Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus.Ramnit and Zbot.g removed - still cannot access antivirus/micros

Started by unlasheddeer , Dec 03 2011 03:41 PM

Please log in to reply

#1
unlasheddeer

Posted 03 December 2011 - 03:41 PM

New Member

Member
6 posts

Hi All,

I seem to acquired Virus.Ramnit, Zbot.g and some other malware.

I think I acquired it from browsing some free content sites. This morning I started getting User Account Control prompts to allow CMD access to an unknown application. (which i did not approve)
I then ran full system scans, first using Malwarebytes, which caught and removed many instances of Virus.Ramnit. Then i ran a full system scan using AVG, which caught and healed many instances of Zbot.g. However, it still keeps periodically showing even more instances of the same virus in other files.
Furthermore, i cannot access any antivirus site or microsoft website now. Gmail in standard view also runs very slowly (seems to be running fine in HTML mode). Google Chrome won't start (tried unstalling and reinstalling).
I have pasted the OTL log below. Please let me know if i need to post any other info and I will post immediately.

Many thanks in advance for your help. This seems to an amazing forum of dedicated people!

OTL logfile created on: 03/12/2011 21:31:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rajat\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.02% Memory free
6.21 Gb Paging File | 4.41 Gb Available in Paging File | 71.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.97 Gb Total Space | 56.70 Gb Free Space | 20.04% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.14 Gb Free Space | 67.60% Space Free | Partition Type: NTFS

Computer Name: RAJAT-PC | User Name: Rajat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/12/03 21:04:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rajat\Desktop\OTL.exe
PRC - [2011/11/13 10:37:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/27 08:57:46 | 002,078,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/10/27 08:54:37 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/20 11:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/25 22:39:54 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/24 07:08:19 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 14:26:11 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 14:26:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 14:25:12 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 08:26:18 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/20 08:26:08 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/20 08:25:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/03 08:05:40 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/12/03 08:05:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/12/03 07:45:50 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/12/03 07:43:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/11/13 10:37:45 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/17 18:42:55 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008/12/22 10:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2008/12/01 05:42:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/13 01:01:47 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/17 14:26:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/24 20:57:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/20 08:26:08 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/20 08:25:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/31 09:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV - [2011/10/07 17:47:45 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/10/07 17:47:43 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 17:47:42 | 000,488,208 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/09/12 20:24:03 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/09/04 10:22:47 | 000,081,936 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/06 06:07:25 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 14:25:13 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/01 03:19:18 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/01 03:19:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/11/11 16:23:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/11/09 03:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/09/04 22:35:37 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/20 08:26:22 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/12 10:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/02/10 09:40:28 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV - [2009/02/10 09:40:26 | 000,271,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Vid.sys -- (OA008Vid)
DRV - [2008/12/22 10:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/01 05:42:28 | 004,016,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/12/01 05:42:28 | 004,016,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/20 15:15:22 | 000,034,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2008/10/08 09:37:36 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/09/16 09:11:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/09/16 09:11:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/09/16 09:10:56 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: {BE2100B3-1D80-48eb-ACCF-D26750644378}:0.4.23
FF - prefs.js..extensions.enabledItems: {9F929BB4-CD50-495C-909B-1DD1A6A989A6}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Rajat\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rajat\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rajat\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/12 20:25:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 01:37:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 10:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 20:53:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9F929BB4-CD50-495C-909B-1DD1A6A989A6}: C:\Users\Rajat\AppData\Local\{9F929BB4-CD50-495C-909B-1DD1A6A989A6} [2010/10/18 22:29:01 | 000,000,000 | ---D | M]

[2009/09/05 08:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Extensions
[2011/11/13 10:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions
[2010/04/30 00:48:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/10 15:46:58 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/04/07 20:58:50 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2009/09/13 12:39:57 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/05/08 20:54:42 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2010/04/30 00:48:50 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2011/04/07 20:58:54 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2011/04/07 20:58:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2011/11/13 10:38:15 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2010/12/18 22:56:20 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2011/07/12 13:40:46 | 000,001,947 | ---- | M] () -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\searchplugins\a-wiki-of-ice-and-fire-en.xml
[2011/12/03 20:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/28 21:35:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/12/03 20:23:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/11/16 23:59:44 | 000,000,000 | ---D | M] (Hide My IP) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\USERS\RAJAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JESCPK74.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RAJAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JESCPK74.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/11/13 10:37:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/10/28 09:15:22 | 000,255,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npnipp.dll
[2008/10/28 09:15:24 | 000,107,792 | ---- | M] (Novell Inc.) -- C:\Program Files\mozilla firefox\plugins\npnisp.dll
[2011/10/23 06:28:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 10:37:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Novell iPrint Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npnipp.dll
CHR - plugin: Novell iPrint Scriptable Plug-in 1.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npnisp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Rajat\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Users\Rajat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\

O1 HOSTS File: ([2011/03/20 09:58:46 | 000,001,066 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 173.212.255.178 embedded.garena.com
O1 - Hosts: 173.212.255.178 embedded.garenanow.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TncRufnu] C:\Users\Rajat\AppData\Local\lhkfkfee\tncrufnu.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Rajat\AppData\Roaming\FlashGetBHO\GetAllUrl.htm File not found
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Rajat\AppData\Roaming\FlashGetBHO\GetUrl.htm File not found
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O15 - HKCU\..Trusted Domains: diamondconsultants.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: diamondconsultants.com ([apply] https in Trusted sites)
O15 - HKCU\..Trusted Domains: london.edu ([portal] https in Trusted sites)
O15 - HKCU\..Trusted Domains: symplicity.com ([london-csm] https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{660D73FB-58BD-4691-918E-C8DC2E83A96C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9040D51A-5D38-49AD-8022-28A72F5BEDDB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll C:\Windows\system32\guard32.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{445f24fe-c5cb-11de-bb35-002219f65d4c}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{d3a55dde-07ef-11df-b81f-002219f65d4c}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{ed716939-b571-11df-9464-002219f65d4c}\Shell - "" = Autorun
O33 - MountPoints2\{ed716939-b571-11df-9464-002219f65d4c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\unlock.exe
O33 - MountPoints2\{ed716939-b571-11df-9464-002219f65d4c}\Shell\open\command - "" = F:\unlock.exe
O33 - MountPoints2\{ff7125b9-bad9-11de-91e2-002219f65d4c}\Shell\1\Command - "" = F:\Recycled.exe
O33 - MountPoints2\{ff7125b9-bad9-11de-91e2-002219f65d4c}\Shell\2\Command - "" = F:\Recycled.exe
O33 - MountPoints2\{ff7125b9-bad9-11de-91e2-002219f65d4c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\OblivionLauncher.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\OblivionLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/03 21:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
[2011/12/03 21:05:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rajat\Desktop\OTL.exe
[2011/12/03 20:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/12/03 20:11:55 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/02 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\lhkfkfee
[2011/11/27 06:34:35 | 000,000,000 | ---D | C] -- C:\Users\Rajat\Documents\WB Games
[2011/11/27 06:23:36 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2011/11/27 06:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2011/11/27 06:22:40 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\Downloaded Installations
[2011/11/26 22:08:39 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Roaming\Origin
[2011/11/26 22:08:38 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\Origin
[2011/11/26 22:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Origin
[2011/11/26 22:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2011/11/26 22:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/11/26 22:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2011/11/26 07:57:21 | 000,000,000 | ---D | C] -- C:\Users\Rajat\Documents\Assassin's Creed Revelations
[2011/11/25 23:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/11/25 23:13:58 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2011/11/25 19:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/25 19:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/23 18:27:12 | 000,033,984 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2011/11/13 15:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2011/11/13 12:20:10 | 000,000,000 | ---D | C] -- C:\lanoire
[2011/11/13 06:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2011/11/11 17:17:23 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\Skyrim
[2011/11/11 05:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/05 12:36:04 | 000,000,000 | ---D | C] -- C:\Users\Rajat\Documents\Ubisoft
[2011/11/05 11:13:21 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\Ubisoft Game Launcher
[2011/11/05 09:26:56 | 000,000,000 | -H-D | C] -- C:\Users\Rajat\InstallAnywhere
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rajat\Desktop\*.tmp files -> C:\Users\Rajat\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/03 21:29:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 21:29:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 21:20:51 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6B69AA6F-3ADA-462C-B7EA-DCF258490292}.job
[2011/12/03 21:08:03 | 000,001,246 | ---- | M] () -- C:\Users\Public\Desktop\Batman - Arkham City.lnk
[2011/12/03 21:04:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rajat\Desktop\OTL.exe
[2011/12/03 21:01:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/03 20:51:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2622647993-3817205681-1033453672-1000UA.job
[2011/12/03 20:51:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2622647993-3817205681-1033453672-1000Core.job
[2011/12/03 17:30:13 | 000,000,000 | ---- | M] () -- C:\Users\Rajat\AppData\Local\prvlcl.dat
[2011/12/03 17:14:59 | 089,895,423 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/12/03 11:35:42 | 000,643,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/03 11:35:42 | 000,121,764 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/03 11:29:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/03 11:28:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/03 11:28:41 | 3215,835,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/03 07:40:40 | 000,382,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/03 07:03:32 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/12/01 19:41:51 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\TClock4.job
[2011/11/30 05:45:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\TClock3.job
[2011/11/29 06:45:37 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\TClock2.job
[2011/11/28 06:45:35 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\TClock1.job
[2011/11/26 22:47:43 | 000,025,088 | ---- | M] () -- C:\Users\Rajat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 22:07:16 | 000,000,680 | ---- | M] () -- C:\Users\Rajat\AppData\Local\d3d9caps.dat
[2011/11/26 07:53:25 | 000,000,882 | ---- | M] () -- C:\Users\Rajat\Desktop\AssassinsCreedRevelations.exe - Shortcut.lnk
[2011/11/25 19:45:52 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/17 14:30:53 | 000,000,544 | ---- | M] () -- C:\Users\Rajat\Desktop\LANoire.lnk
[2011/11/05 08:45:40 | 000,002,595 | ---- | M] () -- C:\Users\Rajat\Desktop\Mobipocket Reader.lnk
[2011/11/04 22:54:01 | 000,051,186 | ---- | M] () -- C:\Users\Rajat\AppData\Roaming\room_v3.dat
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rajat\Desktop\*.tmp files -> C:\Users\Rajat\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/03 21:08:03 | 000,001,246 | ---- | C] () -- C:\Users\Public\Desktop\Batman - Arkham City.lnk
[2011/12/03 07:03:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/11/26 07:53:25 | 000,000,882 | ---- | C] () -- C:\Users\Rajat\Desktop\AssassinsCreedRevelations.exe - Shortcut.lnk
[2011/11/25 19:45:52 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/17 14:30:53 | 000,000,544 | ---- | C] () -- C:\Users\Rajat\Desktop\LANoire.lnk
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/05/26 14:22:56 | 000,051,186 | ---- | C] () -- C:\Users\Rajat\AppData\Roaming\room_v3.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/24 18:30:45 | 000,046,658 | ---- | C] () -- C:\Users\Rajat\AppData\Roaming\room.dat
[2011/03/06 13:21:56 | 000,000,321 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010/11/14 03:08:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\emfxp.dll
[2010/11/14 03:08:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\unpdf.exe
[2010/10/18 22:29:05 | 000,000,120 | ---- | C] () -- C:\Users\Rajat\AppData\Local\Owujijolozikeq.dat
[2010/10/18 22:29:05 | 000,000,000 | ---- | C] () -- C:\Users\Rajat\AppData\Local\Cneruvurovilox.bin
[2010/08/26 18:47:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/15 16:10:49 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/05/15 16:10:49 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/05/15 16:10:49 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/03/14 02:19:10 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4EAAC0B088.sys
[2010/03/14 02:19:07 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/03/13 02:46:31 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/02/11 07:07:04 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2010/01/31 02:03:44 | 000,000,000 | ---- | C] () -- C:\Users\Rajat\AppData\Local\prvlcl.dat
[2010/01/01 03:19:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/01/01 03:19:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/12/14 06:57:39 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2009/10/12 21:44:45 | 000,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/12 21:44:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/12 21:44:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/12 21:44:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/04 14:47:21 | 000,000,680 | ---- | C] () -- C:\Users\Rajat\AppData\Local\d3d9caps.dat
[2009/09/24 13:47:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 13:47:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 13:46:50 | 000,217,088 | ---- | C] () -- C:\Windows\System32\WerFault.exe
[2009/09/24 09:55:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\nipplpte.exe
[2009/09/24 09:55:35 | 000,065,536 | ---- | C] () -- C:\Windows\System32\icapture.exe
[2009/09/24 09:55:35 | 000,034,592 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
[2009/09/23 14:10:47 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/23 14:10:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/13 19:39:35 | 000,025,088 | ---- | C] () -- C:\Users\Rajat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/13 12:39:46 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/09/07 11:51:08 | 000,162,304 | ---- | C] () -- C:\Windows\System32\Unwise32.exe
[2009/09/07 11:50:57 | 000,000,572 | ---- | C] () -- C:\Windows\DTOOLS.INI
[2009/09/07 11:50:42 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2009/09/07 11:50:42 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2009/09/07 11:50:41 | 001,683,456 | ---- | C] () -- C:\Windows\System32\LTCLR13n.dll
[2009/09/06 12:18:51 | 000,000,256 | ---- | C] () -- C:\Users\Rajat\AppData\Roaming\wklnhst.dat
[2009/09/01 00:01:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009/08/19 23:48:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/08/19 23:48:19 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/08/19 23:48:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/19 23:48:19 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/08/19 23:48:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/08/19 15:56:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/19 15:16:22 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/08/19 15:16:21 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/08/19 15:16:20 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/04/11 18:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/12/27 11:34:00 | 000,462,848 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2006/12/27 11:34:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,382,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,643,598 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,121,764 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/09 09:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe

========== LOP Check ==========

[2009/11/26 01:34:38 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\AlarmClock
[2009/11/07 00:48:40 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Bump Technologies, Inc
[2009/09/04 22:35:21 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\DAEMON Tools Pro
[2011/07/23 09:50:06 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Downloaded Installations
[2009/09/13 12:39:38 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\FlashGet
[2010/01/10 08:19:44 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\FOG Downloader
[2011/08/21 18:49:30 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\GarenaMessenger
[2010/12/20 21:00:38 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Hive Cluster
[2010/11/14 14:04:26 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Hothead Games
[2011/02/26 17:10:29 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Kalypso Media
[2011/07/28 07:50:20 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Lionhead Studios
[2011/04/09 15:05:55 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\LolClient
[2011/09/18 17:41:30 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Mobipocket
[2011/03/30 22:13:43 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Octoshape
[2011/11/26 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Origin
[2011/02/26 19:05:36 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\PPlive
[2011/03/17 04:46:39 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\PunkBuster
[2010/12/24 15:13:50 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\runic games
[2010/10/17 12:30:37 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\ScripterRon
[2009/11/27 14:29:49 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\SecondLife
[2011/11/28 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Spotify
[2011/12/03 12:07:45 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\SystemRequirementsLab
[2009/09/06 12:18:53 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Template
[2011/03/19 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\The Creative Assembly
[2010/04/17 09:26:28 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\Ubisoft
[2011/11/27 16:18:57 | 000,000,000 | ---D | M] -- C:\Users\Rajat\AppData\Roaming\uTorrent
[2011/12/03 11:27:30 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/28 06:45:35 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\TClock1.job
[2011/11/29 06:45:37 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\TClock2.job
[2011/11/30 05:45:00 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\TClock3.job
[2011/12/01 19:41:51 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\TClock4.job
[2011/12/03 21:20:51 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6B69AA6F-3ADA-462C-B7EA-DCF258490292}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6D88F1EE

< End of report >

#2
RKinner

Posted 03 December 2011 - 10:55 PM

Malware Expert

Expert
24,625 posts

You had something on F: that is infected.

I don't know what the 4 TClockx.jobs are doing so I have told OTL to get rid of them. If you trust them then delete the 4 lines that mention them before hitting Run Fix.

Are you still using Tiscali Internet service? If not add this line just after the O4 line below:

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/08/28 21:35:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/12/03 20:23:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
O4 - HKCU..\Run: [TncRufnu] C:\Users\Rajat\AppData\Local\lhkfkfee\tncrufnu.exe File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O33 - MountPoints2\{445f24fe-c5cb-11de-bb35-002219f65d4c}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{d3a55dde-07ef-11df-b81f-002219f65d4c}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{ed716939-b571-11df-9464-002219f65d4c}\Shell - "" = Autorun
O33 - MountPoints2\{ed716939-b571-11df-9464-002219f65d4c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\unlock.exe
O33 - MountPoints2\{ed716939-b571-11df-9464-002219f65d4c}\Shell\open\command - "" = F:\unlock.exe
O33 - MountPoints2\{ff7125b9-bad9-11de-91e2-002219f65d4c}\Shell\1\Command - "" = F:\Recycled.exe
O33 - MountPoints2\{ff7125b9-bad9-11de-91e2-002219f65d4c}\Shell\2\Command - "" = F:\Recycled.exe
O33 - MountPoints2\{ff7125b9-bad9-11de-91e2-002219f65d4c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Recycled.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\OblivionLauncher.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\OblivionLauncher.exe
[2011/12/02 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\lhkfkfee
[2011/12/01 19:41:51 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\TClock4.job
[2011/11/30 05:45:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\TClock3.job
[2011/11/29 06:45:37 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\TClock2.job
[2011/11/28 06:45:35 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\TClock1.job

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Your AVG is obsolete. Let's try the free Avast.

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Look in C:\ProgramData\Alwil Software (Could also be Avast Software)\Avast5\report\aswboot.txt for a text copy of the report and copy and paste it into a reply.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Ron

#3
unlasheddeer

Posted 04 December 2011 - 10:35 AM

New Member

Topic Starter
Member
6 posts

Hi Ron,

Thanks a lot for your early reply.

Below are the various logs.
For awsMBR.exe, the "Fix" buttion was not enabled after the completion of scan.
The avast Bootscan found 1 virus.

Your instructions were very helpful. thanks!

ComboFix file

ComboFix 11-12-04.02 - Rajat 04/12/2011 9:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.2011 [GMT 0:00]
Running from: c:\users\Rajat\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Rajat\AppData\Local\{9F929BB4-CD50-495C-909B-1DD1A6A989A6}
c:\users\Rajat\AppData\Local\{9F929BB4-CD50-495C-909B-1DD1A6A989A6}\chrome.manifest
c:\users\Rajat\AppData\Local\{9F929BB4-CD50-495C-909B-1DD1A6A989A6}\chrome\content\_cfg.js
c:\users\Rajat\AppData\Local\{9F929BB4-CD50-495C-909B-1DD1A6A989A6}\chrome\content\overlay.xul
c:\users\Rajat\AppData\Local\{9F929BB4-CD50-495C-909B-1DD1A6A989A6}\install.rdf
c:\users\Rajat\AppData\Local\axwhxajl.log
c:\users\Rajat\AppData\Local\hednpweh.log
c:\users\Rajat\AppData\Local\jatkyvik.log
c:\users\Rajat\AppData\Local\nomaeffi.log
c:\users\Rajat\AppData\Local\qrflhecn.log
c:\users\Rajat\AppData\Local\uocjvest.log
c:\users\Rajat\AppData\Local\vfjwoeaq.log
c:\users\Rajat\AppData\Local\wfypmldh.log
c:\windows\Downloaded Program Files\Install.inf
.
---- Previous Run -------
.
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\key_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\load_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\nodes.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\preferencesKad.dat
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\src_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\css\lightbox.css
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\builder.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\effects.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\lightbox.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\prototype.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\js\scriptaculous.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\id3lib.dll
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\statusbar_ad_bk.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\statusbar_ad_bk_long.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\unrar.dll
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\users\Rajat\AppData\Roaming\BITS\BITS.ini
c:\users\Rajat\AppData\Roaming\BITS\DHTTable.dat
c:\users\Rajat\AppData\Roaming\BITS\pl.dat
c:\users\Rajat\AppData\Roaming\BITS\ProxyList.ini
c:\users\Rajat\AppData\Roaming\BITS\UPnP.ini
c:\users\Rajat\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
c:\users\Rajat\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
c:\users\Rajat\AppData\Roaming\FlashGetBHO\GetUrl.htm
c:\windows\system32\oem7.inf
c:\windows\system32\secustat.dat
c:\windows\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 09:17 . 2011-12-04 09:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 08:24 . 2011-12-04 08:24 -------- d-----w- C:\_OTL
2011-12-03 20:27 . 2011-12-03 20:27 -------- d-----w- c:\program files\AMD APP
2011-12-03 06:14 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-12-03 06:14 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-03 06:14 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-03 06:14 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-03 06:14 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-03 06:05 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-27 06:23 . 2007-06-29 14:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-11-27 06:23 . 2011-11-27 06:23 -------- d-----w- c:\program files\AMD
2011-11-27 06:22 . 2011-11-27 06:22 -------- d-----w- c:\users\Rajat\AppData\Local\Downloaded Installations
2011-11-26 22:08 . 2011-11-26 22:09 -------- d-----w- c:\users\Rajat\AppData\Roaming\Origin
2011-11-26 22:08 . 2011-11-26 22:08 -------- d-----w- c:\users\Rajat\AppData\Local\Origin
2011-11-26 22:08 . 2011-12-03 21:28 -------- d-----w- c:\programdata\Origin
2011-11-26 22:08 . 2011-11-26 22:08 -------- d-----w- c:\program files\Origin Games
2011-11-26 22:08 . 2011-11-26 22:08 -------- d-----w- c:\program files\Origin
2011-11-25 23:47 . 2011-11-25 23:47 -------- d-----w- c:\program files\Ubisoft
2011-11-25 19:45 . 2011-11-25 19:45 -------- d-----w- c:\program files\CCleaner
2011-11-23 18:27 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-11-14 08:25 . 2011-11-14 08:25 -------- d-----w- c:\windows\system32\wbem\MOF\good
2011-11-14 08:25 . 2011-11-14 08:25 -------- d-----w- c:\windows\system32\wbem\MOF\bad
2011-11-13 15:54 . 2011-11-13 15:54 -------- d-----w- c:\program files\Rockstar Games
2011-11-13 12:20 . 2011-12-03 11:38 -------- d-----w- C:\lanoire
2011-11-13 06:22 . 2011-11-13 06:22 -------- d-----w- c:\programdata\Rockstar Games
2011-11-11 17:17 . 2011-11-11 17:17 -------- d-----w- c:\users\Rajat\AppData\Local\Skyrim
2011-11-05 11:13 . 2011-11-25 10:56 -------- d-----w- c:\users\Rajat\AppData\Local\Ubisoft Game Launcher
2011-11-05 09:26 . 2011-11-05 09:26 -------- d--h--w- c:\users\Rajat\InstallAnywhere
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 21:21 . 2011-10-25 21:21 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-25 21:21 . 2011-10-25 21:21 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-25 21:20 . 2011-10-25 21:20 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-07 17:47 . 2011-01-06 17:36 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:47 . 2011-01-06 17:36 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:47 . 2011-01-06 17:36 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2011-01-06 17:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2010-12-29 01:42 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 05:06 . 2010-04-20 17:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-13 10:37 . 2011-05-08 20:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...90&ver=9.0.894" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\guard32.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear Spark Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear Spark Device Manager.lnk
backup=c:\windows\pss\Philips GoGear Spark Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 11:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-04 20:59 135664 ----atw- c:\users\Rajat\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]
2008-10-28 09:15 66832 ----a-w- c:\windows\System32\iprntlgn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
2008-10-28 09:15 66832 ----a-w- c:\windows\System32\iprntctl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 17:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 13:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-04 10:18 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R3 GarenaPEngine;GarenaPEngine;c:\users\Rajat\AppData\Local\Temp\IEA8E3F.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Classic\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-04 722416]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 38616]
S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2008-10-20 34592]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-20 81920]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-09-04 81936]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-10-08 212992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [2009-02-10 133472]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [2009-02-10 271616]
S4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AvgLdx86
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 01:26]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 01:26]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2622647993-3817205681-1033453672-1000Core.job
- c:\users\Rajat\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-04 20:59]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2622647993-3817205681-1033453672-1000UA.job
- c:\users\Rajat\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-04 20:59]
.
2011-12-04 c:\windows\Tasks\User_Feed_Synchronization-{6B69AA6F-3ADA-462C-B7EA-DCF258490292}.job
- c:\windows\system32\msfeedssync.exe [2011-12-03 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All By FlashGet3 - c:\users\Rajat\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Rajat\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: diamondconsultants.com
Trusted Zone: diamondconsultants.com\apply
Trusted Zone: london.edu\portal
Trusted Zone: symplicity.com\london-csm
TCP: DhcpNameServer = 192.168.0.1
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-mspaint - c:\windows\system32\Paint.exe
MSConfigStartUp-Ndiduwus - c:\users\Rajat\AppData\Local\nwleti.dll
MSConfigStartUp-Nlemucobuhogeh - c:\users\Rajat\AppData\Local\edunazobesitefes.dll
MSConfigStartUp-ProxyWay - c:\program files\ProxyWay\proxyway.exe
MSConfigStartUp-svchost - c:\users\Rajat\AppData\Local\Temp\svchost.exe
MSConfigStartUp-sysinfo - c:\users\Rajat\AppData\Local\Temp\1292311247Wsy.dll
AddRemove-Baldur's Gate Tutu - c:\program files\BaldursGateTutu\Uninst.isu
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Rajat\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-04 09:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Rajat\AppData\Local\Temp\IEA8E3F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2622647993-3817205681-1033453672-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,78,e3,0b,29,bb,24,17,e5,98,13,23,42,78,62,f8,7b,29,4d,12,b5,
6f,59,e5,c9,8a,21,6f,78,43,03,d8,f5,84,9e,71,b3,f2,56,b9,90,0b,a2,99,0f,d8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\guard32.dll
.
Completion time: 2011-12-04 09:21:12
ComboFix-quarantined-files.txt 2011-12-04 09:20
.
Pre-Run: 76,448,866,304 bytes free
Post-Run: 81,724,608,512 bytes free
.
- - End Of File - - 5DB16F4E43DE9E3629D7BBE97CF2967F

TDSSkiller

10:14:26.0420 5192 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
10:14:28.0422 5192 ============================================================
10:14:28.0422 5192 Current date / time: 2011/12/04 10:14:28.0422
10:14:28.0422 5192 SystemInfo:
10:14:28.0422 5192
10:14:28.0422 5192 OS Version: 6.0.6002 ServicePack: 2.0
10:14:28.0422 5192 Product type: Workstation
10:14:28.0422 5192 ComputerName: RAJAT-PC
10:14:28.0422 5192 UserName: Rajat
10:14:28.0422 5192 Windows directory: C:\Windows
10:14:28.0422 5192 System windows directory: C:\Windows
10:14:28.0422 5192 Processor architecture: Intel x86
10:14:28.0422 5192 Number of processors: 2
10:14:28.0422 5192 Page size: 0x1000
10:14:28.0422 5192 Boot type: Normal boot
10:14:28.0422 5192 ============================================================
10:14:29.0580 5192 Initialize success
10:14:48.0980 6088 ============================================================
10:14:48.0980 6088 Scan started
10:14:48.0980 6088 Mode: Manual;
10:14:48.0980 6088 ============================================================
10:14:50.0038 6088 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:14:50.0042 6088 ACPI - ok
10:14:50.0078 6088 adfs - ok
10:14:50.0144 6088 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:14:50.0153 6088 adp94xx - ok
10:14:50.0189 6088 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:14:50.0196 6088 adpahci - ok
10:14:50.0225 6088 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:14:50.0227 6088 adpu160m - ok
10:14:50.0264 6088 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:14:50.0267 6088 adpu320 - ok
10:14:50.0389 6088 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:14:50.0396 6088 AFD - ok
10:14:50.0456 6088 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:14:50.0457 6088 agp440 - ok
10:14:50.0488 6088 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:14:50.0491 6088 aic78xx - ok
10:14:50.0523 6088 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:14:50.0524 6088 aliide - ok
10:14:50.0547 6088 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:14:50.0548 6088 amdagp - ok
10:14:50.0570 6088 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:14:50.0572 6088 amdide - ok
10:14:50.0599 6088 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:14:50.0601 6088 AmdK7 - ok
10:14:50.0627 6088 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:14:50.0629 6088 AmdK8 - ok
10:14:50.0723 6088 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
10:14:50.0724 6088 AmdLLD - ok
10:14:50.0783 6088 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:14:50.0785 6088 arc - ok
10:14:50.0830 6088 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:14:50.0832 6088 arcsas - ok
10:14:50.0909 6088 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:14:50.0910 6088 AsyncMac - ok
10:14:50.0964 6088 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:14:50.0965 6088 atapi - ok
10:14:51.0070 6088 AtiHDAudioService (f71b6ee018eadf4cfd52f3c83847e5f6) C:\Windows\system32\drivers\AtihdLH3.sys
10:14:51.0073 6088 AtiHDAudioService - ok
10:14:51.0222 6088 atikmdag (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys
10:14:51.0310 6088 atikmdag - ok
10:14:51.0413 6088 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
10:14:51.0419 6088 atksgt - ok
10:14:51.0470 6088 AvgTdiX - ok
10:14:51.0530 6088 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
10:14:51.0532 6088 BCM42RLY - ok
10:14:51.0614 6088 BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:14:51.0639 6088 BCM43XX - ok
10:14:51.0708 6088 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:14:51.0709 6088 Beep - ok
10:14:51.0753 6088 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:14:51.0755 6088 blbdrive - ok
10:14:51.0832 6088 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:14:51.0833 6088 bowser - ok
10:14:51.0869 6088 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:14:51.0870 6088 BrFiltLo - ok
10:14:51.0901 6088 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:14:51.0903 6088 BrFiltUp - ok
10:14:51.0929 6088 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:14:51.0932 6088 Brserid - ok
10:14:51.0954 6088 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:14:51.0956 6088 BrSerWdm - ok
10:14:51.0976 6088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:14:51.0977 6088 BrUsbMdm - ok
10:14:52.0001 6088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:14:52.0002 6088 BrUsbSer - ok
10:14:52.0061 6088 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:14:52.0101 6088 BTHMODEM - ok
10:14:52.0236 6088 catchme - ok
10:14:52.0284 6088 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:14:52.0286 6088 cdfs - ok
10:14:52.0344 6088 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:14:52.0345 6088 cdrom - ok
10:14:52.0382 6088 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:14:52.0384 6088 circlass - ok
10:14:52.0427 6088 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:14:52.0432 6088 CLFS - ok
10:14:52.0506 6088 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:14:52.0507 6088 CmBatt - ok
10:14:52.0601 6088 cmdGuard (0a2e8cde40d6fd252f4a66558d6cd18d) C:\Windows\system32\DRIVERS\cmdguard.sys
10:14:52.0610 6088 cmdGuard - ok
10:14:52.0629 6088 cmdHlp (beb0da2bf48a8f7ad3c49e893936466c) C:\Windows\system32\DRIVERS\cmdhlp.sys
10:14:52.0631 6088 cmdHlp - ok
10:14:52.0667 6088 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:14:52.0668 6088 cmdide - ok
10:14:52.0720 6088 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:14:52.0721 6088 Compbatt - ok
10:14:52.0739 6088 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:14:52.0740 6088 crcdisk - ok
10:14:52.0773 6088 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:14:52.0774 6088 Crusoe - ok
10:14:52.0875 6088 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:14:52.0878 6088 CtClsFlt - ok
10:14:52.0955 6088 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:14:52.0956 6088 DfsC - ok
10:14:53.0068 6088 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:14:53.0069 6088 disk - ok
10:14:53.0158 6088 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:14:53.0162 6088 dot4 - ok
10:14:53.0236 6088 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:14:53.0238 6088 Dot4Print - ok
10:14:53.0288 6088 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:14:53.0290 6088 dot4usb - ok
10:14:53.0340 6088 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:14:53.0341 6088 drmkaud - ok
10:14:53.0475 6088 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:14:53.0477 6088 DSproct - ok
10:14:53.0528 6088 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
10:14:53.0529 6088 dsunidrv - ok
10:14:53.0606 6088 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:14:53.0618 6088 DXGKrnl - ok
10:14:53.0662 6088 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
10:14:53.0667 6088 e1express - ok
10:14:53.0698 6088 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:14:53.0700 6088 E1G60 - ok
10:14:53.0775 6088 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:14:53.0778 6088 Ecache - ok
10:14:53.0819 6088 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:14:53.0827 6088 elxstor - ok
10:14:53.0861 6088 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
10:14:53.0862 6088 ErrDev - ok
10:14:53.0937 6088 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:14:53.0941 6088 exfat - ok
10:14:53.0983 6088 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:14:53.0986 6088 fastfat - ok
10:14:54.0034 6088 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:14:54.0035 6088 fdc - ok
10:14:54.0079 6088 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:14:54.0081 6088 FileInfo - ok
10:14:54.0106 6088 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:14:54.0108 6088 Filetrace - ok
10:14:54.0158 6088 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:14:54.0159 6088 flpydisk - ok
10:14:54.0194 6088 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:14:54.0198 6088 FltMgr - ok
10:14:54.0239 6088 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:14:54.0240 6088 Fs_Rec - ok
10:14:54.0276 6088 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:14:54.0278 6088 gagp30kx - ok
10:14:54.0401 6088 GarenaPEngine - ok
10:14:54.0467 6088 GGSAFERDriver - ok
10:14:54.0633 6088 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
10:14:54.0638 6088 HdAudAddService - ok
10:14:54.0709 6088 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:14:54.0720 6088 HDAudBus - ok
10:14:54.0750 6088 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:14:54.0751 6088 HidBth - ok
10:14:54.0776 6088 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:14:54.0778 6088 HidIr - ok
10:14:54.0854 6088 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:14:54.0855 6088 HidUsb - ok
10:14:54.0894 6088 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:14:54.0896 6088 HpCISSs - ok
10:14:54.0972 6088 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:14:54.0981 6088 HTTP - ok
10:14:55.0021 6088 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:14:55.0022 6088 i2omp - ok
10:14:55.0068 6088 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:14:55.0070 6088 i8042prt - ok
10:14:55.0107 6088 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:14:55.0112 6088 iaStorV - ok
10:14:55.0169 6088 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:14:55.0171 6088 iirsp - ok
10:14:55.0246 6088 inspect (2c03538258729852d55f9f2b8906a8b9) C:\Windows\system32\DRIVERS\inspect.sys
10:14:55.0248 6088 inspect - ok
10:14:55.0282 6088 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:14:55.0284 6088 intelide - ok
10:14:55.0297 6088 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:14:55.0298 6088 intelppm - ok
10:14:55.0359 6088 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:14:55.0361 6088 IpFilterDriver - ok
10:14:55.0375 6088 IpInIp - ok
10:14:55.0398 6088 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:14:55.0400 6088 IPMIDRV - ok
10:14:55.0432 6088 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:14:55.0435 6088 IPNAT - ok
10:14:55.0458 6088 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:14:55.0459 6088 IRENUM - ok
10:14:55.0484 6088 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:14:55.0485 6088 isapnp - ok
10:14:55.0551 6088 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:14:55.0555 6088 iScsiPrt - ok
10:14:55.0586 6088 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:14:55.0588 6088 iteatapi - ok
10:14:55.0632 6088 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:14:55.0634 6088 iteraid - ok
10:14:55.0696 6088 k57nd60x (e1d7dcbb8811f8be7784046d4dd3a837) C:\Windows\system32\DRIVERS\k57nd60x.sys
10:14:55.0700 6088 k57nd60x - ok
10:14:55.0720 6088 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:14:55.0722 6088 kbdclass - ok
10:14:55.0778 6088 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:14:56.0150 6088 kbdhid - ok
10:14:56.0216 6088 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:14:56.0225 6088 KSecDD - ok
10:14:56.0311 6088 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
10:14:56.0312 6088 lirsgt - ok
10:14:56.0369 6088 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:14:56.0371 6088 lltdio - ok
10:14:56.0407 6088 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:14:56.0410 6088 LSI_FC - ok
10:14:56.0433 6088 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:14:56.0436 6088 LSI_SAS - ok
10:14:56.0458 6088 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:14:56.0461 6088 LSI_SCSI - ok
10:14:56.0495 6088 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:14:56.0497 6088 luafv - ok
10:14:56.0553 6088 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
10:14:56.0554 6088 MBAMProtector - ok
10:14:56.0613 6088 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:14:56.0615 6088 megasas - ok
10:14:56.0683 6088 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:14:56.0691 6088 MegaSR - ok
10:14:56.0724 6088 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:14:56.0726 6088 Modem - ok
10:14:56.0756 6088 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:14:56.0758 6088 monitor - ok
10:14:56.0779 6088 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:14:56.0780 6088 mouclass - ok
10:14:56.0802 6088 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:14:56.0803 6088 mouhid - ok
10:14:56.0829 6088 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:14:56.0830 6088 MountMgr - ok
10:14:56.0873 6088 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:14:56.0875 6088 mpio - ok
10:14:56.0908 6088 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:14:56.0909 6088 mpsdrv - ok
10:14:56.0942 6088 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:14:56.0944 6088 Mraid35x - ok
10:14:56.0973 6088 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:14:56.0975 6088 MRxDAV - ok
10:14:57.0013 6088 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:14:57.0016 6088 mrxsmb - ok
10:14:57.0071 6088 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:14:57.0076 6088 mrxsmb10 - ok
10:14:57.0096 6088 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:14:57.0098 6088 mrxsmb20 - ok
10:14:57.0165 6088 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
10:14:57.0166 6088 msahci - ok
10:14:57.0204 6088 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:14:57.0207 6088 msdsm - ok
10:14:57.0230 6088 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:14:57.0231 6088 Msfs - ok
10:14:57.0275 6088 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:14:57.0276 6088 msisadrv - ok
10:14:57.0304 6088 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:14:57.0306 6088 MSKSSRV - ok
10:14:57.0339 6088 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:14:57.0341 6088 MSPCLOCK - ok
10:14:57.0362 6088 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:14:57.0363 6088 MSPQM - ok
10:14:57.0401 6088 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:14:57.0404 6088 MsRPC - ok
10:14:57.0424 6088 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:14:57.0425 6088 mssmbios - ok
10:14:57.0441 6088 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:14:57.0443 6088 MSTEE - ok
10:14:57.0461 6088 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:14:57.0462 6088 Mup - ok
10:14:57.0514 6088 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:14:57.0517 6088 NativeWifiP - ok
10:14:57.0565 6088 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:14:57.0568 6088 NDIS - ok
10:14:57.0587 6088 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:14:57.0589 6088 NdisTapi - ok
10:14:57.0606 6088 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:14:57.0607 6088 Ndisuio - ok
10:14:57.0640 6088 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:14:57.0643 6088 NdisWan - ok
10:14:57.0679 6088 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:14:57.0681 6088 NDProxy - ok
10:14:57.0695 6088 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:14:57.0696 6088 NetBIOS - ok
10:14:57.0739 6088 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:14:57.0742 6088 netbt - ok
10:14:57.0795 6088 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:14:57.0796 6088 nfrd960 - ok
10:14:57.0848 6088 nipplpt2 (90261461c75c1ef5db8de89a809dd3fb) C:\Windows\system32\drivers\nipplpt.sys
10:14:57.0849 6088 nipplpt2 - ok
10:14:57.0899 6088 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:14:57.0900 6088 Npfs - ok
10:14:57.0915 6088 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:14:57.0916 6088 nsiproxy - ok
10:14:57.0977 6088 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:14:57.0994 6088 Ntfs - ok
10:14:58.0032 6088 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:14:58.0033 6088 ntrigdigi - ok
10:14:58.0083 6088 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
10:14:58.0084 6088 NuidFltr - ok
10:14:58.0121 6088 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:14:58.0123 6088 Null - ok
10:14:58.0158 6088 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:14:58.0160 6088 nvraid - ok
10:14:58.0193 6088 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:14:58.0194 6088 nvstor - ok
10:14:58.0231 6088 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:14:58.0233 6088 nv_agp - ok
10:14:58.0244 6088 NwlnkFlt - ok
10:14:58.0258 6088 NwlnkFwd - ok
10:14:58.0319 6088 OA008Ufd (9f4a5990f326f91f4d2fcdd869b15ff4) C:\Windows\system32\DRIVERS\OA008Ufd.sys
10:14:58.0323 6088 OA008Ufd - ok
10:14:58.0347 6088 OA008Vid (abfd4952e8c4d3f8af6c416c76fe6e15) C:\Windows\system32\DRIVERS\OA008Vid.sys
10:14:58.0353 6088 OA008Vid - ok
10:14:58.0442 6088 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:14:58.0443 6088 ohci1394 - ok
10:14:58.0516 6088 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:14:58.0519 6088 Parport - ok
10:14:58.0562 6088 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:14:58.0563 6088 partmgr - ok
10:14:58.0592 6088 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:14:58.0593 6088 Parvdm - ok
10:14:58.0658 6088 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:14:58.0661 6088 pci - ok
10:14:58.0690 6088 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:14:58.0692 6088 pciide - ok
10:14:58.0719 6088 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:14:58.0723 6088 pcmcia - ok
10:14:58.0780 6088 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:14:58.0797 6088 PEAUTH - ok
10:14:58.0898 6088 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
10:14:58.0899 6088 Point32 - ok
10:14:58.0941 6088 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:14:58.0943 6088 PptpMiniport - ok
10:14:58.0971 6088 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:14:58.0973 6088 Processor - ok
10:14:59.0022 6088 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:14:59.0024 6088 PSched - ok
10:14:59.0076 6088 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
10:14:59.0077 6088 PxHelp20 - ok
10:14:59.0146 6088 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:14:59.0168 6088 ql2300 - ok
10:14:59.0190 6088 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:14:59.0193 6088 ql40xx - ok
10:14:59.0229 6088 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:14:59.0231 6088 QWAVEdrv - ok
10:14:59.0375 6088 R300 (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys
10:14:59.0411 6088 R300 - ok
10:14:59.0501 6088 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:14:59.0503 6088 RasAcd - ok
10:14:59.0531 6088 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:14:59.0534 6088 Rasl2tp - ok
10:14:59.0574 6088 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:14:59.0575 6088 RasPppoe - ok
10:14:59.0608 6088 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:14:59.0611 6088 RasSstp - ok
10:14:59.0656 6088 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:14:59.0660 6088 rdbss - ok
10:14:59.0676 6088 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:14:59.0677 6088 RDPCDD - ok
10:14:59.0719 6088 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:14:59.0724 6088 rdpdr - ok
10:14:59.0737 6088 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:14:59.0740 6088 RDPENCDD - ok
10:14:59.0769 6088 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:14:59.0774 6088 RDPWD - ok
10:14:59.0831 6088 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
10:14:59.0833 6088 rimmptsk - ok
10:14:59.0851 6088 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:14:59.0852 6088 rimsptsk - ok
10:14:59.0875 6088 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
10:14:59.0876 6088 rismxdp - ok
10:14:59.0907 6088 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:14:59.0909 6088 rspndr - ok
10:14:59.0946 6088 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:14:59.0948 6088 sbp2port - ok
10:15:00.0009 6088 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
10:15:00.0011 6088 SCDEmu - ok
10:15:00.0075 6088 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
10:15:00.0078 6088 sdbus - ok
10:15:00.0096 6088 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:15:00.0098 6088 secdrv - ok
10:15:00.0124 6088 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:15:00.0125 6088 Serenum - ok
10:15:00.0172 6088 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:15:00.0175 6088 Serial - ok
10:15:00.0214 6088 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:15:00.0215 6088 sermouse - ok
10:15:00.0260 6088 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:15:00.0262 6088 sffdisk - ok
10:15:00.0287 6088 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:15:00.0288 6088 sffp_mmc - ok
10:15:00.0310 6088 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:15:00.0311 6088 sffp_sd - ok
10:15:00.0343 6088 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:15:00.0344 6088 sfloppy - ok
10:15:00.0385 6088 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:15:00.0387 6088 sisagp - ok
10:15:00.0421 6088 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:15:00.0423 6088 SiSRaid2 - ok
10:15:00.0447 6088 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:15:00.0449 6088 SiSRaid4 - ok
10:15:00.0497 6088 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:15:00.0499 6088 Smb - ok
10:15:00.0521 6088 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:15:00.0522 6088 spldr - ok
10:15:00.0598 6088 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
10:15:00.0599 6088 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
10:15:00.0600 6088 sptd ( LockedFile.Multi.Generic ) - warning
10:15:00.0601 6088 sptd - detected LockedFile.Multi.Generic (1)
10:15:00.0666 6088 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:15:00.0670 6088 srv - ok
10:15:00.0704 6088 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:15:00.0707 6088 srv2 - ok
10:15:00.0749 6088 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:15:00.0751 6088 srvnet - ok
10:15:00.0829 6088 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
10:15:00.0836 6088 STHDA - ok
10:15:00.0882 6088 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:15:00.0883 6088 swenum - ok
10:15:00.0923 6088 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:15:00.0924 6088 Symc8xx - ok
10:15:00.0946 6088 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:15:00.0948 6088 Sym_hi - ok
10:15:00.0978 6088 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:15:00.0979 6088 Sym_u3 - ok
10:15:01.0029 6088 SynTP (fb86fdd993a6a0122a2f526221e5161f) C:\Windows\system32\DRIVERS\SynTP.sys
10:15:01.0033 6088 SynTP - ok
10:15:01.0146 6088 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
10:15:01.0163 6088 Tcpip - ok
10:15:01.0190 6088 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
10:15:01.0198 6088 Tcpip6 - ok
10:15:01.0269 6088 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:15:01.0270 6088 tcpipreg - ok
10:15:01.0310 6088 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:15:01.0311 6088 TDPIPE - ok
10:15:01.0330 6088 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:15:01.0332 6088 TDTCP - ok
10:15:01.0374 6088 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:15:01.0376 6088 tdx - ok
10:15:01.0433 6088 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:15:01.0435 6088 TermDD - ok
10:15:01.0478 6088 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:15:01.0480 6088 tssecsrv - ok
10:15:01.0503 6088 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:15:01.0505 6088 tunmp - ok
10:15:01.0530 6088 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:15:01.0532 6088 tunnel - ok
10:15:01.0565 6088 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:15:01.0567 6088 uagp35 - ok
10:15:01.0615 6088 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:15:01.0621 6088 udfs - ok
10:15:01.0659 6088 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:15:01.0661 6088 uliagpkx - ok
10:15:01.0691 6088 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:15:01.0697 6088 uliahci - ok
10:15:01.0727 6088 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:15:01.0730 6088 UlSata - ok
10:15:01.0777 6088 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:15:01.0780 6088 ulsata2 - ok
10:15:01.0805 6088 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:15:01.0806 6088 umbus - ok
10:15:01.0890 6088 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
10:15:01.0893 6088 usbaudio - ok
10:15:01.0970 6088 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:15:01.0972 6088 usbccgp - ok
10:15:02.0008 6088 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:15:02.0011 6088 usbcir - ok
10:15:02.0068 6088 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:15:02.0070 6088 usbehci - ok
10:15:02.0137 6088 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:15:02.0142 6088 usbhub - ok
10:15:02.0181 6088 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:15:02.0183 6088 usbohci - ok
10:15:02.0231 6088 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:15:02.0233 6088 usbprint - ok
10:15:02.0275 6088 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:15:02.0277 6088 USBSTOR - ok
10:15:02.0308 6088 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:15:02.0309 6088 usbuhci - ok
10:15:02.0344 6088 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:15:02.0345 6088 vga - ok
10:15:02.0372 6088 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:15:02.0374 6088 VgaSave - ok
10:15:02.0401 6088 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:15:02.0403 6088 viaagp - ok
10:15:02.0432 6088 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:15:02.0434 6088 ViaC7 - ok
10:15:02.0465 6088 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:15:02.0466 6088 viaide - ok
10:15:02.0487 6088 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:15:02.0488 6088 volmgr - ok
10:15:02.0541 6088 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:15:02.0547 6088 volmgrx - ok
10:15:02.0608 6088 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:15:02.0611 6088 volsnap - ok
10:15:02.0641 6088 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:15:02.0645 6088 vsmraid - ok
10:15:02.0695 6088 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:15:02.0697 6088 WacomPen - ok
10:15:02.0724 6088 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:15:02.0726 6088 Wanarp - ok
10:15:02.0743 6088 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:15:02.0745 6088 Wanarpv6 - ok
10:15:02.0776 6088 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:15:02.0778 6088 Wd - ok
10:15:02.0850 6088 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:15:02.0859 6088 Wdf01000 - ok
10:15:03.0000 6088 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:15:03.0001 6088 WmiAcpi - ok
10:15:03.0078 6088 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:15:03.0080 6088 ws2ifsl - ok
10:15:03.0120 6088 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:15:03.0123 6088 WUDFRd - ok
10:15:03.0158 6088 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:15:03.0198 6088 \Device\Harddisk0\DR0 - ok
10:15:03.0215 6088 Boot (0x1200) (cb7816063e91fe8765be01e2934658db) \Device\Harddisk0\DR0\Partition0
10:15:03.0216 6088 \Device\Harddisk0\DR0\Partition0 - ok
10:15:03.0221 6088 Boot (0x1200) (1df0bb5b79496feed6f49f9c236e8e8a) \Device\Harddisk0\DR0\Partition1
10:15:03.0224 6088 \Device\Harddisk0\DR0\Partition1 - ok
10:15:03.0225 6088 ============================================================
10:15:03.0225 6088 Scan finished
10:15:03.0225 6088 ============================================================
10:15:03.0240 5252 Detected object count: 1
10:15:03.0240 5252 Actual detected object count: 1
10:15:41.0451 5252 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:15:41.0451 5252 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:15:50.0010 1156 Deinitialize success

awsMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-04 10:18:31
-----------------------------
10:18:31.251 OS Version: Windows 6.0.6002 Service Pack 2
10:18:31.251 Number of processors: 2 586 0x170A
10:18:31.253 ComputerName: RAJAT-PC UserName: Rajat
10:18:33.043 Initialize success
10:19:05.933 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:19:05.936 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 3
10:19:07.971 Disk 0 MBR read successfully
10:19:07.973 Disk 0 MBR scan
10:19:07.976 Disk 0 Windows VISTA default MBR code
10:19:07.981 Disk 0 scanning sectors +625139712
10:19:08.066 Disk 0 scanning C:\Windows\system32\drivers
10:19:16.666 Service scanning
10:19:17.455 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:19:18.006 Modules scanning
10:19:23.984 Scan finished successfully
10:19:50.113 Disk 0 MBR has been saved successfully to "C:\Users\Rajat\Documents\MBR.dat"
10:19:50.114 The log file has been saved successfully to "C:\Users\Rajat\Documents\aswMBR.txt"

MBAM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8298

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

04/12/2011 10:24:35
mbam-log-2011-12-04 (10-24-35).txt

Scan type: Quick scan
Objects scanned: 172143
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL

OTL logfile created on: 04/12/2011 10:25:37 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rajat\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 46.05% Memory free
6.21 Gb Paging File | 4.84 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.97 Gb Total Space | 74.38 Gb Free Space | 26.28% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.14 Gb Free Space | 67.61% Space Free | Partition Type: NTFS

Computer Name: RAJAT-PC | User Name: Rajat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/04 07:59:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rajat\Desktop\OTL.exe
PRC - [2011/11/13 10:37:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/27 08:54:37 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 08:26:18 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/20 08:26:08 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/20 08:25:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/03 08:05:40 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/12/03 08:05:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/12/03 07:45:50 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/12/03 07:43:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/11/13 10:37:45 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/17 18:42:55 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/08/16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/12/22 10:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2008/12/01 05:42:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/13 01:01:47 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/07 17:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/24 20:57:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/03/20 08:26:08 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/20 08:25:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/31 09:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - File not found [Kernel | Disabled | Running] -- -- (AvgTdiX)
DRV - [2011/10/07 17:47:45 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/10/07 17:47:43 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 17:47:42 | 000,488,208 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/09/04 10:22:47 | 000,081,936 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/01 03:19:18 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/01/01 03:19:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/11/11 16:23:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/11/09 03:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/09/04 22:35:37 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/20 08:26:22 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/12 10:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/02/10 09:40:28 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV - [2009/02/10 09:40:26 | 000,271,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA008Vid.sys -- (OA008Vid)
DRV - [2008/12/22 10:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/01 05:42:28 | 004,016,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/12/01 05:42:28 | 004,016,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/20 15:15:22 | 000,034,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2008/10/08 09:37:36 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/09/16 09:11:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/09/16 09:11:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/09/16 09:10:56 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Rajat\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rajat\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rajat\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 01:37:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 10:37:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 20:53:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9F929BB4-CD50-495C-909B-1DD1A6A989A6}: C:\Users\Rajat\AppData\Local\{9F929BB4-CD50-495C-909B-1DD1A6A989A6}

[2009/09/05 08:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Extensions
[2011/11/13 10:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions
[2010/04/30 00:48:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/10 15:46:58 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/04/07 20:58:50 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2009/09/13 12:39:57 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011/05/08 20:54:42 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2010/04/30 00:48:50 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2011/04/07 20:58:54 | 000,000,000 | ---D | M] (Flash Video Resources Downloader) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2011/04/07 20:58:53 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2011/11/13 10:38:15 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2010/12/18 22:56:20 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\extensions\[email protected]
[2011/07/12 13:40:46 | 000,001,947 | ---- | M] () -- C:\Users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\searchplugins\a-wiki-of-ice-and-fire-en.xml
[2011/12/04 08:24:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/16 23:59:44 | 000,000,000 | ---D | M] (Hide My IP) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\USERS\RAJAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JESCPK74.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RAJAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JESCPK74.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011/11/13 10:37:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/10/28 09:15:22 | 000,255,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npnipp.dll
[2008/10/28 09:15:24 | 000,107,792 | ---- | M] (Novell Inc.) -- C:\Program Files\mozilla firefox\plugins\npnisp.dll
[2011/10/23 06:28:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 10:37:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Novell iPrint Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npnipp.dll
CHR - plugin: Novell iPrint Scriptable Plug-in 1.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npnisp.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Rajat\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Rajat\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Users\Rajat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\

O1 HOSTS File: ([2011/12/04 09:18:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\Rajat\AppData\Roaming\FlashGetBHO\GetAllUrl.htm File not found
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\Rajat\AppData\Roaming\FlashGetBHO\GetUrl.htm File not found
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O15 - HKCU\..Trusted Domains: diamondconsultants.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: diamondconsultants.com ([apply] https in Trusted sites)
O15 - HKCU\..Trusted Domains: london.edu ([portal] https in Trusted sites)
O15 - HKCU\..Trusted Domains: symplicity.com ([london-csm] https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{660D73FB-58BD-4691-918E-C8DC2E83A96C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9040D51A-5D38-49AD-8022-28A72F5BEDDB}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 10:24:23 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Rajat\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/12/04 10:20:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/04 10:16:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Rajat\Desktop\aswMBR.exe
[2011/12/04 10:14:02 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rajat\Desktop\tdsskiller.exe
[2011/12/04 09:21:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/04 09:21:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/04 09:05:42 | 004,326,668 | R--- | C] (Swearware) -- C:\Users\Rajat\Desktop\ComboFix.exe
[2011/12/04 08:24:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/04 07:59:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rajat\Desktop\OTL.exe
[2011/12/03 21:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
[2011/12/03 20:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/12/03 20:23:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/03 20:23:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/03 20:23:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/03 20:11:55 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/03 06:14:10 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/03 06:14:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/12/03 06:14:07 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/12/03 06:14:06 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/12/03 06:14:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/12/03 06:13:58 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/03 06:13:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/03 06:13:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/03 06:13:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/03 06:13:54 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/03 06:13:54 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/03 06:13:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/03 06:13:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/03 06:13:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/03 06:13:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/03 06:13:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/03 06:13:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/03 06:13:53 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/03 06:13:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/03 06:13:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/03 06:13:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/03 06:13:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/03 06:13:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/03 06:13:32 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/12/03 06:13:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/12/03 06:13:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/11/27 06:34:35 | 000,000,000 | ---D | C] -- C:\Users\Rajat\Documents\WB Games
[2011/11/27 06:23:36 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2011/11/27 06:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2011/11/27 06:22:40 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\Downloaded Installations
[2011/11/26 22:08:39 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Roaming\Origin
[2011/11/26 22:08:38 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\Origin
[2011/11/26 22:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Origin
[2011/11/26 22:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2011/11/26 22:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/11/26 22:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2011/11/26 07:57:21 | 000,000,000 | ---D | C] -- C:\Users\Rajat\Documents\Assassin's Creed Revelations
[2011/11/25 23:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/11/25 19:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/25 19:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/23 18:27:12 | 000,033,984 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2011/11/13 15:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2011/11/13 12:20:10 | 000,000,000 | ---D | C] -- C:\lanoire
[2011/11/13 06:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2011/11/11 17:17:23 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\Skyrim
[2011/11/11 05:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/05 12:36:04 | 000,000,000 | ---D | C] -- C:\Users\Rajat\Documents\Ubisoft
[2011/11/05 11:13:21 | 000,000,000 | ---D | C] -- C:\Users\Rajat\AppData\Local\Ubisoft Game Launcher
[2011/11/05 09:26:56 | 000,000,000 | -H-D | C] -- C:\Users\Rajat\InstallAnywhere
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rajat\Desktop\*.tmp files -> C:\Users\Rajat\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/04 10:27:13 | 026,020,505 | ---- | M] () -- C:\Users\Rajat\Desktop\setup_av_free_cnet.exe.part
[2011/12/04 10:27:13 | 000,000,000 | ---- | M] () -- C:\Users\Rajat\Desktop\setup_av_free_cnet.exe
[2011/12/04 10:24:22 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Rajat\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/12/04 10:20:10 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/04 10:19:50 | 000,000,512 | ---- | M] () -- C:\Users\Rajat\Documents\MBR.dat
[2011/12/04 10:16:12 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Rajat\Desktop\aswMBR.exe
[2011/12/04 10:14:07 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rajat\Desktop\tdsskiller.exe
[2011/12/04 10:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/04 10:01:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/04 09:51:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2622647993-3817205681-1033453672-1000UA.job
[2011/12/04 09:18:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/04 09:05:50 | 004,326,668 | R--- | M] (Swearware) -- C:\Users\Rajat\Desktop\ComboFix.exe
[2011/12/04 09:00:36 | 000,643,598 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/04 09:00:36 | 000,121,764 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/04 08:54:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 08:54:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 08:54:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/04 08:53:58 | 3213,754,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/04 08:00:58 | 000,000,000 | ---- | M] () -- C:\Users\Rajat\AppData\Local\prvlcl.dat
[2011/12/04 07:59:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rajat\Desktop\OTL.exe
[2011/12/04 07:41:44 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6B69AA6F-3ADA-462C-B7EA-DCF258490292}.job
[2011/12/03 21:08:03 | 000,001,246 | ---- | M] () -- C:\Users\Public\Desktop\Batman - Arkham City.lnk
[2011/12/03 20:51:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2622647993-3817205681-1033453672-1000Core.job
[2011/12/03 07:40:40 | 000,382,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/03 07:03:32 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/11/26 22:47:43 | 000,025,088 | ---- | M] () -- C:\Users\Rajat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 22:07:16 | 000,000,680 | ---- | M] () -- C:\Users\Rajat\AppData\Local\d3d9caps.dat
[2011/11/25 19:45:52 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/17 14:30:53 | 000,000,544 | ---- | M] () -- C:\Users\Rajat\Desktop\LANoire.lnk
[2011/11/05 08:45:40 | 000,002,595 | ---- | M] () -- C:\Users\Rajat\Desktop\Mobipocket Reader.lnk
[2011/11/04 22:54:01 | 000,051,186 | ---- | M] () -- C:\Users\Rajat\AppData\Roaming\room_v3.dat
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rajat\Desktop\*.tmp files -> C:\Users\Rajat\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/04 10:27:13 | 000,000,000 | ---- | C] () -- C:\Users\Rajat\Desktop\setup_av_free_cnet.exe
[2011/12/04 10:27:11 | 008,555,161 | ---- | C] () -- C:\Users\Rajat\Desktop\setup_av_free_cnet.exe.part
[2011/12/04 10:19:50 | 000,000,512 | ---- | C] () -- C:\Users\Rajat\Documents\MBR.dat
[2011/12/04 09:06:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/03 21:08:03 | 000,001,246 | ---- | C] () -- C:\Users\Public\Desktop\Batman - Arkham City.lnk
[2011/12/03 07:03:32 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/11/25 19:45:52 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/17 14:30:53 | 000,000,544 | ---- | C] () -- C:\Users\Rajat\Desktop\LANoire.lnk
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/07/28 16:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/05/26 14:22:56 | 000,051,186 | ---- | C] () -- C:\Users\Rajat\AppData\Roaming\room_v3.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/24 18:30:45 | 000,046,658 | ---- | C] () -- C:\Users\Rajat\AppData\Roaming\room.dat
[2011/03/06 13:21:56 | 000,000,321 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010/11/14 03:08:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\emfxp.dll
[2010/11/14 03:08:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\unpdf.exe
[2010/10/18 22:29:05 | 000,000,120 | ---- | C] () -- C:\Users\Rajat\AppData\Local\Owujijolozikeq.dat
[2010/10/18 22:29:05 | 000,000,000 | ---- | C] () -- C:\Users\Rajat\AppData\Local\Cneruvurovilox.bin
[2010/08/26 18:47:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/15 16:10:49 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/05/15 16:10:49 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/05/15 16:10:49 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/03/14 02:19:10 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4EAAC0B088.sys
[2010/03/14 02:19:07 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/03/13 02:46:31 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/02/11 07:07:04 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2010/01/31 02:03:44 | 000,000,000 | ---- | C] () -- C:\Users\Rajat\AppData\Local\prvlcl.dat
[2010/01/01 03:19:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/01/01 03:19:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/12/14 06:57:39 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2009/10/12 21:44:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/12 21:44:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/12 21:44:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/12 21:44:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/04 14:47:21 | 000,000,680 | ---- | C] () -- C:\Users\Rajat\AppData\Local\d3d9caps.dat
[2009/09/24 13:47:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 13:47:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/24 13:46:50 | 000,217,088 | ---- | C] () -- C:\Windows\System32\WerFault.exe
[2009/09/24 09:55:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\nipplpte.exe
[2009/09/24 09:55:35 | 000,065,536 | ---- | C] () -- C:\Windows\System32\icapture.exe
[2009/09/24 09:55:35 | 000,034,592 | ---- | C] () -- C:\Windows\System32\drivers\nipplpt.sys
[2009/09/23 14:10:47 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/23 14:10:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/13 19:39:35 | 000,025,088 | ---- | C] () -- C:\Users\Rajat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/13 12:39:46 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009/09/07 11:51:08 | 000,162,304 | ---- | C] () -- C:\Windows\System32\Unwise32.exe
[2009/09/07 11:50:57 | 000,000,572 | ---- | C] () -- C:\Windows\DTOOLS.INI
[2009/09/07 11:50:42 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2009/09/07 11:50:42 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2009/09/07 11:50:41 | 001,683,456 | ---- | C] () -- C:\Windows\System32\LTCLR13n.dll
[2009/09/06 12:18:51 | 000,000,256 | ---- | C] () -- C:\Users\Rajat\AppData\Roaming\wklnhst.dat
[2009/09/01 00:01:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009/08/19 23:48:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/08/19 23:48:19 | 000,176,214 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/08/19 23:48:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/08/19 23:48:19 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/08/19 23:48:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/08/19 15:56:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/19 15:16:22 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/08/19 15:16:21 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/08/19 15:16:20 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/04/11 18:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/12/27 11:34:00 | 000,462,848 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2006/12/27 11:34:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,382,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,643,598 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,121,764 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/09 09:28:44 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6D88F1EE

< End of report >

OTL Extras

OTL Extras logfile created on: 04/12/2011 10:25:37 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rajat\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 46.05% Memory free
6.21 Gb Paging File | 4.84 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.97 Gb Total Space | 74.38 Gb Free Space | 26.28% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.14 Gb Free Space | 67.61% Space Free | Partition Type: NTFS

Computer Name: RAJAT-PC | User Name: Rajat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = Regedit.Document] -- Reg Error: Key error. File not found
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlvDetector.exe:*:Enabled:FGFlvDetector
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C6C997-78EA-45F3-93FF-738B12E99FFB}" = lport=138 | protocol=17 | dir=in | app=system |
"{08954D41-F691-4DAB-8CEE-829832D961E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A380C7B-577C-44A6-A852-EB805C8A004D}" = rport=445 | protocol=6 | dir=out | app=system |
"{0CBADB35-BCAD-4670-AED1-32E4D42DB069}" = rport=137 | protocol=17 | dir=out | app=system |
"{0E23CDEF-317E-47EE-8076-3696FB099DBF}" = lport=139 | protocol=6 | dir=in | app=system |
"{0FF91A9C-7B16-4A48-A93B-37FF03CF9AB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D7C9F30-6A9A-4B08-B8BD-899AB679F2AF}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{213F112D-F08A-4DFB-9AA0-E10A250DA755}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{26290DBA-F3FB-47D0-A7A8-B3DB81D67638}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{37AB21C7-27F7-4080-8773-F50134BA083C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BEE196C-54FF-46F6-9219-CEFA19CD6E8B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6C0161B4-B38E-4156-B624-CBC6A6A9F7FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E766327-14AB-4160-9569-DF6095134FF6}" = lport=6946 | protocol=17 | dir=in | name=league of legends launcher |
"{73E16C6C-AB67-49A0-A537-0203D140AA94}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{87664CD5-478C-45FB-AB83-08EADA166AD0}" = lport=137 | protocol=17 | dir=in | app=system |
"{946D0E4E-345B-4324-86C9-6F9B3268D3D1}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E33714A-BFDF-404E-B2FE-3A95494309F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2D013DB-D067-4F65-8ED9-06F46AA42C71}" = lport=6946 | protocol=6 | dir=in | name=league of legends launcher |
"{A6360B1F-73FD-4AD4-923D-179909ECE5F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B1F26811-2788-4ACA-A55B-7B56AFD96B86}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{B4F0DBB4-4460-47F9-949B-A6FEE4E405DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B69225C8-7094-4121-AEDA-5473136BBEC1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BDB7B79B-74E5-4E4A-B1CF-6B64A77DE9EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CA7D287F-6686-42E7-A7D5-128D8219E708}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{FEFB239E-6268-4C48-BE69-0229D88C9E16}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C21489-7316-4075-9AC4-583D0FFE24FB}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{06EB148C-C84B-4110-8BA3-09A4262C72F8}" = protocol=6 | dir=in | app=c:\ubisoft\assassinscreedrevelations\acrmp.exe |
"{11BFFBCF-E93B-4E25-9195-A0FC77110480}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{13EA26B3-3803-457C-9175-8B0EFE11A98E}" = protocol=17 | dir=in | app=c:\users\rajat\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1CD96D4B-807D-4157-BBF9-5189FEC43680}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{1DE58D00-44C6-4591-8FF6-27142A2DA66D}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{24D9AF15-CD8D-4F3E-9A1D-BE9161DBDA63}" = protocol=17 | dir=in | app=c:\users\rajat\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{261E79C6-3C54-468F-80E7-4B1FC8ACA754}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2B5F44C5-B03F-4D2F-83F7-A2037FD6772D}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{3C932994-75E3-465F-8439-25C20C80FEB8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{3E285D52-C4FF-4EA9-AD4F-7E1D7465A534}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{41024015-1B81-4CB7-8754-BDFB16C6D947}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{423288E2-EB84-4B14-A730-D95096C29CB8}" = protocol=58 | dir=in | [email protected],-28545 |
"{4693FB93-EFEF-40D0-AD16-19D4F869C2C4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{46A2403E-CE7E-431D-83E1-1E6B3D916459}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{511AF509-02BA-4B85-9F5B-F7C122E73354}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{5675EDB7-60BC-4072-A2F1-AA9FD9B3BE41}" = protocol=6 | dir=in | app=c:\users\rajat\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{62ACF26B-ED6F-45F3-A0B6-CE90AAF7C2D0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6788C80B-2DC6-4432-A2C9-95753913F0AB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{757DED64-9521-4071-8A6E-8FB71966C7CD}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{75BB1FAD-824E-408D-8703-BD5772DCE7CC}" = protocol=58 | dir=out | [email protected],-28546 |
"{76529AE3-8006-4785-AB91-D71339955273}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{77B8EB35-F265-4705-A060-B71CD58BACAA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7D513200-8E2F-49D6-A738-35CFAF5A1E11}" = protocol=1 | dir=in | [email protected],-28543 |
"{92C0CEA7-A24A-44B5-8132-FE5FDECD0BA9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{9570C7C5-DAD2-4CEA-B2CE-F2BA8C171151}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A39EA1CD-E46E-4FFD-A9D4-7FD4EB0405E2}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{AB6A1A97-E8C7-41A4-B7BA-85172E1FA4D8}" = protocol=6 | dir=in | app=c:\users\rajat\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{B86E3E48-7DE2-4B23-AB8D-CB6F12521165}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C0D34A1C-D238-4C8C-B58A-98F28DD9E9C5}" = protocol=17 | dir=in | app=c:\users\rajat\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C8C7CDA6-72B8-4866-A862-438CC768286A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CB4466F7-722D-4358-821D-9A298771A88A}" = protocol=17 | dir=in | app=c:\ubisoft\assassinscreedrevelations\acrmp.exe |
"{CE08608D-EC98-41FA-9784-D12978D20F93}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{CE996B11-EA23-4F15-9F81-D8A9ABD23E38}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D9964D62-846B-4F36-8B0A-5D0715D8BD3E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E48DC0D5-F51C-4F40-B440-E3A1189F28BC}" = protocol=1 | dir=out | [email protected],-28544 |
"{F0143CC7-F00C-4810-B587-72BC52277C01}" = protocol=6 | dir=in | app=c:\users\rajat\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{371E220A-31ED-47F4-A9FE-26CCEA0A4E52}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{410834BB-A627-4D7A-96E7-F874ACA5A1E1}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{52B1B5DA-036E-4E01-815C-2BB899888B34}C:\program files\spss16\spss.exe" = protocol=6 | dir=in | app=c:\program files\spss16\spss.exe |
"TCP Query User{66437FAE-4961-47D5-A8B2-72CC62F81349}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{AEAC107A-357C-41B3-9A77-6933002932FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B48A3607-BF64-4962-8B5E-7806294CF790}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{F336D805-2408-49AE-AB98-9F6827464939}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{F37B9F27-6322-4EC7-BCFD-3A3DBEB573FD}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{359C3D96-F101-44EB-B480-4C88B530CF72}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{45231ADA-EA7D-403A-AB33-54F39A414FE1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4D783A78-C8F0-4410-9420-95658784DC86}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{6122BCEE-D5F2-46D1-87EE-BDA31D3FCF3A}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{8059AB1A-3F52-4B96-AF0E-C9FD485FCAFE}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{BBD85F73-295F-49E5-9468-42AF55B9829C}C:\program files\spss16\spss.exe" = protocol=17 | dir=in | app=c:\program files\spss16\spss.exe |
"UDP Query User{CBA46F9B-A54E-4A93-AB0E-A1DF45E18FD2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{CEDBB513-D1CD-484D-A3DA-0843B1C7F91F}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{029175BB-4534-47A5-8D96-3A5733EBA406}" = SmartFTP Client
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{066F8650-82AC-3CC5-BB84-8517F69803BF}" = Google Talk Plugin
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 29
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5D8884F4-A182-4C9F-8551-11B4AD1172AE}" = Markstrat Online Team
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87717500-AED3-B339-842A-BE3B62F600E0}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99BE117-F10C-470D-AE6D-DC2889F5F24E}" = Avadon
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C15D6939-280D-39A6-41B5-253D2A935525}" = AMD Catalyst Install Manager
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7062BD-BE6F-4153-9654-3D72D0C1CC17}" = Zoo Tycoon 2 - African Adventure
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{DBB0F0D8-D1A1-4F15-A031-C2B7BCCF63D0}" = GoGear Spark Device Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.64
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Batman - Arkham City" = Batman - Arkham City
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OA008" = Integrated Webcam Driver (1.02.02.0106)
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"EAX Unified" = EAX Unified
"Game Booster_is1" = Game Booster 3
"Garena Classic 2011" = Garena Classic 2011
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{CE7062BD-BE6F-4153-9654-3D72D0C1CC17}" = Zoo Tycoon 2 - African Adventure
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Novell iPrint Client" = Novell iPrint Client v05.12.00
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.0.0-RC3
"Origin" = Origin
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealAlt_is1" = Real Alternative 2.0.2
"Redshift Legacy" = Redshift Legacy
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Rockstar Games Social Club" = Rockstar Games Social Club
"SimpleOCR 3.1" = SimpleOCR 3.1
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Spotify" = Spotify
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SUITE" = The DecisionTools Suite
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SynTPDeinstKey" = Dell Touchpad
"TalkAndWrite_is1" = TalkAndWrite
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Warcraft III" = Warcraft III
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"Zoo Tycoon 2" = Zoo Tycoon 2 Endangered Species

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Avast

12/04/2011 10:46
Scan of all local drives

File C:\Users\Rajat\Desktop\wchack\gm\DATA\DLL\hooker.mixtape is infected by Win32:PUP-gen [PUP], Moved to chest

ESETScan

C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan cleaned by deleting - quarantined

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

#4
RKinner

Posted 04 December 2011 - 12:13 PM

Malware Expert

Expert
24,625 posts

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

SecCenter::
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

DirLook::
C:\Program Files\Common
%user%\library
c:\users\Rajat\AppData\Local

File::
c:\windows\System32\Drivers\sptd.sys
c:\windows\System32\Drivers\avgtdix.sys

Driver::
sptd
AvgTdiX

Folder::
c:\users\Rajat\AppData\Roaming\FlashGetBHO

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Uninstall LiveUpdate 3.2 (Symantec Corporation)

Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Run the Norton Removal tool by right clicking and Run As Admin.

Your Adobe Acrobat 9 Pro is out of date but I suppose you paid for it so I won't ask you to unisntall it but do check if there are any updates for it.

Also disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader (and I hope for Acrobat): Start, All Programs, Adobe Reader or Acrobat, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program.

Uninstall McAfee Security Scan - it's just foistware that you get with some other program and I really don't think it makes your PC more secure despite the name.

Uninstall
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Get the latest versions from adobe.com

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Ron

#5
unlasheddeer

Posted 06 December 2011 - 02:43 AM

New Member

Topic Starter
Member
6 posts

Hi Ron,

Thanks a lot for your help. Much appreciated!

Sigverif didn't show up any drivers. Below are the logs.

ComboFix:

ComboFix 11-12-04.02 - Rajat 05/12/2011 22:52:25.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.2108 [GMT 0:00]
Running from: c:\users\Rajat\Desktop\ComboFix.exe
Command switches used :: c:\users\Rajat\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\avgtdix.sys"
"c:\windows\System32\Drivers\sptd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\Drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTDIX
-------\Legacy_SPTD
-------\Service_sptd
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 23:08 . 2011-12-05 23:08 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4080B1AA-60DE-4D5F-9E5E-28FA8444070F}\offreg.dll
2011-12-05 23:07 . 2011-12-05 23:12 -------- d-----w- c:\users\Rajat\AppData\Local\temp
2011-12-05 23:07 . 2011-12-05 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 12:41 . 2011-12-04 12:41 -------- d-----w- c:\program files\ESET
2011-12-04 10:37 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-04 10:37 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-04 10:37 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-04 10:37 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-04 10:37 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-04 10:37 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-04 10:36 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-04 10:36 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-04 10:35 . 2011-12-04 10:35 -------- d-----w- c:\programdata\AVAST Software
2011-12-04 10:35 . 2011-12-04 10:35 -------- d-----w- c:\program files\AVAST Software
2011-12-04 09:25 . 2011-11-30 02:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4080B1AA-60DE-4D5F-9E5E-28FA8444070F}\mpengine.dll
2011-12-04 08:24 . 2011-12-04 08:24 -------- d-----w- C:\_OTL
2011-12-03 20:27 . 2011-12-03 20:27 -------- d-----w- c:\program files\AMD APP
2011-12-03 06:14 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-12-03 06:14 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-12-03 06:14 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-12-03 06:14 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-12-03 06:14 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-12-03 06:05 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-27 06:23 . 2007-06-29 14:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-11-27 06:23 . 2011-11-27 06:23 -------- d-----w- c:\program files\AMD
2011-11-27 06:22 . 2011-11-27 06:22 -------- d-----w- c:\users\Rajat\AppData\Local\Downloaded Installations
2011-11-26 22:08 . 2011-11-26 22:09 -------- d-----w- c:\users\Rajat\AppData\Roaming\Origin
2011-11-26 22:08 . 2011-11-26 22:08 -------- d-----w- c:\users\Rajat\AppData\Local\Origin
2011-11-26 22:08 . 2011-12-03 21:28 -------- d-----w- c:\programdata\Origin
2011-11-26 22:08 . 2011-11-26 22:08 -------- d-----w- c:\program files\Origin Games
2011-11-26 22:08 . 2011-11-26 22:08 -------- d-----w- c:\program files\Origin
2011-11-25 23:47 . 2011-11-25 23:47 -------- d-----w- c:\program files\Ubisoft
2011-11-25 19:45 . 2011-11-25 19:45 -------- d-----w- c:\program files\CCleaner
2011-11-23 18:27 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-11-14 08:25 . 2011-11-14 08:25 -------- d-----w- c:\windows\system32\wbem\MOF\good
2011-11-14 08:25 . 2011-11-14 08:25 -------- d-----w- c:\windows\system32\wbem\MOF\bad
2011-11-13 15:54 . 2011-11-13 15:54 -------- d-----w- c:\program files\Rockstar Games
2011-11-13 12:20 . 2011-12-03 11:38 -------- d-----w- C:\lanoire
2011-11-13 06:22 . 2011-11-13 06:22 -------- d-----w- c:\programdata\Rockstar Games
2011-11-11 17:17 . 2011-11-11 17:17 -------- d-----w- c:\users\Rajat\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 21:21 . 2011-10-25 21:21 56832 ----a-w- c:\windows\system32\OpenVideo.dll
2011-10-25 21:21 . 2011-10-25 21:21 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-25 21:20 . 2011-10-25 21:20 13950464 ----a-w- c:\windows\system32\amdocl.dll
2011-10-07 17:47 . 2011-01-06 17:36 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:47 . 2011-01-06 17:36 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:47 . 2011-01-06 17:36 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2011-01-06 17:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2010-12-29 01:42 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 05:06 . 2010-04-20 17:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-13 10:37 . 2011-05-08 20:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
---- Directory of c:\users\Rajat\AppData\Local ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-01 1422632]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-20 483428]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\guard32.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear Spark Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear Spark Device Manager.lnk
backup=c:\windows\pss\Philips GoGear Spark Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 11:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-04 20:59 135664 ----atw- c:\users\Rajat\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]
2008-10-28 09:15 66832 ----a-w- c:\windows\System32\iprntlgn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
2008-10-28 09:15 66832 ----a-w- c:\windows\System32\iprntctl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 17:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 13:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-04 10:18 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R3 GarenaPEngine;GarenaPEngine;c:\users\Rajat\AppData\Local\Temp\IEA8E3F.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Classic\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 38616]
S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2008-10-20 34592]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-20 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-09-04 81936]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-10-08 212992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [2009-02-10 133472]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [2009-02-10 271616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 01:26]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 01:26]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2622647993-3817205681-1033453672-1000Core.job
- c:\users\Rajat\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-04 20:59]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2622647993-3817205681-1033453672-1000UA.job
- c:\users\Rajat\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-04 20:59]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{6B69AA6F-3ADA-462C-B7EA-DCF258490292}.job
- c:\windows\system32\msfeedssync.exe [2011-12-03 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All By FlashGet3 - c:\users\Rajat\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Rajat\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: diamondconsultants.com
Trusted Zone: diamondconsultants.com\apply
Trusted Zone: london.edu\portal
Trusted Zone: symplicity.com\london-csm
TCP: DhcpNameServer = 192.168.0.1
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\users\Rajat\AppData\Roaming\Mozilla\Firefox\Profiles\jescpk74.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Rajat\AppData\Local\Temp\IEA8E3F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2622647993-3817205681-1033453672-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,78,e3,0b,29,bb,24,17,e5,98,13,23,42,78,62,f8,7b,29,4d,12,b5,
6f,59,e5,c9,8a,21,6f,78,43,03,d8,f5,84,9e,71,b3,f2,56,b9,90,0b,a2,99,0f,d8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2011-12-05 23:21:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-05 23:21
ComboFix2.txt 2011-12-04 09:21
.
Pre-Run: 78,460,858,368 bytes free
Post-Run: 78,159,360,000 bytes free
.
- - End Of File - - 8102DDDA07A0E31AD24DAC15F0346797

VEW System

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 06/12/2011 08:24:42

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/12/2011 23:38:42
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The adfs service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 05/12/2011 23:38:24
Type: Error Category: 0
Event: 19 Source: Microsoft-Windows-PrintSpooler
The print spooler failed to share printer HP LaserJet 1200 Series PCL 5 (Copy 1) with shared resource name HP LaserJet 1200 Series PCL 5 (Copy 1). Error 2114. The printer cannot be used by others on the network.

Log: 'System' Date/Time: 05/12/2011 23:38:24
Type: Error Category: 0
Event: 19 Source: Microsoft-Windows-PrintSpooler
The print spooler failed to share printer hp LaserJet 1300 PCL 5 with shared resource name hp LaserJet 1300 PCL 5. Error 2114. The printer cannot be used by others on the network.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/12/2011 23:37:55
Type: Warning Category: 0
Event: 4 Source: k57nd60x
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 05/12/2011 23:37:15
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

VEW Application

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 06/12/2011 08:27:00

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/12/2011 23:38:42
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/12/2011 23:38:24
Type: Warning Category: 0
Event: 1035 Source: Microsoft-Windows-SpoolerSpoolss
The print spooler failed to load print provider inetpp.dll.INACTIVE. This can occur because of system instability or a lack of system resources.

Process Explorer:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 86.92 0 K 24 K
plugin-container.exe 2600 4.62 31,144 K 33,788 K Plugin Container for Firefox Mozilla Corporation
firefox.exe 5100 3.85 161,548 K 179,284 K Firefox Mozilla Corporation
procexp.exe 4400 3.08 17,476 K 27,416 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
svchost.exe 1376 0.77 15,836 K 13,968 K Host Process for Windows Services Microsoft Corporation
explorer.exe 416 0.77 38,796 K 52,428 K Windows Explorer Microsoft Corporation
dwm.exe 1956 < 0.01 34,812 K 44,880 K Desktop Window Manager Microsoft Corporation
System 4 < 0.01 0 K 4,716 K
SynTPEnh.exe 2268 < 0.01 3,732 K 9,656 K Synaptics TouchPad Enhancements Synaptics, Inc.
taskeng.exe 2792 < 0.01 10,028 K 11,096 K Task Scheduler Engine Microsoft Corporation
csrss.exe 788 < 0.01 2,108 K 7,716 K Client Server Runtime Process Microsoft Corporation
cfp.exe 2456 < 0.01 22,256 K 7,332 K COMODO Internet Security COMODO
googletalkplugin.exe 4744 < 0.01 15,744 K 17,080 K Google Talk Plugin Google
BCMWLTRY.EXE 328 < 0.01 28,380 K 23,516 K Dell Wireless WLAN Card Wireless Network Controller Dell Inc.
WmiApSrv.exe 720 < 0.01 2,644 K 5,372 K WMI Performance Reverse Adapter Microsoft Corporation
WLTRAY.EXE 2284 < 0.01 24,496 K 22,996 K Dell Wireless WLAN Card Wireless Network Tray Applet Dell Inc.
stacsv.exe 1456 < 0.01 8,824 K 7,132 K IDT PC Audio IDT, Inc.
SearchIndexer.exe 3940 < 0.01 44,284 K 32,796 K Microsoft Windows Search Indexer Microsoft Corporation
AvastUI.exe 2472 < 0.01 5,824 K 4,064 K avast! Antivirus AVAST Software
AvastSvc.exe 408 < 0.01 23,900 K 29,652 K avast! Service AVAST Software
svchost.exe 1404 < 0.01 87,980 K 92,212 K Host Process for Windows Services Microsoft Corporation
services.exe 824 < 0.01 2,912 K 7,256 K Services and Controller app Microsoft Corporation
svchost.exe 1676 < 0.01 8,244 K 12,648 K Host Process for Windows Services Microsoft Corporation
cmdagent.exe 1156 < 0.01 37,100 K 2,764 K COMODO Internet Security COMODO
ipoint.exe 2340 < 0.01 8,076 K 14,856 K IPoint.exe Microsoft Corporation
csrss.exe 716 < 0.01 1,868 K 6,316 K Client Server Runtime Process Microsoft Corporation
WmiPrvSE.exe 4460 < 0.01 21,972 K 26,708 K WMI Provider Host Microsoft Corporation
svchost.exe 1424 < 0.01 74,364 K 85,224 K Host Process for Windows Services Microsoft Corporation
StarWindServiceAE.exe 3804 < 0.01 2,748 K 5,420 K StarWind iSCSI Target (Alcohol Edition) Rocket Division Software
spoolsv.exe 2556 < 0.01 7,536 K 12,136 K Spooler SubSystem App Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wuauclt.exe 5888 2,904 K 5,820 K Windows Update Microsoft Corporation
WLTRYSVC.EXE 192 968 K 2,952 K
WLIDSVCM.EXE 3616 1,160 K 3,140 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
WLIDSVC.EXE 3876 5,156 K 9,572 K Microsoft® Windows Live ID Service Microsoft Corporation
winlogon.exe 956 2,320 K 6,164 K Windows Logon Application Microsoft Corporation
wininit.exe 780 1,528 K 4,376 K Windows Start-Up Application Microsoft Corporation
unsecapp.exe 4404 2,552 K 4,960 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
taskeng.exe 2564 2,220 K 6,124 K Task Scheduler Engine Microsoft Corporation
SynTPHelper.exe 5220 1,008 K 3,120 K Synaptics Pointing Device Helper Synaptics, Inc.
svchost.exe 1248 15,896 K 15,988 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1104 3,780 K 6,968 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1032 3,676 K 7,264 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1268 62,088 K 32,532 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1580 2,176 K 5,112 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2628 10,852 K 15,484 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3676 1,860 K 4,972 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3816 4,340 K 6,540 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3856 776 K 2,436 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4176 1,884 K 5,620 K Host Process for Windows Services Microsoft Corporation
sttray.exe 2292 8,244 K 15,576 K IDT PC Audio IDT, Inc.
smss.exe 584 292 K 776 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1608 6,132 K 11,704 K Microsoft Software Licensing Service Microsoft Corporation
plugin-container.exe 1912 7,772 K 9,352 K Plugin Container for Firefox Mozilla Corporation
mbamservice.exe 4536 2,316 K 6,440 K Malwarebytes' Anti-Malware Malwarebytes Corporation
lsm.exe 844 2,120 K 4,380 K Local Session Manager Service Microsoft Corporation
lsass.exe 836 3,576 K 2,700 K Local Security Authority Process Microsoft Corporation
jusched.exe 2348 1,444 K 4,300 K Java™ Update Scheduler Sun Microsystems, Inc.
GoogleCrashHandler.exe 2896 4,292 K 1,476 K Google Installer Google Inc.
ehtray.exe 2488 1,680 K 1,848 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 2712 1,336 K 4,300 K Media Center Media Status Aggregator Service Microsoft Corporation
audiodg.exe 1528 15,152 K 17,820 K Windows Audio Device Graph Isolation Microsoft Corporation
Ati2evxx.exe 1340 1,360 K 4,532 K ATI External Event Utility EXE Module ATI Technologies Inc.
Ati2evxx.exe 1924 3,384 K 6,916 K ATI External Event Utility EXE Module ATI Technologies Inc.
AEstSrv.exe 3536 616 K 2,164 K Andrea filters APO access service (32-bit) Andrea Electronics Corporation

Many thanks

#6
RKinner

Posted 06 December 2011 - 10:02 AM

Malware Expert

Expert
24,625 posts

Looking pretty good now. How is it running now? Does your printer work? There is something in the log about it not being shared but that may be normal if you are not trying to share it.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

#7
unlasheddeer

Posted 10 December 2011 - 03:32 AM

New Member

Topic Starter
Member
6 posts

Hi Ron,

I don't use the printer at all with this laptop, so no worries.

The FIx buttion was not enabled. Below is the log.

Thanks a lot for checking this up!

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-04 10:18:31
-----------------------------
10:18:31.251 OS Version: Windows 6.0.6002 Service Pack 2
10:18:31.251 Number of processors: 2 586 0x170A
10:18:31.253 ComputerName: RAJAT-PC UserName: Rajat
10:18:33.043 Initialize success
10:19:05.933 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:19:05.936 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 3
10:19:07.971 Disk 0 MBR read successfully
10:19:07.973 Disk 0 MBR scan
10:19:07.976 Disk 0 Windows VISTA default MBR code
10:19:07.981 Disk 0 scanning sectors +625139712
10:19:08.066 Disk 0 scanning C:\Windows\system32\drivers
10:19:16.666 Service scanning
10:19:17.455 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:19:18.006 Modules scanning
10:19:23.984 Scan finished successfully
10:19:50.113 Disk 0 MBR has been saved successfully to "C:\Users\Rajat\Documents\MBR.dat"
10:19:50.114 The log file has been saved successfully to "C:\Users\Rajat\Documents\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-10 02:52:00
-----------------------------
02:52:00.710 OS Version: Windows 6.0.6002 Service Pack 2
02:52:00.710 Number of processors: 2 586 0x170A
02:52:00.712 ComputerName: RAJAT-PC UserName: Rajat
02:52:10.793 Initialize success
02:52:11.368 AVAST engine defs: 11120902
02:52:36.753 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:52:36.755 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 3
02:52:38.781 Disk 0 MBR read successfully
02:52:38.786 Disk 0 MBR scan
02:52:38.791 Disk 0 Windows VISTA default MBR code
02:52:38.797 Disk 0 scanning sectors +625139712
02:52:38.896 Disk 0 scanning C:\Windows\system32\drivers
02:52:54.669 Service scanning
02:52:56.845 Modules scanning
02:53:06.217 Disk 0 trace - called modules:
02:53:06.249 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
02:53:06.253 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a1f390]
02:53:06.261 3 CLASSPNP.SYS[8a5a98b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8530ab98]
02:53:11.402 AVAST engine scan C:\Windows
02:53:22.190 AVAST engine scan C:\Windows\system32
02:55:54.332 AVAST engine scan C:\Windows\system32\drivers
02:56:17.017 AVAST engine scan C:\Users\Rajat
03:13:33.029 AVAST engine scan C:\ProgramData
03:24:00.418 Scan finished successfully
09:31:22.372 Disk 0 MBR has been saved successfully to "C:\Users\Rajat\Documents\MBR.dat"
09:31:22.401 The log file has been saved successfully to "C:\Users\Rajat\Documents\aswMBR.txt"

#8
RKinner

Posted 10 December 2011 - 10:56 AM

Malware Expert

Expert
24,625 posts

That's all I see. Time to clean up:

We need to cleanup System Restore if we haven't already:

Copy the following :


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron