Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown infection - disabled cmd/task mgr; black desktop [Closed]


  • This topic is locked This topic is locked

#16
lawtel32

lawtel32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OK - Update on how the system is running.

Short version - it's better, but not perfect.

I cannot access the internet still, even though it says it is connected to the internet. I can access CMD and task mgr, though, which is a start.

Any ideas on this problem?

Thanks for the help thus far matey - really appreciate it.
  • 0

Advertisements


#17
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Earlier I asked you to check if the Internet worked in Safe Mode with network. So, the internet connection work in safe mode with network?

# Step 1 #


Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    PRC - [2009/01/16 21:55:43 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\frmwrk32.exe
    MOD - [2008/12/07 21:31:02 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\adtsh.dll
    O2 - BHO: (Rmn plugin) - {E8FD36B2-A25B-47e3-9477-82557F5F5995} - C:\WINDOWS\System32\savec32.dll (Amway LLC)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - File not found
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gitanjali\My Documents\My Pictures\baby krsna.bmp
    [2008/11/08 10:43:02 | 000,019,315 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\givanuwuk.db
    [2008/11/05 23:56:14 | 000,018,291 | ---- | C] () -- C:\Documents and  Settings\Gitanjali\Local Settings\Application Data\amisudy.bin
    [2008/11/05 23:56:14 | 000,013,391 | ---- | C] () -- C:\Documents and  Settings\Gitanjali\Local Settings\Application Data\cevebe.vbs
    [2008/11/05 23:56:14 | 000,010,968 | ---- | C] () -- C:\Documents and  Settings\Gitanjali\Local Settings\Application Data\emusivyfu.lib
    [2008/11/05 23:56:14 | 000,010,898 | ---- | C] () -- C:\Documents and  Settings\Gitanjali\Local Settings\Application Data\pawagulowu.db
    [2007/10/26 16:05:04 | 000,000,022 | ---- | C] () -- C:\Documents and  Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
    
    
    :Commands
    [purity]
    [resethosts]
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

Download mbam-rules.exe using your cellphone or other computer. Transfer to this PC and run it. This file will update the MalwareBytes' database.

  • Re-open MalwareBytes' Anti-Malware.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




# Step 3 #

Run ComboFix again and post the log.


# Step 4 #

Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


# Step 5 #

Logs I want to see in your next reply:

  • OTL Fix log
  • MBAM report log.
  • ComboFix.txt log
  • Farbar Service Scanner log.

  • 0

#18
lawtel32

lawtel32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Internet doesn't work in safemode with networking, either.

Am downloading the various parts now and will run on the other laptop. Quick note, though - the link you gave to the update file for mbab doesn't work. I downloaded the latest one from their website, though.

Second note - I cannot update the mbam file. I've tried uninstalling / reinstalling a few times with the latest versions, but it doesn't work. It says that the file is corrupted.

It has detected a few things anyway, and says its only 50 days out of date, which isn't terrible at least.
  • 0

#19
lawtel32

lawtel32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Combofix isn't running again. Unsure why.

Here are the other logs, though:

All processes killed
========== COMMANDS ==========
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== OTL ==========
No active process named frmwrk32.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8FD36B2-A25B-47e3-9477-82557F5F5995}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8FD36B2-A25B-47e3-9477-82557F5F5995}\ not found.
File C:\WINDOWS\System32\savec32.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\windows\system32\userinit.exe deleted successfully.
Item C:\WINDOWS\system32\userinit.exe is whitelisted and cannot be moved.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\twext.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\BackupWallPaper deleted successfully.
C:\Documents and Settings\Gitanjali\My Documents\My Pictures\baby krsna.bmp moved successfully.
C:\Documents and Settings\Gitanjali\Application Data\givanuwuk.db moved successfully.
File C:\Documents and Settings\Gitanjali\Local Settings\Application Data\amisudy.bin not found.
File C:\Documents and Settings\Gitanjali\Local Settings\Application Data\cevebe.vbs not found.
File C:\Documents and Settings\Gitanjali\Local Settings\Application Data\emusivyfu.lib not found.
File C:\Documents and Settings\Gitanjali\Local Settings\Application Data\pawagulowu.db not found.
File C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631 not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gitanjali
->Temp folder emptied: 475 bytes
->Temporary Internet Files folder emptied: 150183 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2801599 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Gitanjali
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.33.1 log created on 03042012_120055

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


==============

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Gitanjali :: YOUR-E659457A65 [administrator]

Protection: Disabled

04/03/2012 12:19:38
mbam-log-2012-03-04 (12-19-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233345
Time elapsed: 26 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21DC8E21-98CF-454F-8860-66A32358E3D3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{21DC8E21-98CF-454F-8860-66A32358E3D3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{21DC8E21-98CF-454F-8860-66A32358E3D3} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Qoobox\Quarantine\C\WINDOWS\system32\savec32.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1283C4C2-5C9F-4160-B9A2-AC1BC36A6A58}\RP6\A0019385.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12062005_065934\C_WINDOWS\system32\rs32net.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\12062005_065934\C_WINDOWS\system32\_scui.cpl (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.AntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msonlineaz.dll (Trojan.BHO) -> Quarantined and deleted successfully.

(end)


============

Farbar Service Scanner Version: 01-03-2012
Ran by Gitanjali (administrator) on 04-03-2012 at 12:58:40
Running from "C:\Documents and Settings\Gitanjali\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2006-09-13 12:41] - [2006-05-19 12:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2006-09-13 12:41] - [2008-08-14 09:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2006-09-13 12:42] - [2004-08-10 12:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2006-09-13 12:42] - [2008-06-20 10:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2006-09-13 12:42] - [2004-08-10 12:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2006-09-13 12:41] - [2008-02-20 05:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll
[2006-09-13 12:42] - [2004-08-10 12:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2006-09-13 12:42] - [2005-08-22 18:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2006-09-13 13:54] - [2004-08-10 12:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2006-09-13 13:57] - [2004-08-10 12:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2006-09-13 13:57] - [2004-08-10 12:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2006-09-13 12:42] - [2004-08-10 12:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2006-09-13 13:54] - [2004-08-10 12:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2006-09-13 13:58] - [2004-08-10 12:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2006-09-13 13:58] - [2004-08-10 12:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2006-09-13 12:42] - [2008-07-07 20:06] - 0253952 ____A (Microsoft Corporation) A4AB3DCA4A383F0DF4988ABDEB84F9A4

C:\WINDOWS\system32\cryptsvc.dll
[2006-09-13 12:41] - [2004-08-10 12:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2006-09-13 12:42] - [2009-01-17 21:30] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2006-09-13 12:42] - [2005-07-26 04:20] - 0398336 ____A (Microsoft Corporation) C369DF215D352B6F3A0B8C3469AA34F8

C:\WINDOWS\system32\services.exe
[2006-09-13 12:42] - [2004-08-10 12:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
DNE(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000006000000070000000500000009000000
IpSec Tag value is correct.

**** End of log ****

==================

I'm running mbam again to see if anything has regenerated, and will continue trying to run combofix.

Also noteworthy - I changed my desktop to a normal picture yesterday, but it has reverted to a black screen today. Unsure why?

Thanks for your help so far
  • 0

#20
lawtel32

lawtel32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Laptop seems to be running alright after I just switched it on. Unsure if this will be permanent though?
  • 0

#21
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Laptop seems to be running alright after I just switched it on. Unsure if this will be permanent though?

The internet connection works now?

# Step 1 #


Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    net start dnscache /c
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache]
    "Start"=dword:00000002
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

  • Run OTL
  • Copy the lines in red
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Back to the program and paste the text in red in the text box "Custom Scan / Fixes"
  • Click on Run Scan button
  • The examination takes a while, be patient.
  • Copy the entire contents of the log OTL.txt and post in your next reply


# Step 3 #

Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#22
lawtel32

lawtel32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logs, in order requested:

========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
========== FILES ==========
< net start dnscache /c >
C:\Documents and Settings\Gitanjali\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Gitanjali\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\\"Start"|dword:00000002 /E : value set successfully!

OTL by OldTimer - Version 3.2.33.1 log created on 03082012_225016

----------------
  • 0

#23
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

You forgot to post the logs:

  • OTL.txt log
  • Farbar Service Scanner (FSS.txt) log.


And didn't reply my question:

Laptop seems to be running alright after I just switched it on. Unsure if this will be permanent though?

The internet connection works now?


Edited by GLeobas, 08 March 2012 - 06:51 PM.

  • 0

#24
lawtel32

lawtel32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Didn't forget - the scan took a long time, so I went to bed and was going to post them this morning ;-)

Internet is running alright now. Still have a black screen, though, which reverts to it each time the computer boots up.

Last OTL

This has disappeared overnight? It's not in the _otl folder.

I'll run it again.

[EDIT]

It was on the desktop. Here t'is

OTL logfile created on: 08/03/2012 22:56:47 - Run 4
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Gitanjali\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.98 Mb Total Physical Memory | 328.82 Mb Available Physical Memory | 32.43% Memory free
2.39 Gb Paging File | 1.82 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 36.65 Gb Free Space | 65.57% Space Free | Partition Type: NTFS

Computer Name: YOUR-E659457A65 | User Name: Gitanjali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/04 14:51:43 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/03/04 14:40:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/03/04 14:40:06 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/02/22 19:19:40 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gitanjali\Desktop\OTL.scr
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/02/04 14:26:17 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/08/25 12:47:12 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/05/19 19:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006/03/16 20:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/03/02 22:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 11:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/05/12 09:31:38 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/04/11 10:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/17 23:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/06/10 12:48:04 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/08 14:28:52 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\ppgooglenaclpluginchrome.dll
MOD - [2012/03/08 14:28:51 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\pdf.dll
MOD - [2012/03/08 14:27:26 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\avutil-51.dll
MOD - [2012/03/08 14:27:24 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\avformat-53.dll
MOD - [2012/03/08 14:27:23 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\avcodec-53.dll
MOD - [2012/03/08 09:39:20 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\gcswf32.dll
MOD - [2007/07/16 11:58:10 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2006/01/04 17:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2004/07/20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2004/06/10 12:48:04 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/03/04 14:40:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/26 06:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/04 14:26:17 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/02/07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 23:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2012/03/04 14:40:02 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/03/04 14:40:01 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2012/03/04 14:38:14 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/12/08 00:02:43 | 000,032,768 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ati0dkxx.sys -- (ati0dkxx)
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/02/06 09:00:00 | 000,383,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/14 11:19:03 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/30 15:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/05 14:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/02 00:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/22 06:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/13 16:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/30 17:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 09:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/10/20 13:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 13:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/06/11 09:31:00 | 000,330,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 21:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/05 19:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/01/16 22:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/12/30 19:31:03 | 000,000,000 | ---D | M]

[2008/08/30 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Extensions
[2012/03/03 18:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Firefox\Profiles\qk17jzoj.default\extensions
[2008/09/02 07:42:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Firefox\Profiles\qk17jzoj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/02 08:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/10/05 19:50:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2007/06/11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2008/12/30 19:31:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/12/30 19:31:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/12/30 19:31:00 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/12/30 19:31:00 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: NPVeohVersion4 plugin (Enabled) = C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/04 12:00:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23ACFFD4-5923-4153-96CB-CA88E2D6379C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 14:00:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell - "" = AutoRun
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

MsConfig - Services: "x10nets"
MsConfig - Services: "LiveUpdate"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe - (Sony Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Gitanjali^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Antispyware - hkey= - key= - File not found
MsConfig - StartUpReg: Antivirus Pro 2009 - hkey= - key= - File not found
MsConfig - StartUpReg: AVG7_CC - hkey= - key= - File not found
MsConfig - StartUpReg: brastk - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: eyeBeam SIP Client - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TFncKy - hkey= - key= - File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TPSMain - hkey= - key= - File not found
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Veoh - hkey= - key= - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 22:04:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/03/08 22:04:26 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/03/08 22:01:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/08 21:50:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/03/07 10:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Downloads
[2012/03/07 08:18:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/06 16:52:31 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/03/06 16:51:42 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/03/06 16:51:26 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/03/06 16:50:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/03/06 16:49:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/03/06 16:48:53 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/03/06 16:48:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/03/06 16:46:44 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/03/06 16:46:40 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/03/06 16:33:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2012/03/06 16:25:36 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/03/06 16:22:13 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/03/06 16:21:33 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/03/06 16:19:18 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2012/03/04 15:40:25 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/04 15:17:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/04 15:11:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/03/04 14:58:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/03/04 14:58:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/03/04 14:58:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/03/04 14:58:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/03/04 14:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Start Menu\Programs\Google Chrome
[2012/03/04 14:54:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/03/04 14:44:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/03/04 13:01:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/04 12:52:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/03/04 12:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 12:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/04 12:17:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/04 12:17:30 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gitanjali\Desktop\mbam--setup-1.60.1.1000-1.exe
[2012/02/26 09:58:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/15 20:23:23 | 002,149,870 | -H-- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\IconCache.db
[2009/01/14 21:01:43 | 000,009,758 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v1.cab
[2009/01/13 23:04:57 | 000,006,714 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v2.cab
[2009/01/10 14:24:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v2.cab
[2009/01/10 14:24:39 | 000,051,322 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v1.cab
[2008/11/05 23:56:14 | 000,018,291 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\amisudy.bin
[2008/11/05 23:56:14 | 000,013,391 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\cevebe.vbs
[2008/11/05 23:56:14 | 000,010,968 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\emusivyfu.lib
[2008/11/05 23:56:14 | 000,010,898 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\pawagulowu.db
[2007/10/26 16:05:04 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2007/07/25 20:12:40 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\wklnhst.dat
[2007/06/10 18:11:10 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/10 15:40:53 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\ViewerApp.dat
[2006/11/19 18:25:59 | 000,034,680 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/11/19 18:25:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\fusioncache.dat
[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 22:56:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1117873250-2043491756-2107761034-1005UA.job
[2012/03/08 22:07:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/08 22:04:17 | 000,000,949 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/03/08 21:58:23 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\Google Chrome.lnk
[2012/03/08 21:58:23 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/08 21:53:14 | 000,409,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/08 21:53:14 | 000,065,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/08 21:49:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/08 21:48:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/08 21:48:15 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 14:56:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1117873250-2043491756-2107761034-1005Core.job
[2012/03/07 08:46:04 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/07 08:17:39 | 002,001,466 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2012/03/04 15:17:49 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/03/04 14:49:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/03/04 14:00:28 | 004,425,722 | R--- | M] (Swearware) -- C:\Documents and Settings\Gitanjali\Desktop\ComboFix.exe
[2012/03/04 13:13:10 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gitanjali\Desktop\mbam--setup-1.60.1.1000-1.exe
[2012/03/04 12:19:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/04 12:00:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/03/04 11:54:30 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\FSS.exe
[2012/02/23 22:05:56 | 001,251,328 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\RogueKiller.exe
[2012/02/22 19:19:40 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gitanjali\Desktop\OTL.scr
[2012/02/22 18:30:34 | 000,318,369 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\HiJackThis.zip
[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[29 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/08 21:53:04 | 000,000,949 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/03/06 16:22:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/06 16:22:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/03/04 15:17:49 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/03/04 15:17:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/04 14:55:00 | 000,002,316 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\Google Chrome.lnk
[2012/03/04 14:55:00 | 000,002,294 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/04 14:51:50 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1117873250-2043491756-2107761034-1005UA.job
[2012/03/04 14:51:48 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1117873250-2043491756-2107761034-1005Core.job
[2012/03/04 13:45:42 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/04 12:19:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/04 12:00:32 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\FSS.exe
[2012/02/26 09:58:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/26 09:58:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

========== Custom Scans ==========


< etsvcs >

< %SYSTEMDRIVE%\*.* >
[2006/09/13 14:00:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/19 00:43:39 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/03/04 15:17:49 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2006/09/13 14:00:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/04 22:37:27 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2012/03/08 21:48:15 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/12 16:51:54 | 000,921,624 | ---- | M] () -- C:\img1-001.raw
[2006/09/13 14:00:59 | 000,000,000 | R-S- | M] () -- C:\IO.SYS
[2006/11/27 17:33:08 | 000,000,327 | ---- | M] () -- C:\IPH.PH
[2006/09/13 14:00:59 | 000,000,000 | R-S- | M] () -- C:\MSDOS.SYS
[2004/08/10 12:00:00 | 000,047,564 | R-S- | M] () -- C:\NTDETECT.COM
[2012/03/04 14:49:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/03/08 21:48:14 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/02/01 23:15:11 | 000,030,720 | ---- | M] () -- C:\r.doc
[2007/04/14 13:42:43 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2007/04/22 17:32:10 | 000,000,304 | ---- | M] () -- C:\sqmdata01.sqm
[2007/04/27 00:54:57 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2007/04/27 06:19:11 | 000,000,268 | ---- | M] () -- C:\sqmdata03.sqm
[2007/04/27 13:32:07 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm
[2007/04/27 15:07:52 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm
[2007/04/28 02:34:57 | 000,000,268 | ---- | M] () -- C:\sqmdata06.sqm
[2007/05/18 21:09:35 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
[2007/05/21 14:50:46 | 000,000,268 | ---- | M] () -- C:\sqmdata08.sqm
[2007/08/28 21:07:34 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
[2008/02/24 01:32:29 | 000,000,232 | ---- | M] () -- C:\sqmdata10.sqm
[2008/03/27 20:01:13 | 000,000,232 | ---- | M] () -- C:\sqmdata11.sqm
[2008/03/27 20:01:41 | 000,000,232 | ---- | M] () -- C:\sqmdata12.sqm
[2008/03/27 20:03:18 | 000,000,232 | ---- | M] () -- C:\sqmdata13.sqm
[2008/03/27 20:07:48 | 000,000,232 | ---- | M] () -- C:\sqmdata14.sqm
[2007/03/12 21:39:29 | 000,000,232 | ---- | M] () -- C:\sqmdata15.sqm
[2007/03/12 21:39:29 | 000,000,232 | ---- | M] () -- C:\sqmdata16.sqm
[2007/03/12 21:39:29 | 000,000,232 | ---- | M] () -- C:\sqmdata17.sqm
[2007/03/13 01:08:39 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
[2007/04/14 12:22:38 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm
[2007/04/14 13:42:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2007/04/22 17:32:10 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2007/04/27 00:54:57 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2007/04/27 06:19:11 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2007/04/27 13:32:07 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2007/04/27 15:07:52 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2007/04/28 02:34:57 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
[2007/05/18 21:09:35 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
[2007/05/21 14:50:46 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm
[2007/08/28 21:07:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
[2007/08/28 21:07:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
[2008/02/24 01:32:29 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
[2008/03/27 20:01:13 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
[2008/03/27 20:01:41 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
[2008/03/27 20:03:18 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
[2008/03/27 20:07:48 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
[2007/03/12 21:39:29 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
[2007/03/12 21:39:29 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
[2007/03/13 01:08:39 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2007/04/14 12:22:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm
[2009/02/01 23:15:22 | 000,022,016 | ---- | M] () -- C:\Summary of arguments.doc
[2006/09/21 00:34:59 | 000,000,388 | ---- | M] () -- C:\SWSTAMP.TXT
[2009/01/20 00:12:12 | 000,000,135 | ---- | M] () -- C:\VundoFix.txt
[2008/08/25 23:17:38 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %PROGRAMFILES%\*.* >


< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 11:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/01/17 21:30:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/16 11:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 11:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/16 11:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/12/16 11:00:16 | 000,634,680 | ---- | M] (Microsoft Corporation)

< End of report >



FSS Log:

Farbar Service Scanner Version: 01-03-2012
Ran by Gitanjali (administrator) on 09-03-2012 at 07:14:32
Running from "C:\Documents and Settings\Gitanjali\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000006000000070000000500000009000000
IpSec Tag value is correct.

**** End of log ****

Edited by lawtel32, 09 March 2012 - 01:18 AM.

  • 0

#25
lawtel32

lawtel32

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Just so you have all of the reports - here is the report I just run

OTL logfile created on: 09/03/2012 07:17:34 - Run 5
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Gitanjali\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.98 Mb Total Physical Memory | 469.75 Mb Available Physical Memory | 46.33% Memory free
2.39 Gb Paging File | 1.90 Gb Available in Paging File | 79.56% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 35.96 Gb Free Space | 64.34% Space Free | Partition Type: NTFS

Computer Name: YOUR-E659457A65 | User Name: Gitanjali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/04 14:51:43 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/03/04 14:40:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/03/04 14:40:06 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/03/04 11:54:30 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\FSS.exe
PRC - [2012/02/22 19:19:40 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gitanjali\Desktop\OTL.scr
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/02/04 14:26:17 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/08/25 12:47:12 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/05/19 19:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006/03/16 20:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/03/02 22:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 11:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/05/12 09:31:38 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/04/11 10:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/17 23:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/06/10 12:48:04 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/08 14:28:52 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\ppgooglenaclpluginchrome.dll
MOD - [2012/03/08 14:28:51 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\pdf.dll
MOD - [2012/03/08 14:27:26 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\avutil-51.dll
MOD - [2012/03/08 14:27:24 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\avformat-53.dll
MOD - [2012/03/08 14:27:23 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\avcodec-53.dll
MOD - [2012/03/08 09:39:20 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\gcswf32.dll
MOD - [2012/03/04 11:54:30 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\FSS.exe
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/16 11:58:10 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2006/01/04 17:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2004/07/20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2004/06/10 12:48:04 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/03/04 14:40:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/26 06:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/04 14:26:17 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/02/07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 23:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2012/03/04 14:40:02 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/03/04 14:40:01 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2012/03/04 14:38:14 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/12/08 00:02:43 | 000,032,768 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ati0dkxx.sys -- (ati0dkxx)
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/02/06 09:00:00 | 000,383,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/14 11:19:03 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/30 15:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/05 14:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/02 00:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/22 06:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/13 16:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/30 17:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 09:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/10/20 13:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 13:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/06/11 09:31:00 | 000,330,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 21:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/05 19:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/01/16 22:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/12/30 19:31:03 | 000,000,000 | ---D | M]

[2008/08/30 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Extensions
[2012/03/03 18:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Firefox\Profiles\qk17jzoj.default\extensions
[2008/09/02 07:42:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Firefox\Profiles\qk17jzoj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/02 08:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/10/05 19:50:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2007/06/11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2008/12/30 19:31:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/12/30 19:31:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/12/30 19:31:00 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/12/30 19:31:00 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: NPVeohVersion4 plugin (Enabled) = C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/04 12:00:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23ACFFD4-5923-4153-96CB-CA88E2D6379C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 14:00:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell - "" = AutoRun
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "x10nets"
MsConfig - Services: "LiveUpdate"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe - (Sony Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Gitanjali^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Antispyware - hkey= - key= - File not found
MsConfig - StartUpReg: Antivirus Pro 2009 - hkey= - key= - File not found
MsConfig - StartUpReg: AVG7_CC - hkey= - key= - File not found
MsConfig - StartUpReg: brastk - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: eyeBeam SIP Client - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TFncKy - hkey= - key= - File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TPSMain - hkey= - key= - File not found
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Veoh - hkey= - key= - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 03:08:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/09 03:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/03/09 03:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/03/09 03:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/03/09 03:04:51 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2012/03/09 03:04:51 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2012/03/09 03:04:51 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2012/03/09 03:04:51 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2012/03/09 03:04:50 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2012/03/09 03:04:50 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2012/03/09 03:04:50 | 000,000,000 | ---D | C] -- C:\8fbc179e3749ed6c9673f189fde9902e
[2012/03/08 23:24:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gitanjali\IETldCache
[2012/03/08 22:04:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/03/08 22:04:26 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/03/08 22:01:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/07 10:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Downloads
[2012/03/06 16:52:31 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/03/06 16:51:42 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/03/06 16:51:26 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/03/06 16:50:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/03/06 16:49:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/03/06 16:48:53 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/03/06 16:48:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/03/06 16:46:44 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/03/06 16:46:40 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/03/06 16:33:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2012/03/06 16:25:36 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/03/06 16:22:13 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/03/06 16:21:33 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/03/06 16:19:18 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2012/03/04 15:40:25 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/04 15:17:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/04 15:11:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/03/04 14:58:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/03/04 14:58:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/03/04 14:58:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/03/04 14:58:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/03/04 14:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Start Menu\Programs\Google Chrome
[2012/03/04 14:54:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/03/04 14:44:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/03/04 13:01:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/04 12:52:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/03/04 12:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 12:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/04 12:17:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/04 12:17:30 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gitanjali\Desktop\mbam--setup-1.60.1.1000-1.exe
[2012/02/26 09:58:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/15 20:23:23 | 002,149,870 | -H-- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\IconCache.db
[2009/01/14 21:01:43 | 000,009,758 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v1.cab
[2009/01/13 23:04:57 | 000,006,714 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v2.cab
[2009/01/10 14:24:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v2.cab
[2009/01/10 14:24:39 | 000,051,322 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v1.cab
[2008/11/05 23:56:14 | 000,018,291 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\amisudy.bin
[2008/11/05 23:56:14 | 000,013,391 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\cevebe.vbs
[2008/11/05 23:56:14 | 000,010,968 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\emusivyfu.lib
[2008/11/05 23:56:14 | 000,010,898 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\pawagulowu.db
[2007/10/26 16:05:04 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2007/07/25 20:12:40 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\wklnhst.dat
[2007/06/10 18:11:10 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/10 15:40:53 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\ViewerApp.dat
[2006/11/19 18:25:59 | 000,034,680 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/11/19 18:25:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\fusioncache.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/09 06:56:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1117873250-2043491756-2107761034-1005UA.job
[2012/03/09 03:28:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/09 03:27:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/09 03:27:24 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/09 03:27:23 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/09 03:09:41 | 000,443,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/09 03:09:41 | 000,072,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/08 23:25:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/08 22:07:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/08 21:58:23 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\Google Chrome.lnk
[2012/03/08 21:58:23 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 14:56:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1117873250-2043491756-2107761034-1005Core.job
[2012/03/07 08:17:39 | 002,001,466 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2012/03/04 15:17:49 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/03/04 14:49:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/03/04 14:00:28 | 004,425,722 | R--- | M] (Swearware) -- C:\Documents and Settings\Gitanjali\Desktop\ComboFix.exe
[2012/03/04 13:13:10 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gitanjali\Desktop\mbam--setup-1.60.1.1000-1.exe
[2012/03/04 12:19:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/04 12:00:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/03/04 11:54:30 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\FSS.exe
[2012/02/23 22:05:56 | 001,251,328 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\RogueKiller.exe
[2012/02/22 19:19:40 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gitanjali\Desktop\OTL.scr
[2012/02/22 18:30:34 | 000,318,369 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\HiJackThis.zip
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 16:22:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/06 16:22:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/03/04 15:17:49 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/03/04 15:17:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/04 14:55:00 | 000,002,316 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\Google Chrome.lnk
[2012/03/04 14:55:00 | 000,002,294 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/04 14:51:50 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1117873250-2043491756-2107761034-1005UA.job
[2012/03/04 14:51:48 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1117873250-2043491756-2107761034-1005Core.job
[2012/03/04 13:45:42 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/04 12:19:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/04 12:00:32 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\FSS.exe
[2012/02/26 09:58:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/26 09:58:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/13 14:00:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/01/19 00:43:39 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/03/04 15:17:49 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2006/09/13 14:00:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/04 22:37:27 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2012/03/09 03:27:23 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/12 16:51:54 | 000,921,624 | ---- | M] () -- C:\img1-001.raw
[2006/09/13 14:00:59 | 000,000,000 | R-S- | M] () -- C:\IO.SYS
[2006/11/27 17:33:08 | 000,000,327 | ---- | M] () -- C:\IPH.PH
[2006/09/13 14:00:59 | 000,000,000 | R-S- | M] () -- C:\MSDOS.SYS
[2004/08/10 12:00:00 | 000,047,564 | R-S- | M] () -- C:\NTDETECT.COM
[2012/03/04 14:49:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/03/09 03:27:21 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/02/01 23:15:11 | 000,030,720 | ---- | M] () -- C:\r.doc
[2007/04/14 13:42:43 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm
[2007/04/22 17:32:10 | 000,000,304 | ---- | M] () -- C:\sqmdata01.sqm
[2007/04/27 00:54:57 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm
[2007/04/27 06:19:11 | 000,000,268 | ---- | M] () -- C:\sqmdata03.sqm
[2007/04/27 13:32:07 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm
[2007/04/27 15:07:52 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm
[2007/04/28 02:34:57 | 000,000,268 | ---- | M] () -- C:\sqmdata06.sqm
[2007/05/18 21:09:35 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm
[2007/05/21 14:50:46 | 000,000,268 | ---- | M] () -- C:\sqmdata08.sqm
[2007/08/28 21:07:34 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm
[2008/02/24 01:32:29 | 000,000,232 | ---- | M] () -- C:\sqmdata10.sqm
[2008/03/27 20:01:13 | 000,000,232 | ---- | M] () -- C:\sqmdata11.sqm
[2008/03/27 20:01:41 | 000,000,232 | ---- | M] () -- C:\sqmdata12.sqm
[2008/03/27 20:03:18 | 000,000,232 | ---- | M] () -- C:\sqmdata13.sqm
[2008/03/27 20:07:48 | 000,000,232 | ---- | M] () -- C:\sqmdata14.sqm
[2007/03/12 21:39:29 | 000,000,232 | ---- | M] () -- C:\sqmdata15.sqm
[2007/03/12 21:39:29 | 000,000,232 | ---- | M] () -- C:\sqmdata16.sqm
[2007/03/12 21:39:29 | 000,000,232 | ---- | M] () -- C:\sqmdata17.sqm
[2007/03/13 01:08:39 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm
[2007/04/14 12:22:38 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm
[2007/04/14 13:42:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2007/04/22 17:32:10 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2007/04/27 00:54:57 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
[2007/04/27 06:19:11 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
[2007/04/27 13:32:07 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
[2007/04/27 15:07:52 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
[2007/04/28 02:34:57 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
[2007/05/18 21:09:35 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
[2007/05/21 14:50:46 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm
[2007/08/28 21:07:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
[2007/08/28 21:07:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
[2008/02/24 01:32:29 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
[2008/03/27 20:01:13 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
[2008/03/27 20:01:41 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
[2008/03/27 20:03:18 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
[2008/03/27 20:07:48 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
[2007/03/12 21:39:29 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
[2007/03/12 21:39:29 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
[2007/03/13 01:08:39 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
[2007/04/14 12:22:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm
[2009/02/01 23:15:22 | 000,022,016 | ---- | M] () -- C:\Summary of arguments.doc
[2006/09/21 00:34:59 | 000,000,388 | ---- | M] () -- C:\SWSTAMP.TXT
[2009/01/20 00:12:12 | 000,000,135 | ---- | M] () -- C:\VundoFix.txt
[2008/08/25 23:17:38 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %PROGRAMFILES%\*.* >


< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 11:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/01/17 21:30:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2008/12/30 19:31:00 | 000,509,528 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2008/12/30 19:30:56 | 000,307,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/03/08 14:28:54 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 12:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

Advertisements


#26
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How is your computer?

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    HKEY_cURRENT_USER\Control Panel\Desktop
    "wallpaper"="C:\WINDOWS\web\wallpaper\Bliss.bmp"
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Now, see if the wallpaper problem is fixed.



  • 0

#27
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP