Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware and browser hijacker


  • This topic is locked This topic is locked

#1
VistauserUS

VistauserUS

    New Member

  • Member
  • Pip
  • 5 posts
Hello there. I am running Vista on my home machine. I have multiple problems it looks like. My desktop has disappeared as have all my programs. I do however see the files thru explorer. I also seem to have a browser hijacker called nobelsearch. When I try to search it is always redirected to nobelsearch. I have tried Malwarebytes, superantispyware as well as McAfee and none of them have cleaned up the machine or restored my desktop. Can you help?
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, I hope you have not run any temporary file cleaners yet

I have several programmes for you to run please do them in the order specified

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Re-run Roguekiller
  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

NEXT

Download and run Unhide.exe

All of your icons and drives should now have returned, now to look for the remants

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
VistauserUS

VistauserUS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi there

Thank you for your help. I have completed the steps and am posting the files. The first one is result of roguekiller option2.

RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Safe mode with network support
User: Rajeev [Admin rights]
Mode: Shortcuts HJfix -- Date : 10/22/2011 14:25:59

Bad processes: 0

Driver: [NOT LOADED]

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 102 / Fail 0
User folder: Success 27036 / Fail 0
My documents: Success 427 / Fail 0
My favorites: Success 51 / Fail 0
My pictures: Success 7825 / Fail 0
My music: Success 13450 / Fail 0
My videos: Success 946 / Fail 0
Local drives: Success 12170 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume8 -- 0x2 --> Restored

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Good all your files, folders and icons should be back now
  • 0

#5
VistauserUS

VistauserUS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
here is the result of running roguekiller with option 6

RogueKiller V6.1.4 [10/22/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6000 ) 32 bits version
Started in : Safe mode with network support
User: Rajeev [Admin rights]
Mode: Shortcuts HJfix -- Date : 10/22/2011 14:25:59

Bad processes: 0

Driver: [NOT LOADED]

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 102 / Fail 0
User folder: Success 27036 / Fail 0
My documents: Success 427 / Fail 0
My favorites: Success 51 / Fail 0
My pictures: Success 7825 / Fail 0
My music: Success 13450 / Fail 0
My videos: Success 946 / Fail 0
Local drives: Success 12170 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume8 -- 0x2 --> Restored

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#6
VistauserUS

VistauserUS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Below is the OTL.TXT

OTL logfile created on: 10/22/2011 2:43:30 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rajeev\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 70.92% Memory free
6.18 Gb Paging File | 5.72 Gb Available in Paging File | 92.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 57.44 Gb Free Space | 19.94% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.12 Gb Free Space | 61.22% Space Free | Partition Type: NTFS

Computer Name: RAJEEV-HOME | User Name: Rajeev | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 14:38:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rajeev\Downloads\OTL.exe
PRC - [2011/10/22 14:09:43 | 000,261,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (McODS)
SRV - [2011/10/22 14:11:21 | 000,354,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/10/22 14:11:21 | 000,354,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/10/22 14:11:21 | 000,354,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/10/22 14:11:21 | 000,354,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/10/22 14:11:21 | 000,354,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/10/22 14:11:21 | 000,354,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/10/22 14:11:21 | 000,354,304 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/10/22 14:09:43 | 000,261,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/10/22 11:27:18 | 000,305,664 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/10/22 10:45:58 | 000,744,448 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2011/10/22 10:45:50 | 000,290,816 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2011/10/22 10:45:50 | 000,235,008 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/22 10:45:49 | 000,327,680 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2011/10/22 09:44:45 | 000,366,592 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/10/22 09:37:14 | 001,019,904 | ---- | M] () [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2011/10/22 09:35:07 | 001,187,328 | ---- | M] (Acresso Software Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/02/06 17:23:13 | 000,265,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/10/22 14:26:23 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/15 10:00:06 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/08/15 10:00:06 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/08/15 10:00:06 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/08/15 10:00:06 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/08/15 10:00:06 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/08/15 10:00:06 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/08/15 10:00:06 | 000,064,712 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/08/15 10:00:06 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/08/15 10:00:06 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/07/26 11:26:42 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)
DRV - [2008/07/26 11:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:58 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2008/07/26 11:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/06 17:21:32 | 000,066,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV - [2007/10/11 21:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=0080206
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...us&ibd=0080206"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.143
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Rajeev\AppData\Roaming\Mozilla\Firefox\Profiles\hqdfizi1.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rajeev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/03/26 20:34:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/10/22 11:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/09 19:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/09 19:27:25 | 000,000,000 | ---D | M]

[2010/09/05 17:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rajeev\AppData\Roaming\Mozilla\Extensions
[2011/10/22 09:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rajeev\AppData\Roaming\Mozilla\Firefox\Profiles\hqdfizi1.default\extensions
[2010/12/28 00:04:28 | 000,000,000 | ---D | M] () -- C:\Users\Rajeev\AppData\Roaming\Mozilla\Firefox\Profiles\hqdfizi1.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/09/05 20:04:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rajeev\AppData\Roaming\Mozilla\Firefox\Profiles\hqdfizi1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/22 09:45:24 | 000,000,000 | ---D | M] (.) -- C:\Users\Rajeev\AppData\Roaming\Mozilla\Firefox\Profiles\hqdfizi1.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2011/10/20 12:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rajeev\AppData\Roaming\Mozilla\Firefox\Profiles\hqdfizi1.default\extensions\[email protected]
[2011/03/06 14:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/03/12 13:16:47 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Rajeev\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Rajeev\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Rajeev\AppData\Roaming\Mozilla\Firefox\Profiles\hqdfizi1.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Rajeev\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2011/10/22 02:51:45 | 000,000,884 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 94.63.240.133 www.google.com
O1 - Hosts: 94.63.240.134 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111020115338.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3262827584-1442369907-2624123555-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.128.23 205.152.37.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BE94010-2486-4F16-ACE7-599E5D45752E}: DhcpNameServer = 205.152.128.23 205.152.37.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{700FD987-D8CA-4F31-8CE2-C551B24CF927}: DhcpNameServer = 205.152.128.23 205.152.37.23
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Inspiron_DT_1152x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Inspiron_DT_1152x864_01.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/25 18:37:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/10/22 14:17:02 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\Desktop\RK_Quarantine
[2011/10/22 11:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/10/22 10:27:44 | 000,536,576 | ---- | C] (Mozilla Foundation) -- C:\ProgramData\1kAlMiG2Kb7FzP.exe
[2011/10/22 09:59:12 | 000,512,000 | ---- | C] (Mozilla Foundation) -- C:\ProgramData\bANGCAtUauI.exe
[2011/10/22 09:30:50 | 000,219,136 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\System32\0.5670292632643963.exe
[2011/10/21 17:44:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/21 16:44:45 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/21 16:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/10/21 16:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/21 16:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/20 12:11:55 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/20 11:53:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/20 11:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\XxxPP0uccSibDoG
[2011/10/20 11:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\PCCeekIIVrzNtA0
[2011/10/20 11:31:33 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\Fighters
[2011/10/15 10:19:52 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\OrrllONtxPucSiD
[2011/10/15 10:19:52 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\LnnGG4amH6WJ7E
[2011/10/13 08:16:36 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\TOOONNtxP
[2011/10/13 08:16:36 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\qLLL99gTZqjYwkV
[2011/10/13 08:16:29 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\LhhhTXXqjUC
[2011/10/13 08:16:28 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\TooobFF4pmG5QJd
[2011/10/13 08:16:28 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\d9hhYYXwjUVelBz
[2011/10/10 16:46:10 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\Titanium Gears
[2011/10/09 19:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/09 19:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/09 19:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/09 19:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/09 19:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/09 19:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/08 18:39:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2011/10/08 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Oasis
[2011/10/08 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Music Oasis
[2011/10/08 18:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2011/10/08 18:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/10/08 18:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2011/10/08 18:38:17 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\Documents\DealRunner
[2011/10/08 18:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/10/08 18:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/10/08 18:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/09/28 17:01:42 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Local\WinZip
[2011/09/28 17:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/09/28 17:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/09/28 16:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/25 19:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/09/25 19:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/09/25 19:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011/09/25 19:01:59 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Local\Autodesk
[2011/09/25 19:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2011/09/25 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2011/09/25 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\Autodesk
[2011/09/25 18:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2011/09/25 18:37:29 | 000,000,000 | ---D | C] -- C:\Autodesk

========== Files - Modified Within 30 Days ==========

[2011/10/22 14:26:23 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 14:19:41 | 000,617,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/22 14:19:41 | 000,103,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/22 14:12:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/22 14:09:49 | 000,003,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 14:09:48 | 000,003,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 14:08:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/10/22 13:26:06 | 000,573,952 | ---- | M] (Autodesk, Inc.) -- C:\Windows\System32\AcSignOpt.exe
[2011/10/22 12:52:42 | 004,599,808 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/10/22 11:45:53 | 000,208,896 | ---- | M] () -- C:\Windows\System32\WRKGADM.EXE
[2011/10/22 11:08:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/22 10:28:16 | 000,000,400 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/22 10:28:11 | 000,000,232 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/22 10:28:10 | 000,000,120 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/22 10:13:36 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/22 09:58:08 | 000,001,682 | ---- | M] () -- C:\Users\Rajeev\AppData\Local\dfl20z32.dll
[2011/10/22 09:46:10 | 000,000,000 | ---- | M] () -- C:\Users\Rajeev\AppData\Local\{522354F9-3319-4684-B672-34F1BE872A93}
[2011/10/22 09:31:57 | 000,104,843 | ---- | M] () -- C:\Windows\System32\0.6117227067715688.exe
[2011/10/22 09:31:15 | 000,219,136 | ---- | M] (Корпорация Майкрософт) -- C:\Windows\System32\0.5670292632643963.exe
[2011/10/22 09:16:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/22 02:51:45 | 000,000,884 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/21 17:32:15 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/20 19:56:07 | 000,001,356 | ---- | M] () -- C:\Users\Rajeev\AppData\Local\d3d9caps.dat
[2011/10/20 19:39:48 | 000,537,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/20 16:36:24 | 000,000,635 | ---- | M] () -- C:\Users\Rajeev\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/20 12:11:56 | 000,000,611 | ---- | M] () -- C:\Users\Rajeev\Desktop\System Restore.lnk
[2011/10/12 17:50:19 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\WebReg Photosmart 3300 series.job
[2011/10/12 14:32:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/09 16:35:56 | 000,148,449 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011/10/08 18:38:49 | 000,001,696 | ---- | M] () -- C:\Users\Rajeev\Desktop\7 GB FREE - Online Backup from MiMedia!.lnk
[2011/10/08 18:38:49 | 000,001,687 | ---- | M] () -- C:\Users\Rajeev\Desktop\Free Games!!.lnk
[2011/10/08 18:38:47 | 000,001,697 | ---- | M] () -- C:\Users\Rajeev\Desktop\Free Dolphin Screensaver.lnk
[2011/09/25 21:12:29 | 000,002,453 | ---- | M] () -- C:\Users\Rajeev\Desktop\AutoCAD 2011 - English.lnk
[2011/09/25 19:34:18 | 000,000,208 | ---- | M] () -- C:\Users\Rajeev\Documents\Drawing1.dwl2
[2011/09/25 19:34:18 | 000,000,058 | ---- | M] () -- C:\Users\Rajeev\Documents\Drawing1.dwl

========== Files Created - No Company Name ==========

[2011/10/22 14:17:03 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 10:28:10 | 000,000,232 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/22 10:28:10 | 000,000,120 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/22 10:28:03 | 000,000,400 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/22 09:47:25 | 000,001,682 | ---- | C] () -- C:\Users\Rajeev\AppData\Local\dfl20z32.dll
[2011/10/22 09:46:10 | 000,000,000 | ---- | C] () -- C:\Users\Rajeev\AppData\Local\{522354F9-3319-4684-B672-34F1BE872A93}
[2011/10/22 09:30:56 | 000,104,843 | ---- | C] () -- C:\Windows\System32\0.6117227067715688.exe
[2011/10/21 06:17:07 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/10/20 16:36:24 | 000,000,635 | ---- | C] () -- C:\Users\Rajeev\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/20 12:11:56 | 000,000,611 | ---- | C] () -- C:\Users\Rajeev\Desktop\System Restore.lnk
[2011/10/12 17:50:18 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\WebReg Photosmart 3300 series.job
[2011/10/08 18:38:49 | 000,001,696 | ---- | C] () -- C:\Users\Rajeev\Desktop\7 GB FREE - Online Backup from MiMedia!.lnk
[2011/10/08 18:38:49 | 000,001,687 | ---- | C] () -- C:\Users\Rajeev\Desktop\Free Games!!.lnk
[2011/10/08 18:38:47 | 000,001,697 | ---- | C] () -- C:\Users\Rajeev\Desktop\Free Dolphin Screensaver.lnk
[2011/09/25 21:12:26 | 000,002,453 | ---- | C] () -- C:\Users\Rajeev\Desktop\AutoCAD 2011 - English.lnk
[2011/09/25 19:34:18 | 000,000,208 | ---- | C] () -- C:\Users\Rajeev\Documents\Drawing1.dwl2
[2011/09/25 19:34:18 | 000,000,058 | ---- | C] () -- C:\Users\Rajeev\Documents\Drawing1.dwl
[2009/10/28 15:39:08 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/09 18:46:04 | 000,148,935 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2009/06/09 18:46:04 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2009/05/31 12:36:01 | 000,001,356 | ---- | C] () -- C:\Users\Rajeev\AppData\Local\d3d9caps.dat
[2008/12/06 18:22:45 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/12/04 05:35:20 | 000,156,672 | ---- | C] () -- C:\Windows\System32\hooks.dll
[2008/09/28 08:35:42 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/03 11:36:19 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/07/26 09:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/03/28 17:49:43 | 000,096,577 | ---- | C] () -- C:\Windows\hpqins16.dat
[2008/03/03 18:08:24 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2008/03/03 18:08:23 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/03/03 18:08:23 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/12 21:44:54 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2008/02/12 20:33:48 | 000,148,449 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/02/12 20:33:36 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2008/02/11 18:41:22 | 000,028,672 | ---- | C] () -- C:\Users\Rajeev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/06 17:31:21 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/06 17:31:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/06 17:31:21 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/02/06 17:31:21 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/06 17:21:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys
[2008/02/06 09:39:32 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/02/13 13:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,537,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,617,662 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,440 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/07/11 01:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is aswMBR still running ?
  • 0

#8
VistauserUS

VistauserUS

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No it is not
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the log please as that is checking the MBR for infection. On completion of this run can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    [2011/10/22 09:45:24 | 000,000,000 | ---D | M] (.) -- C:\Users\Rajeev\AppData\Roaming\Mozilla\Firefox\Profiles\hqdfizi1.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    [2011/10/22 10:27:44 | 000,536,576 | ---- | C] (Mozilla Foundation) -- C:\ProgramData\1kAlMiG2Kb7FzP.exe
    [2011/10/22 09:59:12 | 000,512,000 | ---- | C] (Mozilla Foundation) -- C:\ProgramData\bANGCAtUauI.exe
    [2011/10/22 09:30:50 | 000,219,136 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\System32\0.5670292632643963.exe
    [2011/10/20 11:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\XxxPP0uccSibDoG
    [2011/10/20 11:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\PCCeekIIVrzNtA0
    [2011/10/15 10:19:52 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\OrrllONtxPucSiD
    [2011/10/15 10:19:52 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\LnnGG4amH6WJ7E
    [2011/10/13 08:16:36 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\TOOONNtxP
    [2011/10/13 08:16:36 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\qLLL99gTZqjYwkV
    [2011/10/13 08:16:29 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\LhhhTXXqjUC
    [2011/10/13 08:16:28 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\TooobFF4pmG5QJd
    [2011/10/13 08:16:28 | 000,000,000 | ---D | C] -- C:\Users\Rajeev\AppData\Roaming\d9hhYYXwjUVelBz
    [2011/10/22 10:28:16 | 000,000,400 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
    [2011/10/22 10:28:11 | 000,000,232 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
    [2011/10/22 10:28:10 | 000,000,120 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
    [2011/10/22 10:28:10 | 000,000,232 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
    [2011/10/22 10:28:10 | 000,000,120 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
    [2011/10/22 10:28:03 | 000,000,400 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
    [2011/10/22 09:47:25 | 000,001,682 | ---- | C] () -- C:\Users\Rajeev\AppData\Local\dfl20z32.dll
    [2011/10/22 09:46:10 | 000,000,000 | ---- | C] () -- C:\Users\Rajeev\AppData\Local\{522354F9-3319-4684-B672-34F1BE872A93}
    [2011/10/22 09:30:56 | 000,104,843 | ---- | C] () -- C:\Windows\System32\0.6117227067715688.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP