Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer running SLOW, no virus/ malware/ adware detected

Started by Prathamesh , Apr 01 2012 01:22 PM

  • Please log in to reply

#1
Prathamesh
Posted 01 April 2012 - 01:22 PM

Prathamesh

    New Member

  • Member
  • Pip
  • 5 posts
Hello there,

I have HP desktop & Windows 7 Ultimate Edition operating system. I had purchased it in the year 2008. Since a last few months it is not working to the expectation. It has gone slow in opening up applications. No virus/ adware/ malware has been detected by Avast, Malwarebytes. I don't think have downloaded any new suspicious program(s) that might have slowed down my PC.

I'm attaching herewith the system summary drawn from PC Wizard for your information.

I referred to one of the posts related with this issue so I installed ComboFix and ran the scan. It has created the scan log. Have attached the CF scan log along with the System summary.

Also, these days I'm getting a weird sound from the CPU and of the fan. Is it because I haven't performed processor cleaning? Pl reply ASAP.

In the meantime, may you need to know more about my system's configuration, please ask for it and I will revert.

Please help in this regard as SLOW PC is really annoying.

Thanks,

Warm Regards,
Prathamesh.

Attached Files

  • Attached File  CF.txt   18.72KB   167 downloads
  • Attached File  System.txt   74.83KB   138 downloads

Edited by Prathamesh, 01 April 2012 - 01:27 PM.

  • 0

Advertisements

#2
Macboatmaster
Posted 01 April 2012 - 02:27 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
Prathamesh

I will not be helping you as only qualifed Malware advisors assist on Malware issues.
However please see the guide to posting in the Malware fourm.

http://www.geekstogo...cleaning-guide/

Paying particular attention to step 2 and step 4.
Download OTL and copy and paste the OTL log
That is as described with a how to copy and paste.
Copy and paste this to your ORIGINAL post please.

This procedure will allow the advisor who answers your post to have a look at the log.
Thank you and please be patient as they are very busy in the Malware fourm
  • 0

#3
Prathamesh
Posted 02 April 2012 - 10:45 AM

Prathamesh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey, thanks Macboatmaster for your reply.

As per your advice, I installed OTL Fix n I'm attaching herewith the OTL Scan Log for reference.

I am aware that experts are busy resolving queries of others also so i would be patient. No issues :)

Regards,

Prathamesh.

Attached Files


  • 0

#4
Prathamesh
Posted 02 April 2012 - 10:47 AM

Prathamesh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL Scan Log -


OTL logfile created on: 02-04-2012 21:19:38 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Prathamesh\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1013.49 Mb Total Physical Memory | 238.87 Mb Available Physical Memory | 23.57% Memory free
1.99 Gb Paging File | 1.02 Gb Available in Paging File | 51.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 6.49 Gb Free Space | 16.61% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 20.36 Gb Free Space | 34.76% Space Free | Partition Type: NTFS
Drive E: | 51.38 Gb Total Space | 15.24 Gb Free Space | 29.66% Space Free | Partition Type: NTFS

Computer Name: PRATHAMESH-PC | User Name: Prathamesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-04-02 21:18:11 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Prathamesh\Downloads\OTL.exe
PRC - [2012-03-07 05:45:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-03-07 05:45:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-03-07 05:45:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-08-01 07:25:04 | 003,417,496 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-09-01 19:37:04 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010-03-27 16:07:20 | 000,751,464 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009-03-02 14:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-14 07:38:14 | 000,441,328 | ---- | M] () -- C:\Users\Prathamesh\AppData\Local\Google\Chrome\Application\18.0.1025.58\ppgooglenaclpluginchrome.dll
MOD - [2012-03-14 07:38:12 | 003,890,672 | ---- | M] () -- C:\Users\Prathamesh\AppData\Local\Google\Chrome\Application\18.0.1025.58\pdf.dll
MOD - [2012-03-14 07:36:45 | 000,122,880 | ---- | M] () -- C:\Users\Prathamesh\AppData\Local\Google\Chrome\Application\18.0.1025.58\avutil-51.dll
MOD - [2012-03-14 07:36:44 | 000,220,672 | ---- | M] () -- C:\Users\Prathamesh\AppData\Local\Google\Chrome\Application\18.0.1025.58\avformat-53.dll
MOD - [2012-03-14 07:36:43 | 001,747,456 | ---- | M] () -- C:\Users\Prathamesh\AppData\Local\Google\Chrome\Application\18.0.1025.58\avcodec-53.dll
MOD - [2012-03-14 06:53:28 | 008,593,056 | ---- | M] () -- C:\Users\Prathamesh\AppData\Local\Google\Chrome\Application\18.0.1025.58\gcswf32.dll
MOD - [2011-10-26 17:41:20 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2010-03-15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012-03-07 05:45:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-03-07 05:45:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012-02-15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-01-04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-09-09 07:16:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-09-01 21:44:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-09-01 19:37:04 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010-04-06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010-03-27 16:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-03-02 14:06:16 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PRATHA~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012-04-02 21:05:15 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012-03-07 05:34:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012-03-07 05:33:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-03-07 05:33:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-03-07 05:33:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012-03-07 05:32:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012-03-07 05:32:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012-03-07 05:31:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-03-07 05:31:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-03-07 05:31:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-03-07 05:14:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012-01-09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012-01-09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012-01-09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012-01-09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-12-10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-11-28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2011-07-06 20:44:42 | 000,089,376 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-09-01 19:37:05 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010-09-01 19:37:03 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010-09-01 19:37:00 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010-09-01 19:36:53 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010-04-22 15:08:26 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2009-07-27 12:36:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007-04-23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007-04-23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007-04-23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007-04-23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007-04-23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/9514
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKCU\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...urceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/se...tf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "http://www.mail.ru/"
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/se...f8in=1&fr=ietb"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "mail.ru: Поиск в Интернете"
FF - prefs.js..browser.startup.homepage: "http://www.mail.ru/cnt/9514"
FF - prefs.js..keyword.URL: "http://in.search.yah...r=ytff-ytbm&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Prathamesh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Prathamesh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-31 00:20:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012-01-22 06:28:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-06-22 01:34:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Prathamesh\AppData\Roaming\IDM\idmmzcc5 [2011-08-13 00:33:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Prathamesh\AppData\Roaming\IDM\idmmzcc5 [2011-08-13 00:33:00 | 000,000,000 | ---D | M]

[2010-12-02 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prathamesh\AppData\Roaming\Mozilla\Extensions
[2010-09-10 11:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prathamesh\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010-09-15 16:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prathamesh\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012-03-31 00:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Prathamesh\AppData\Roaming\Mozilla\Firefox\Profiles\bazaoyj8.default\extensions
[2012-03-31 00:16:48 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Users\Prathamesh\AppData\Roaming\Mozilla\Firefox\Profiles\bazaoyj8.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2011-08-23 21:54:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Prathamesh\AppData\Roaming\Mozilla\Firefox\Profiles\bazaoyj8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012-02-25 22:02:10 | 000,000,000 | ---D | M] (mobilewitch Community Toolbar) -- C:\Users\Prathamesh\AppData\Roaming\Mozilla\Firefox\Profiles\bazaoyj8.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}
[2012-03-31 00:20:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-08-13 00:33:00 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PRATHAMESH\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\PRATHAMESH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BAZAOYJ8.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Prathamesh\AppData\Local\Google\Chrome\Application\18.0.1025.58\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Prathamesh\AppData\Local\Google\Chrome\Application\18.0.1025.58\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Prathamesh\AppData\Local\Google\Chrome\Application\18.0.1025.58\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Prathamesh\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Prathamesh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Entanglement = C:\Users\Prathamesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: avast! WebRep = C:\Users\Prathamesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Poppit = C:\Users\Prathamesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012-04-02 00:26:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Prathamesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 113.193.1.60 113.193.0.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C98CBC19-9E32-415F-BD2F-564DE0556D35}: DhcpNameServer = 113.193.1.60 113.193.0.148
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-10-21 00:30:07 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{b5cc4a6f-b5c7-11df-a3fa-806e6f6e6963}\bootwiz\asrm.bin)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-02 00:29:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-04-02 00:29:14 | 000,000,000 | ---D | C] -- C:\Users\Prathamesh\AppData\Local\temp
[2012-04-02 00:15:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-04-02 00:15:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-04-02 00:15:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-04-02 00:15:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-04-02 00:15:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-04-02 00:15:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-31 01:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012-03-31 00:22:38 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012-03-31 00:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012-03-31 00:22:37 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012-03-31 00:22:17 | 000,112,984 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012-03-31 00:21:41 | 000,196,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012-03-31 00:21:40 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012-03-31 00:21:40 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012-03-31 00:21:39 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012-03-31 00:21:38 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012-03-31 00:21:38 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012-03-31 00:20:15 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012-03-31 00:20:14 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-03-31 00:20:12 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012-03-31 00:17:03 | 000,000,000 | ---D | C] -- C:\Users\Prathamesh\AppData\Roaming\SkyMonk
[2012-03-31 00:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mail.Ru
[2012-03-22 01:23:43 | 000,000,000 | ---D | C] -- C:\Users\Prathamesh\AppData\Local\Xenocode
[2012-03-21 23:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012-03-19 14:43:33 | 000,000,000 | ---D | C] -- C:\Users\Prathamesh\AppData\Roaming\GRETECH
[2012-03-18 02:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2012-03-16 23:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012-03-16 23:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012-03-16 23:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012-03-16 23:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-03-16 23:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012-03-16 23:02:54 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012-03-16 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\Prathamesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012-03-13 22:18:58 | 000,000,000 | ---D | C] -- C:\Users\Prathamesh\Desktop\Passport
[2012-03-10 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012-03-10 13:09:48 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2012-03-10 01:01:17 | 000,000,000 | ---D | C] -- C:\Intel
[2012-03-10 01:01:09 | 000,000,000 | ---D | C] -- C:\dell
[2012-03-10 00:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Wizard 2008
[2012-03-10 00:48:36 | 000,000,000 | ---D | C] -- C:\Windows\Java
[2012-03-10 00:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\PC Wizard 2008
[2012-03-10 00:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2012-03-10 00:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Tool
[2012-03-08 14:20:42 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012-03-08 14:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012-03-08 13:42:30 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012-03-08 13:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012-03-08 13:24:01 | 000,000,000 | ---D | C] -- C:\Users\Prathamesh\AppData\Roaming\pdfforge
[2012-03-08 13:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012-03-05 02:37:32 | 000,000,000 | ---D | C] -- C:\Users\Prathamesh\Documents\Bus Driver
[2012-03-03 23:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-03-03 23:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012-03-03 23:50:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[3 C:\Users\Prathamesh\*.tmp files -> C:\Users\Prathamesh\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-02 21:13:31 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-04-02 21:13:31 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-04-02 21:05:28 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-04-02 21:05:15 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012-04-02 21:05:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-04-02 21:05:09 | 797,040,640 | -HS- | M] () -- C:\hiberfil.sys
[2012-04-02 20:49:44 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2888005095-3702456125-497021380-1001UA.job
[2012-04-02 00:32:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-04-02 00:26:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-04-01 22:45:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2888005095-3702456125-497021380-1001Core.job
[2012-04-01 00:19:43 | 000,630,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-04-01 00:19:43 | 000,111,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-03-31 23:12:36 | 001,760,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-03-31 01:24:36 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyts.lnk
[2012-03-31 00:22:39 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! IS.lnk
[2012-03-31 00:21:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012-03-18 02:00:53 | 000,001,149 | ---- | M] () -- C:\Users\Prathamesh\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012-03-16 22:15:49 | 000,002,342 | ---- | M] () -- C:\Users\Prathamesh\Desktop\Google Chrome.lnk
[2012-03-11 19:49:05 | 000,000,000 | ---- | M] () -- C:\Users\Prathamesh\AppData\Roaming\FileOut.cns
[2012-03-11 19:49:05 | 000,000,000 | ---- | M] () -- C:\Users\Prathamesh\AppData\Roaming\FileIn.cns
[2012-03-10 01:18:48 | 000,014,774 | ---- | M] () -- C:\Windows\System32\results.xml
[2012-03-08 14:35:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-03-07 05:45:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-03-07 05:45:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012-03-07 05:34:25 | 000,112,984 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012-03-07 05:33:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012-03-07 05:33:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012-03-07 05:33:23 | 000,196,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012-03-07 05:32:43 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012-03-07 05:32:14 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012-03-07 05:31:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012-03-07 05:31:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012-03-07 05:31:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012-03-07 05:14:51 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[3 C:\Users\Prathamesh\*.tmp files -> C:\Users\Prathamesh\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-02 00:15:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-04-02 00:15:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-04-02 00:15:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-04-02 00:15:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-04-02 00:15:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-03-31 23:12:19 | 001,760,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-03-31 01:24:36 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyts.lnk
[2012-03-31 00:50:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012-03-31 00:22:39 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! IS.lnk
[2012-03-18 02:00:53 | 000,001,149 | ---- | C] () -- C:\Users\Prathamesh\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012-03-16 22:15:49 | 000,002,342 | ---- | C] () -- C:\Users\Prathamesh\Desktop\Google Chrome.lnk
[2012-03-10 01:18:48 | 000,014,774 | ---- | C] () -- C:\Windows\System32\results.xml
[2012-03-10 00:48:36 | 000,027,136 | ---- | C] () -- C:\Windows\System32\PCWizard.cpl
[2012-03-08 13:23:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012-01-22 13:39:45 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012-01-20 00:20:43 | 000,632,832 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012-01-20 00:20:43 | 000,235,520 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012-01-16 22:28:14 | 000,192,696 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011-11-21 19:23:00 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011-10-17 22:22:42 | 000,012,616 | ---- | C] () -- C:\Windows\System32\nvdbase.dat
[2011-08-20 21:19:44 | 000,000,000 | ---- | C] () -- C:\Users\Prathamesh\AppData\Roaming\.googlewebacchosts
[2011-07-24 14:35:58 | 000,000,000 | ---- | C] () -- C:\Users\Prathamesh\AppData\Roaming\FileOut.cns
[2011-07-24 14:35:58 | 000,000,000 | ---- | C] () -- C:\Users\Prathamesh\AppData\Roaming\FileIn.cns
[2011-06-17 22:26:29 | 000,017,408 | ---- | C] () -- C:\Users\Prathamesh\AppData\Local\WebpageIcons.db
[2011-05-23 01:32:31 | 000,000,290 | ---- | C] () -- C:\ProgramData\hosts.ini
[2011-04-21 00:26:35 | 000,000,305 | ---- | C] () -- C:\Users\Prathamesh\AppData\Roaming\burnaware.ini
[2011-04-06 16:15:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-04-06 16:13:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-03-16 10:32:34 | 000,006,547 | ---- | C] () -- C:\Users\Prathamesh\AppData\Roaming\PrimoPDFSet.xml
[2011-03-06 22:38:17 | 000,000,169 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011-03-06 22:38:17 | 000,000,126 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-03-03 16:24:59 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010-12-02 23:56:34 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010-09-15 18:37:21 | 000,000,055 | ---- | C] () -- C:\Windows\Romantic Quotes.ini
[2010-09-15 18:36:53 | 000,000,046 | ---- | C] () -- C:\Windows\LoveIs.ini
[2010-09-09 07:11:38 | 000,181,299 | ---- | C] () -- C:\Windows\System32\msvcr71.dll.zip
[2010-09-09 06:51:37 | 000,000,050 | ---- | C] () -- C:\Windows\System32\dll4free.com.URL
[2010-09-04 09:23:55 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010-09-03 13:09:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010-09-02 18:51:44 | 000,000,015 | ---- | C] () -- C:\Windows\akoffice.ini
[2010-09-02 15:01:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010-09-01 22:03:19 | 000,008,704 | ---- | C] () -- C:\Users\Prathamesh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-01 20:30:04 | 000,000,025 | ---- | C] () -- C:\Users\Prathamesh\AppData\Roaming\bdfvconp.ini
[2010-09-01 20:08:56 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2010-09-01 20:08:56 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2010-09-01 20:06:52 | 000,000,009 | ---- | C] () -- C:\Windows\AkrutiReg.dat
[2010-09-01 20:06:03 | 000,213,980 | ---- | C] () -- C:\Windows\Reference.dat
[2010-09-01 20:04:39 | 002,383,947 | ---- | C] () -- C:\Windows\Diagnostics.exe
[2010-09-01 20:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\UnInstall.exe
[2010-09-01 20:04:17 | 000,094,208 | ---- | C] () -- C:\Windows\System32\DEV499WI.DLL
[2010-09-01 19:52:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010-09-01 19:25:14 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010-09-01 18:58:40 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-09-01 18:36:24 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2010-09-01 18:36:24 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2010-09-01 18:34:56 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010-09-01 18:31:52 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== LOP Check ==========

[2010-09-01 19:41:51 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\Acronis
[2012-01-24 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\AnvSoft
[2011-05-16 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\App Launcher Gadget
[2012-01-16 22:20:12 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\Applied Recognition Inc
[2012-01-16 22:19:56 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\com.appliedrec.Fotobounce
[2011-04-21 01:17:19 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2012-04-02 21:03:41 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\DMCache
[2011-11-17 10:42:35 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\IDM
[2010-12-02 23:34:14 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\LimeWire
[2011-06-22 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\Nokia
[2011-06-22 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\Nokia Ovi Suite
[2011-03-24 23:58:54 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\OpenCandy
[2010-12-03 23:28:40 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\PC Suite
[2012-03-08 13:24:01 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\pdfforge
[2011-06-20 17:44:10 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\Rainmeter
[2011-06-08 10:55:14 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\RegistryKeys
[2011-03-25 00:06:55 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\Reviversoft
[2012-03-31 00:17:15 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\SkyMonk
[2012-04-01 00:20:03 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\TeraCopy
[2011-08-10 00:57:35 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\TuneUp Software
[2012-03-29 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\uTorrent
[2010-09-10 11:16:49 | 000,000,000 | ---D | M] -- C:\Users\Prathamesh\AppData\Roaming\Vivox
[2012-02-29 10:44:33 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011-08-13 18:01:01 | 000,000,000 | ---D | M](C:\Windows\System32\??) -- C:\Windows\System32\ⷖ瞚
[2011-08-13 18:01:01 | 000,000,000 | ---D | C](C:\Windows\System32\??) -- C:\Windows\System32\ⷖ瞚

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:8CE646EE

< End of report >
  • 0

#5
Prathamesh
Posted 02 April 2012 - 10:49 AM

Prathamesh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I got one more scan log by name "OTL extras Log." I don't know what is it but I've pasted it hereinbelow -


OTL Extras logfile created on: 02-04-2012 21:19:38 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Prathamesh\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1013.49 Mb Total Physical Memory | 238.87 Mb Available Physical Memory | 23.57% Memory free
1.99 Gb Paging File | 1.02 Gb Available in Paging File | 51.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 6.49 Gb Free Space | 16.61% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 20.36 Gb Free Space | 34.76% Space Free | Partition Type: NTFS
Drive E: | 51.38 Gb Total Space | 15.24 Gb Free Space | 29.66% Space Free | Partition Type: NTFS

Computer Name: PRATHAMESH-PC | User Name: Prathamesh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0610.1
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 29
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0422.2
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = AcronisTrueImageHome
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.3
"avast" = avast! Internet Security
"BurnAware Free_is1" = BurnAware Free 3.4
"CCleaner" = CCleaner
"DFX for Winamp" = DFX for Winamp
"DFX for Windows Media Player" = DFX for Windows Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"IGI 2" = IGI 2
"Internet Download Manager" = Internet Download Manager
"MailRuSputnik" = Mail.Ru Спутник 2.4.0.508
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
"Nokia Ovi Suite" = Nokia Ovi Suite
"PC Wizard 2008_is1" = PC Wizard 2008.1.871
"Picasa 3" = Picasa 3
"Recuva" = Recuva
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeraCopy_is1" = TeraCopy 2.22
"Train Simulator 1.0" = Microsoft Train Simulator
"TVWiz" = Intel® TV Wizard
"uTorrent" = Torrent
"VLC media player" = VLC media player 1.1.4
"vsfilter_is1" = DirectVobSub 2.40.3884
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"xvid" = Xvid MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22-12-2011 02:25:28 | Computer Name = Prathamesh-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 22-12-2011 02:25:28 | Computer Name = Prathamesh-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 22-12-2011 02:25:28 | Computer Name = Prathamesh-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 22-12-2011 02:25:28 | Computer Name = Prathamesh-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 22-12-2011 02:25:29 | Computer Name = Prathamesh-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 22-12-2011 02:25:29 | Computer Name = Prathamesh-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 22-12-2011 02:25:29 | Computer Name = Prathamesh-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 22-12-2011 02:25:29 | Computer Name = Prathamesh-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 24-12-2011 15:03:56 | Computer Name = Prathamesh-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 31-12-2011 10:17:36 | Computer Name = Prathamesh-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

[ System Events ]
Error - 01-04-2012 14:44:06 | Computer Name = Prathamesh-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01-04-2012 14:47:08 | Computer Name = Prathamesh-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01-04-2012 14:47:48 | Computer Name = Prathamesh-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 01-04-2012 14:48:52 | Computer Name = Prathamesh-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avast! Firewall service.

Error - 01-04-2012 14:52:28 | Computer Name = Prathamesh-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 01-04-2012 14:56:55 | Computer Name = Prathamesh-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 01-04-2012 14:58:52 | Computer Name = Prathamesh-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avast! Firewall service.

Error - 01-04-2012 15:06:45 | Computer Name = Prathamesh-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 01-04-2012 15:07:15 | Computer Name = Prathamesh-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 02-04-2012 11:12:17 | Computer Name = Prathamesh-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 01:14:21 on ?02-?04-?2012 was unexpected.


< End of report >
  • 0

#6
Gammo
Posted 07 April 2012 - 09:00 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP