable my Antivirus too?

No need.
  • 0

#5
jolene singh
Posted 31 August 2011 - 07:12 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Thanks.

I ran the scans.

I haven't noticed port attacks for some time now.
I wonder if the attacker has managed to bypass ESET somehow.

The computer was slower uptil now.
I don't see any noticable change.

gmer.txt is attached.

Regards
Jolene

Attached Files

  • Attached File  gmer.txt   37.14KB   138 downloads

  • 0

#6
jolene singh
Posted 31 August 2011 - 07:13 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Log.txt is attached.

Attached Files

  • Attached File  log.txt   47.64KB   158 downloads

  • 0

#7
jolene singh
Posted 31 August 2011 - 07:14 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Info.txt is attached

Attached Files

  • Attached File  info.txt   43.04KB   198 downloads

  • 0

#8
Dakeyras
Posted 31 August 2011 - 01:51 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

No need to attach any logs in future unless I advise otherwise. Merely post them please, thank you.

I haven't noticed port attacks for some time now.
I wonder if the attacker has managed to bypass ESET somehow.

OK and I do not think anything has actually by-passed the ESET Personal firewall, though the actual XP SP3 Firewall has open ports which we will deal with in due course.

Hard-Drive Free Space Advice:

System drive C: has 5 GB (15%) free of 30 GB

This is considered borderline. Even though a Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, at least 25% is better in my opinion.

I advise you consider uninstalling some software you do not need and or move any documents/files/pictures etc to a form of removable media.

Next:

Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update this in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

J2SE Development Kit 5.0 Update 10
J2SE Runtime Environment 5.0 Update 10
Java™ 6 Update 27

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset becuse you have the ESET Personal firewall installed and active.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the Quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*
C:\WINDOWS\tasks\SpeedOptimizer Startup.job

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[-HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[-HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=-
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QNPlus"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"csrcs"="C:\WINDOWS\system32\csrcs.exe"
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#9
jolene singh
Posted 31 August 2011 - 09:01 PM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hii

Well good news.. :)

1. I removed quite a lot of stuff from add/remove software, except this one which wont remove.
Posted Image



2. My system was facing two problems apart from the one I created the thread for.


(i)At system startup, I used to get popup errors like

Posted Image


This got caught in MalwareByte's AntiMalware. :)
So, I didn't get it this time when starting up.
I had raised another thread for it more than a year back (that made me realise how long I've had this problem). I was so used to it by now, that I didn't think of it as an abnormality anymore.

http://www.geekstogo..._1#entry1789620



(ii) I also used to get "New hardware found" windows.

Posted Image


When I would press cancel, I would get

Posted Image



I'm still getting it. :unsure:




3. When OTL reboot started, it got stuck in "Shutting down" screen.
After 5 to 7 minutes, I manually shut down the system by pressing the Power button and then restarted the system.
A log was still generated.


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\UserXP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\UserXP\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ACRORD32.EXE-19C3D96E.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
C:\WINDOWS\prefetch\BTSTAC~1.EXE-2BF86A68.pf moved successfully.
C:\WINDOWS\prefetch\BTTRAY.EXE-02B509CD.pf moved successfully.
C:\WINDOWS\prefetch\CALC.EXE-02CD573A.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-0C77AE50.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-0C77AE53.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-0C77AE54.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-0C77AE57.pf moved successfully.
C:\WINDOWS\prefetch\CHROMEINSTALL-6U27.EXE-17C063BF.pf moved successfully.
C:\WINDOWS\prefetch\CHROME_UPDATER.EXE-046C4568.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully.
C:\WINDOWS\prefetch\CSS.SCR-282F3B3D.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-3594867E.pf moved successfully.
C:\WINDOWS\prefetch\DUMPCAP.EXE-241FFA5D.pf moved successfully.
C:\WINDOWS\prefetch\DUMPREP.EXE-1B46F901.pf moved successfully.
C:\WINDOWS\prefetch\EGUI.EXE-16D63091.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\GOM.EXE-3A741418.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-0D66375E.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-1E5CAADA.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETALKPLUGIN.EXE-12ECC76E.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-0DB75547.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1E123D86.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATER.EXE-2CAF5929.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf moved successfully.
C:\WINDOWS\prefetch\GRLAUNCHER.EXE-0F5DB21A.pf moved successfully.
C:\WINDOWS\prefetch\GROOVEMONITOR.EXE-2606717A.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
C:\WINDOWS\prefetch\HKCMD.EXE-1D05234B.pf moved successfully.
C:\WINDOWS\prefetch\HPQBAM08.EXE-1ED43757.pf moved successfully.
C:\WINDOWS\prefetch\HPQGPC01.EXE-271E6A7F.pf moved successfully.
C:\WINDOWS\prefetch\HPQSTE08.EXE-18A7280B.pf moved successfully.
C:\WINDOWS\prefetch\HPQTRA08.EXE-17E37E7E.pf moved successfully.
C:\WINDOWS\prefetch\HPWUCLI.EXE-2587F620.pf moved successfully.
C:\WINDOWS\prefetch\HPWUSCHD2.EXE-02F6D2DD.pf moved successfully.
C:\WINDOWS\prefetch\IGFXPERS.EXE-2C07C174.pf moved successfully.
C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf moved successfully.
C:\WINDOWS\prefetch\IGFXTRAY.EXE-3391579A.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
C:\WINDOWS\prefetch\JAUREG.EXE-009F59AE.pf moved successfully.
C:\WINDOWS\prefetch\JAVA.EXE-0C263507.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-2DC32ABC.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-021AC9A9.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-1D781F77.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0F4A509D.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\MSI1D3.TMP-0B19FB14.pf moved successfully.
C:\WINDOWS\prefetch\MSI1DB.TMP-27B3F144.pf moved successfully.
C:\WINDOWS\prefetch\MSI86.TMP-00D23702.pf moved successfully.
C:\WINDOWS\prefetch\MSI87.TMP-3A9DC542.pf moved successfully.
C:\WINDOWS\prefetch\MSI88.TMP-14611870.pf moved successfully.
C:\WINDOWS\prefetch\MSIC5.TMP-07912332.pf moved successfully.
C:\WINDOWS\prefetch\MSIC6.TMP-0BD2F079.pf moved successfully.
C:\WINDOWS\prefetch\MSIC7.TMP-2DF89DC7.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.
C:\WINDOWS\prefetch\NBHGUI.EXE-28FBE1EC.pf moved successfully.
C:\WINDOWS\prefetch\NCLBCBTSRV.EXE-1B09D196.pf moved successfully.
C:\WINDOWS\prefetch\NCLINSTALLER.EXE-29029297.pf moved successfully.
C:\WINDOWS\prefetch\NCLRSSRV.EXE-14091440.pf moved successfully.
C:\WINDOWS\prefetch\NCLUSBSRV.EXE-2DC6D2EC.pf moved successfully.
C:\WINDOWS\prefetch\NOKIAMSERVER.EXE-001F70D2.pf moved successfully.
C:\WINDOWS\prefetch\NOKIAMUSIC.EXE-1FA8AB2E.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OFFLB.EXE-3449130C.pf moved successfully.
C:\WINDOWS\prefetch\OIS.EXE-337DD4BD.pf moved successfully.
C:\WINDOWS\prefetch\PATCHJRE.EXE-36513358.pf moved successfully.
C:\WINDOWS\prefetch\PBN8H8BD.EXE-00575FBA.pf moved successfully.
C:\WINDOWS\prefetch\POWERPNT.EXE-364EC56A.pf moved successfully.
C:\WINDOWS\prefetch\READER_SL.EXE-3329220B.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf moved successfully.
C:\WINDOWS\prefetch\RIMBBLAUNCHAGENT.EXE-2BC34241.pf moved successfully.
C:\WINDOWS\prefetch\RSIT.EXE-2F0903EC.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-12E27DD0.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-147710F4.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-147BD0D8.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-182CD12F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1D338798.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-1FB16606.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-21B2A59B.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-25726E5A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2CD85FD3.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-34FFA477.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-394F0224.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3ADC87EC.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3C9A0830.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4535D445.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4834E7C6.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4BD602A8.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-148579FB.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf moved successfully.
C:\WINDOWS\prefetch\SERVICELAYER.EXE-25DC7086.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-0EEA6594.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-2695AC01.pf moved successfully.
C:\WINDOWS\prefetch\SKYPE.EXE-30AE1A60.pf moved successfully.
C:\WINDOWS\prefetch\SKYPEPM.EXE-2BC7DD5C.pf moved successfully.
C:\WINDOWS\prefetch\SMAX4PNP.EXE-381239AF.pf moved successfully.
C:\WINDOWS\prefetch\SNDVOL32.EXE-383480B7.pf moved successfully.
C:\WINDOWS\prefetch\SPOOLSV.EXE-282F76A7.pf moved successfully.
C:\WINDOWS\prefetch\TELUGULIPITRAY.EXE-125F3545.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-00DDCFE3.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-151D3D64.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-27C16370.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-2FF382F9.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-35A7A7F1.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-378A4A3F.pf moved successfully.
C:\WINDOWS\prefetch\USERINIT.EXE-30B18140.pf moved successfully.
C:\WINDOWS\prefetch\USERXP.EXE-2F7B44E9.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\prefetch\VLC.EXE-22DF01AA.pf moved successfully.
C:\WINDOWS\prefetch\VMWARE-TRAY.EXE-0A29AFE2.pf moved successfully.
C:\WINDOWS\prefetch\WINDJVIEW.EXE-0051E7D2.pf moved successfully.
C:\WINDOWS\prefetch\WINWORD.EXE-07381162.pf moved successfully.
C:\WINDOWS\prefetch\WIRESHARK.EXE-0525E272.pf moved successfully.
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf moved successfully.
C:\WINDOWS\prefetch\WMIC.EXE-3B772CC6.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
C:\WINDOWS\prefetch\WWEB32.EXE-1D116E17.pf moved successfully.
C:\WINDOWS\prefetch\_IU14D2N.TMP-31920A57.pf moved successfully.
C:\WINDOWS\prefetch\_IU14D2O.TMP-1D6CD35B.pf moved successfully.
C:\WINDOWS\prefetch\_IU14D2P.TMP-1C5EBAE5.pf moved successfully.
C:\WINDOWS\tasks\SpeedOptimizer Startup.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\RunNarrator deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\RunNarrator not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QNPlus deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\"csrcs"|"C:\WINDOWS\system32\csrcs.exe" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: LocalService

User: NetworkService

User: UserXP
->Flash cache emptied: 73478 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UserXP
->Temp folder emptied: 138785858 bytes
->Temporary Internet Files folder emptied: 195331391 bytes
->Java cache emptied: 2168347 bytes
->Google Chrome cache emptied: 233940877 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9770563 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94777097 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 644.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.5 log created on 08312011_220022

Files\Folders moved on Reboot...
C:\Documents and Settings\UserXP\Local Settings\Temp\Word8.0\MSForms.exd moved successfully.
File\Folder C:\Documents and Settings\UserXP\Local Settings\Temp\~DFB25D.tmp not found!
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.Word\~WRF{62697996-5CDD-407E-A7EA-B75770AD1A2E}.tmp moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.Word\~WRS{096D491A-8EED-4899-9AAF-E104E6A7B2CF}.tmp moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.Word\~WRS{21597A9D-D734-4A3B-B148-FA9D9061E049}.tmp moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.Word\~WRS{22A7A567-9525-47A4-837C-5DB01C346F08}.tmp moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.Word\~WRS{66B423E6-A9D7-48DC-B0D7-BEFD2402B540}.tmp moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.Word\~WRS{6EF4D99E-84EF-4FBD-ACD5-16D7CCDAD8A7}.tmp moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.Word\~WRS{873386CF-929E-4468-BFBD-65060769CE2C}.tmp moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\1144A9B9.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\14555E48.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\1B70B44A.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\2430CA8C.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\24B74B2.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\26C96790.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\2EB5D6F0.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\2F563505.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\32168396.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\3D15DE15.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\40EE79A9.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\4728325B.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\4FB96C7A.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\5195E6E2.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\52AA814E.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\543E57EC.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\548DA251.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\57FC1B3C.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\59D26FD7.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\5D2F83BF.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\5D38729F.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\6AACC57B.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\6B102C14.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\6D0DA435.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\760F95C9.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\7E3165DC.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\80A5A512.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\80A6A987.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\858D1E33.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\870F0AA.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\878ECAB4.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\8A780940.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\8BFDD0A0.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\92980325.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\93834A0D.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\93B5D90B.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\93C6841E.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\993D42D.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\9CA35821.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\A4A19FAE.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\A6F08DEB.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\AFAAC564.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\B4575A55.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\B47B02E8.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\BBFD3C67.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\C2CBA4F7.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\C307F841.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\C3E28A7E.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\C8BA7452.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\CF2D5466.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\D04F8A31.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\D2E3ED2F.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\D519B136.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\DAF03DD9.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\E1089A06.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\E1713C04.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\E564364F.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\E7C8A3C3.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\EDA111D.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\EDFDAF42.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\EE39F4A3.wmf moved successfully.
C:\Documents and Settings\UserXP\Local Settings\Temporary Internet Files\Content.MSO\F52DDA98.wmf moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_21c.dat not found!

Registry entries deleted on Reboot...










4. MalwareBytes's AntiMalware
i) It asked me to download the latest version since mine was about 150 days old. I said Ok and installed the newer version.
ii) Upon starting the newer version, it asked if I wanted to check for updates, I said Ok. So that got done automatically too.


Log for MalwareBytes' AntiMalware
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7624

Windows 5.1.2600 Service Pack 3, v.6055
Internet Explorer 7.0.5730.13

8/31/2011 10:30:10 PM
mbam-log-2011-08-31 (22-30-10).txt

Scan type: Quick scan
Objects scanned: 163151
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Value: csrcs -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\csrcs (Trojan.Agent) -> Value: csrcs -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



It restarted the system of course.


I think with the fixes, things look better now, except for "Add new hardware" window.

And regarding my computer, well it seems okay. Is it okay ?



Thanks!! :yes:

Regards
Jolene Singh

Edited by jolene singh, 01 September 2011 - 05:39 PM.

  • 0

#10
Dakeyras
Posted 01 September 2011 - 03:32 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi and thanks for the concise update...:)

1. I removed quite a lot of stuff from add/remove software, except this one which wont remove.

OK we will come back to this in due course and we should be able to fully uninstall it.

(i)At system startup, I used to get popup errors like

Well what I did there with the custom OTL script was place the file back active so it could be then scanned by MBAM and removed if not the legitimate version. Maybe not quite the conventional approach but with this particular infection I have found it was the best methodology in the past.

With regard to the Hard-Ware issue not really my forte as both myself and this part of the forum only provide Anti-Malware support but I may be able to assist and if not I will pass you along to the IT Techs.

Please right click on My Computer >> Properties >> Hardware >> Device Manager

Let myself know if there is a yellow question mark against any of the entries and if so which exactly etc.

Next:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following quote-box(do not copy the word quote) into the main textfield:

:filefind
*Inside the GRE '98*
*IGRE98*
*IGREC*

:folderfind
*Inside the GRE '98*
*IGRE98*
*IGREC*
*Review*

:Regfind
Inside the GRE '98
IGRE98
IGREC

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
  • 0

Advertisements

#11
jolene singh
Posted 01 September 2011 - 06:21 PM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi.

There is a yellow question mark.

Posted Image





SystemLook Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:01 on 01/09/2011 by UserXP
Administrator - Elevation successful

========== filefind ==========

Searching for "*Inside the GRE '98*"
No files found.

Searching for "*IGRE98*"
No files found.

Searching for "*IGREC*"
C:\WINDOWS\IGREC.ini --a--c- 155 bytes [09:00 03/10/2009] [09:00 03/10/2009] EE32B600A399353D3617721C04DE36F6

========== folderfind ==========

Searching for "*Inside the GRE '98*"
No folders found.

Searching for "*IGRE98*"
C:\Program Files\Review\IGRE98 d------ [09:00 03/10/2009]

Searching for "*IGREC*"
C:\Program Files\Review\IGRE98\IGREC d------ [09:00 03/10/2009]

Searching for "*Review*"
C:\Documents and Settings\All Users\Start Menu\Programs\Princeton Review d------ [09:00 03/10/2009]
C:\Documents and Settings\UserXP\Start Menu\Programs\Cambridge Review GRE d------ [09:04 03/10/2009]
C:\Program Files\Review d------ [09:00 03/10/2009]
C:\Program Files\Adobe\Photoshop 7.0\Helpers\Preview In d------ [06:38 20/10/2009]
C:\Program Files\Common Files\Ahead\Lib\NeroPreview d------ [14:59 19/02/2010]
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveDocumentReview d------ [13:46 18/05/2010]
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview d------ [13:46 18/05/2010]

========== Regfind ==========

Searching for "Inside the GRE '98"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inside the GRE '98]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inside the GRE '98]
"DisplayName"="Inside the GRE '98"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\ⰨԎƈ6ż܎C:\SWSetup\SP36267\Broadcom\DrvInst\*INSIDE THE GRE '98*]

Searching for "IGRE98"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inside the GRE '98]
"UninstallString"="C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Review\IGRE98\IGREC\Uninst.isu""
[HKEY_LOCAL_MACHINE\SOFTWARE\The Princeton Review\Inside the GRE\3.0\Main]
"Install Dir"="C:\Program Files\Review\IGRE98\IGREC"
[HKEY_LOCAL_MACHINE\SOFTWARE\The Princeton Review\Inside the GRE\3.0\Main]
"CommandLine"="C:\Program Files\Review\IGRE98\IGREC\IntheGRE.exe"

Searching for "IGREC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inside the GRE '98]
"UninstallString"="C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Review\IGRE98\IGREC\Uninst.isu""
[HKEY_LOCAL_MACHINE\SOFTWARE\The Princeton Review\Inside the GRE\3.0\Main]
"Install Dir"="C:\Program Files\Review\IGRE98\IGREC"
[HKEY_LOCAL_MACHINE\SOFTWARE\The Princeton Review\Inside the GRE\3.0\Main]
"CommandLine"="C:\Program Files\Review\IGRE98\IGREC\IntheGRE.exe"

-= EOF =-





checkhd.txt


The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

30716248 KB total disk space.
23972544 KB in 212097 files.
72480 KB in 17257 indexes.
0 KB in bad sectors.
365784 KB in use by the system.
65536 KB occupied by the log file.
6305440 KB available on disk.

4096 bytes in each allocation unit.
7679062 total allocation units on disk.
1576360 allocation units available on disk.



Thanks

Regards
Jolene Singh
  • 0

#12
Dakeyras
Posted 03 September 2011 - 01:21 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

There is a yellow question mark.

Have you at any time fitted say a new Motherboard Network Adapter and or used a Wireless USB Adapter at all?

We will deal with the results of the Check Hard Disk For Errors first as follows...

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\OTL-backup

Now click on OK.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the quote-box(do not copy the word quote)to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Files
C:\WINDOWS\IGREC.ini
C:\Program Files\Review
C:\Documents and Settings\All Users\Start Menu\Programs\Princeton Review
C:\Documents and Settings\UserXP\Start Menu\Programs\Cambridge Review GRE

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inside the GRE '98]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\???6z?C:\SWSetup\SP36267\Broadcom\DrvInst\*INSIDE THE GRE '98*]
[-HKEY_LOCAL_MACHINE\SOFTWARE\The Princeton Review\Inside the GRE\3.0\Main]

:Commands
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Panda Online Scan:

Please go here to run Panda's ActiveScan

  • Once you are on the Panda site, click the Scan your PC button.
  • A new window will open...select the option Full Scan then click on the Scan Now button.
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes.
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Panda Online Scan Log.

  • 0

#13
jolene singh
Posted 05 September 2011 - 06:34 AM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Hi.

The computer seems okay. I didn't pay attention if the pop-up for "add new hardware" came or not after the Panda scan. Will check it once I restart again.

OTL scan: Again when restarting, my computer got hanged at "Shutting Down" screen, so I had to manually press the power button to switch it off and start again.

All processes killed
========== FILES ==========
C:\WINDOWS\IGREC.ini moved successfully.
C:\Program Files\Review\IGRE98\IGREP folder moved successfully.
C:\Program Files\Review\IGRE98\IGREC\tester\xtras folder moved successfully.
C:\Program Files\Review\IGRE98\IGREC\tester folder moved successfully.
C:\Program Files\Review\IGRE98\IGREC folder moved successfully.
C:\Program Files\Review\IGRE98 folder moved successfully.
C:\Program Files\Review folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Princeton Review folder moved successfully.
C:\Documents and Settings\UserXP\Start Menu\Programs\Cambridge Review GRE folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inside the GRE '98\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\???6z?C:\SWSetup\SP36267\Broadcom\DrvInst\*INSIDE THE GRE '98*\ not found.
Invalid CLSID key: *INSIDE THE GRE '98*
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\The Princeton Review\Inside the GRE\3.0\Main\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UserXP
->Temp folder emptied: 13181065 bytes
->Temporary Internet Files folder emptied: 7756529 bytes
->Java cache emptied: 110524 bytes
->Google Chrome cache emptied: 231719693 bytes
->Flash cache emptied: 1591 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 316186 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2410991 bytes

Total Files Cleaned = 244.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.5 log created on 09042011_231254

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_620.dat not found!

Registry entries deleted on Reboot...




Panda ActiveScan:


;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-09-05 06:14:01
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET Smart Security 5.0 5.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\userxp@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\1l8k3ix6.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\userxp@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\pcemxlpy.txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\userxp@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\userxp@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\upxu8sef.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\userxp@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\userxp@serving-sys[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\userxp@overture[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\userxp\cookies\userxp@zedo[2].txt
07372717 Trj/WL-heur.A Virus/Trojan No 0 Yes No c:\windows\system32\dllcache\proquota.exe
07372717 Trj/WL-heur.A Virus/Trojan No 0 Yes No c:\windows\system32\proquota.exe
08868462 Trj/Hupigon.BDH Virus/Trojan No 0 Yes No c:\system volume information\_restore{ca23fb59-43cd-42e3-8bbf-8a5dd6d08e40}\rp496\a0116944.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================



Thanks

Regards
Jolene
  • 0

#14
jolene singh
Posted 05 September 2011 - 03:08 PM

jolene singh

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Have you at any time fitted say a new Motherboard Network Adapter and or used a Wireless USB Adapter at all?


What are these?
I have a laptop, so I don't think I can attach anything to it, except USB devices.

Regards
Jolene
  • 0

#15
Dakeyras
Posted 06 September 2011 - 03:35 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

The computer seems okay. I didn't pay attention if the pop-up for "add new hardware" came or not after the Panda scan. Will check it once I restart again.

OTL scan: Again when restarting, my computer got hanged at "Shutting Down" screen, so I had to manually press the power button to switch it off and start again.

OK and thanks for the update.

What are these?
I have a laptop, so I don't think I can attach anything to it, except USB devices.

Fair play this informs myself you have not and it may be a problem with something else...I will try and pinpoint what exactly if able. Do however inform myself if the same error does occur again, thank you.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP