[godawgs]

I can't get an OTL scan to show me any files in the Aureus Downloads folder.

Step-1.

Since you now have the system set to show all hidden and system files/folders, go to C:\Users folder and see if you can see a faded looking Sayan folder. If you can:

• Right click on it and click Properties.
• At the bottom of the Properties window click the box beside Hide to clear the checkmark
• Click Apply and OK to close the window.
• Restart windows and see if the Sayan folder is now visible in the C:\Users folder.

Step-2

Hard-Drive Maintenance/Repair:

• Click on Start(Vista Orb).
• Click on All Programs >> Accessories
• Right click on Command Prompt and select Run as Administrator.
• Click on Continue at the UAC prompt.
• At the Command Prompt C:\Windows\System32> type in the following exactly:
  CD C:\
• Then depress the Enter/Return key, then type in the following exactly:
  DEFRAG C: -F
• A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
• This may take some time. When completed the Command Prompt C:\ > will appear.
• Now type in CHKDSK C: /R and hit the Enter/Return key.
• When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

• Hit the Y key then at the Command Prompt C:\ >
• Type in EXIT and and hit the Enter/Return key.
• Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:



Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.


Step-3

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if you can see the Sayan folder in C:\Users
2. Let me know what SFC and DiskChk found. (IF anything)

[Advertisements]

sorry for the late reply


it has been 12 hrs the dfrag is running... please wait i will post with results soon

[sayan.dg]

sorry for the late reply


it has been 12 hrs the dfrag is running... please wait i will post with results soon

[sayan.dg]

c:\>defrag c: -f
Windows Disk Defragmenter
Copyright © 2006 Microsoft Corp.

Defragmentation report for volume C:

Volume size = 224 GB
Free space = 33.11 GB
Largest free space extent = 3.57 GB
Percent file fragmentation = 1 %

Note: On NTFS volumes, file fragments larger than 64MB are not included in t
he fragmentation statistics

Defragmentation report for volume C:

Volume size = 224 GB
Free space = 13.56 GB
Largest free space extent = 176 MB
Percent file fragmentation = 0 %

Note: On NTFS volumes, file fragments larger than 64MB are not included in t
he fragmentation statistics

c:\>


NOTE :the disk space got reduced drastically

[sayan.dg]

the check disk report




Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
289024 file records processed.

1550 large file records processed.

0 bad file records processed.

0 EA records processed.

90 reparse records processed.

369248 index entries processed.

0 unindexed files processed.

289024 security descriptors processed.

Cleaning up 1936 unused index entries from index $SII of file 0x9.
Cleaning up 1936 unused index entries from index $SDH of file 0x9.
Cleaning up 1936 unused security descriptors.
40113 data files processed.

CHKDSK is verifying Usn Journal...
34903480 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
289008 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
3564367 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

234680288 KB total disk space.
219897308 KB in 240509 files.
117680 KB in 40114 indexes.
0 KB in bad sectors.
407828 KB in use by the system.
65536 KB occupied by the log file.
14257472 KB available on disk.

4096 bytes in each allocation unit.
58670072 total allocation units on disk.
3564368 allocation units available on disk.

Internal Info:
00 69 04 00 3a 48 04 00 3e 16 07 00 00 00 00 00 .i..:H..>.......
91 0c 00 00 5a 00 00 00 00 00 00 00 00 00 00 00 ....Z...........
04 00 00 00 a2 73 3a 77 a0 86 1f 00 90 8f 1f 00 .....s:w........

Windows has finished checking your disk.
Please wait while your computer restarts.

[sayan.dg]

Hello godawags

The Sayan folder has not returned /appeared on Users folder

I have traced some '$word files' in some folders.. shall i provide the location?

also there is a hidden desktop.ini in my computer' beside my DVD icon

also as already stated the Disk space has reduced drastically after defragmentation

Thanks

[godawgs]

The Sayan folder has not returned /appeared on Users folder

Acknowledged

I have traced some '$word files' in some folders.. shall i provide the location?

Please go to the folder containing the files. Click the Views menu at the top of the folder and click Details. Then scroll down to the files in question and post a screenshot of them.
Same thing with the files you mentioned earlier in the Downloads\Azureus folder.

also there is a hidden desktop.ini in my computer' beside my DVD icon

It's normal.

also as already stated the Disk space has reduced drastically after defragmentation

Acknowledged. System Restore in Vista is notorious for eating hard drive space. We will clear the old restore points and see if that solves the problem.

Other than the problem with the Sayan account, is the computer running OK. Are there any other issues?
I think everyone was out of pocket during the Thanksgiving break. I've left a message for the developer of OTL to see if he can shed any light on why the user's name on the OTL log is user.

Please get me a new OTL log.

• Open OTL on the desktop.
• Click the box beside Scan All Users
• Do Not click the box beside Include 64bit Scans
• Click the Run Scan button.
• Post the OTL.txt log in yoyr next reply

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question above.
2. The screenshots
3. The new OTL.txt log

[sayan.dg]

OTL logfile created on: 27-11-2012 22:45:57 - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

2.93 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 35.70% Memory free
6.08 Gb Paging File | 3.93 Gb Available in Paging File | 64.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.81 Gb Total Space | 13.92 Gb Free Space | 6.22% Space Free | Partition Type: NTFS
Drive D: | 9.07 Gb Total Space | 1.61 Gb Free Space | 17.78% Space Free | Partition Type: NTFS

Computer Name: SAYANLAPTOP-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-17 11:03:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012-10-26 13:17:52 | 000,079,384 | ---- | M] (Google) -- C:\Users\User\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-09-18 11:22:25 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012-08-17 20:19:11 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011-05-27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011-05-27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2009-09-29 08:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009-09-29 08:52:52 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009-04-11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-03-06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\WINDOWS\System32\atashost.exe
PRC - [2008-10-17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008-09-11 11:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008-08-01 21:01:11 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008-07-03 10:08:24 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008-06-27 15:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2008-04-16 07:24:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008-04-16 07:24:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008-03-27 07:57:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\System32\vfsFPService.exe
PRC - [2008-03-27 03:56:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2007-07-13 02:13:50 | 000,226,904 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2004-09-10 07:00:00 | 000,189,536 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe


========== Modules (No Company Name) ==========

MOD - [2012-11-14 08:26:27 | 012,460,648 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.14\PepperFlash\pepflashplayer.dll
MOD - [2012-11-14 08:26:27 | 000,460,392 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.14\ppGoogleNaClPluginChrome.dll
MOD - [2012-11-14 08:26:24 | 004,012,136 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.14\pdf.dll
MOD - [2012-11-14 08:25:35 | 000,598,120 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.14\libglesv2.dll
MOD - [2012-11-14 08:25:34 | 000,124,520 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.14\libegl.dll
MOD - [2012-11-14 08:25:31 | 001,553,000 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.14\ffmpegsumo.dll
MOD - [2012-05-25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011-03-31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2009-07-13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009-07-13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009-06-08 01:27:11 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009-01-12 16:50:42 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2009-01-12 16:50:42 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2009-01-12 16:50:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2009-01-12 16:50:40 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll


========== Services (SafeList) ==========

SRV - [2012-11-10 17:18:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-04-04 11:23:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-05-27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010-10-12 23:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009-09-29 08:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009-03-06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\WINDOWS\System32\atashost.exe -- (atashost)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-10-17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008-10-17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008-10-17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008-10-17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008-09-11 11:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008-09-05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008-08-01 21:01:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008-07-03 10:08:24 | 001,245,064 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008-06-27 15:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008-04-16 07:24:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008-03-27 07:57:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008-03-27 03:56:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-01-21 08:03:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-12-12 01:45:04 | 000,012,800 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007-08-22 12:51:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2004-09-10 07:00:00 | 000,189,536 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012-09-29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-09-12 13:30:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121126.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2012-09-12 13:30:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121126.020\NAVENG.SYS -- (NAVENG)
DRV - [2012-08-08 13:30:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012-08-08 13:30:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012-06-27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012-06-11 14:17:44 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012-06-11 14:17:44 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012-06-11 14:17:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012-06-11 14:17:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-10-18 03:52:24 | 000,286,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20121121.001\IDSvix86.sys -- (IDSvix86)
DRV - [2011-05-13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011-05-13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010-07-30 09:23:14 | 000,135,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\u302mdm.sys -- (u302mdm)
DRV - [2010-07-30 09:23:14 | 000,129,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\u302mgmt.sys -- (u302mgmt)
DRV - [2010-07-30 09:23:14 | 000,119,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\u302bus.sys -- (u302bus)
DRV - [2010-07-30 09:23:14 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\u302mdfl.sys -- (u302mdfl)
DRV - [2009-09-02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009-07-07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\purendis.sys -- (purendis)
DRV - [2009-07-07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009-02-19 11:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009-02-19 11:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009-02-19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009-02-19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009-02-19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009-02-19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2009-01-08 01:13:51 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008-11-21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008-09-11 11:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008-09-05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008-09-04 17:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008-08-05 15:48:18 | 000,011,520 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\SwSetup\sp42557\iscflash.sys -- (iscFlash)
DRV - [2008-07-30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008-06-04 23:24:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008-03-27 07:58:08 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008-02-01 05:21:00 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008-02-01 05:21:00 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008-02-01 05:21:00 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007-08-09 05:09:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007-07-11 23:00:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-06-19 05:42:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006-11-02 13:00:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2004-09-10 07:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\sentinel.sys -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\..\SearchScopes,DefaultScope = {40E0921F-0FE4-4836-B12F-0565D580B1FD}
IE - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\..\SearchScopes\{09999A52-CF31-4CE2-9154-FD4CAEACFB0B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\..\SearchScopes\{2BA04D11-8564-403A-B344-68B2683997B9}: "URL" = http://in.search.yah...&Submit1=Search
IE - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\..\SearchScopes\{40E0921F-0FE4-4836-B12F-0565D580B1FD}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...m=1&toolbar=VZ2
IE - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.0.3790
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009-10-22 18:14:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-17 20:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-17 20:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-11-24 00:02:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-11-24 00:02:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext [2009-10-22 18:14:11 | 000,000,000 | ---D | M]

[2009-07-14 23:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009-02-24 00:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2012-11-18 14:07:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6u0y3b3e.default\extensions
[2012-08-17 15:50:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6u0y3b3e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-08-04 22:48:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6u0y3b3e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012-11-18 14:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009-10-22 18:14:11 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES\DIGITALPERSONA\BIN\FIREFOXEXT
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012-08-17 20:20:43 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6U0Y3B3E.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC}
[2012-08-17 20:19:37 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2009-06-24 17:44:16 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009-06-24 17:44:16 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009-06-24 17:44:16 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009-06-24 17:44:16 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.14\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.14\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.14\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Woodark = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiallmdmonifegjibcalpdgnjaomkme\1_0\
CHR - Extension: Vuze Remote = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.13.20.300_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011-03-06 00:34:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3273286156-3480778537-3055062599-1003..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57A952AE-881C-4F89-9627-1D4EA5C788B9}: NameServer = 202.159.219.229,203.94.243.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDFC752B-05BB-48CC-966A-EE8C9707297C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-24 22:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012-11-24 22:11:03 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2012-11-24 22:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2012-11-24 00:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012-11-24 00:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012-11-19 02:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-11-19 02:22:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-11-19 02:19:17 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.65.1.1000.exe
[2012-11-18 17:08:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2012-11-18 14:06:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-11-17 11:03:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012-11-16 01:17:42 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2012-11-16 01:14:18 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
[2012-11-14 19:54:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012-11-14 19:54:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012-11-14 19:54:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012-11-14 19:54:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012-11-14 19:54:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012-11-14 19:54:38 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012-11-14 19:54:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012-11-14 19:54:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012-11-14 09:04:06 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012-11-14 09:03:28 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012-11-04 00:29:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2009-12-20 02:58:21 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009-12-20 02:58:20 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009-12-20 02:58:20 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009-12-20 02:58:20 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009-12-20 02:58:20 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe

========== Files - Modified Within 30 Days ==========

[2012-11-27 22:48:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-11-27 22:44:59 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-27 22:44:59 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-27 22:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-27 22:27:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3273286156-3480778537-3055062599-1003UA.job
[2012-11-27 20:48:16 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012-11-27 20:48:03 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-11-27 20:44:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-27 20:44:34 | 3149,090,816 | -HS- | M] () -- C:\hiberfil.sys
[2012-11-27 19:23:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012-11-27 14:10:07 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3273286156-3480778537-3055062599-1003UA.job
[2012-11-27 11:27:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3273286156-3480778537-3055062599-1003Core.job
[2012-11-27 05:10:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3273286156-3480778537-3055062599-1003Core.job
[2012-11-25 01:35:25 | 000,001,849 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Suite.lnk
[2012-11-23 11:51:46 | 000,016,389 | ---- | M] () -- C:\Users\User\Desktop\viewbill.pdf
[2012-11-23 10:43:23 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012-11-23 02:51:42 | 000,229,376 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-11-23 01:57:11 | 000,152,618 | ---- | M] () -- C:\Users\User\Desktop\september.pdf
[2012-11-23 01:55:48 | 000,152,615 | ---- | M] () -- C:\Users\User\Desktop\august.pdf
[2012-11-19 02:22:26 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-19 02:20:07 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.65.1.1000.exe
[2012-11-17 12:04:28 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2012-11-17 11:03:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012-11-16 01:18:19 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2012-11-16 01:14:08 | 000,673,280 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
[2012-11-15 12:31:27 | 000,002,095 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012-11-14 20:37:27 | 000,380,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-11-14 20:23:30 | 000,642,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-11-14 20:23:30 | 000,121,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-11-13 10:51:47 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012-11-12 21:55:02 | 000,175,456 | ---- | M] () -- C:\Users\User\Desktop\271807_1948921999112_1124442842_31834778_4268547_o.jpg
[2012-11-10 17:18:18 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-11-10 17:18:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012-11-25 01:35:25 | 000,001,849 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Suite.lnk
[2012-11-23 11:51:41 | 000,016,389 | ---- | C] () -- C:\Users\User\Desktop\viewbill.pdf
[2012-11-23 01:57:10 | 000,152,618 | ---- | C] () -- C:\Users\User\Desktop\september.pdf
[2012-11-23 01:55:48 | 000,152,615 | ---- | C] () -- C:\Users\User\Desktop\august.pdf
[2012-11-19 02:22:26 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-17 12:04:28 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2012-11-16 01:14:04 | 000,673,280 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
[2012-11-13 23:01:23 | 000,075,380 | ---- | C] () -- C:\Users\User\Desktop\4.jpg
[2012-11-12 21:53:58 | 000,175,456 | ---- | C] () -- C:\Users\User\Desktop\271807_1948921999112_1124442842_31834778_4268547_o.jpg
[2012-01-01 15:31:21 | 000,000,016 | ---- | C] () -- C:\Users\User\persistent_state
[2011-03-10 14:23:49 | 000,000,019 | ---- | C] () -- C:\Users\User\AppData\Roaming\graaruh
[2011-03-07 12:32:42 | 000,148,395 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2011-03-07 12:32:42 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011-03-03 16:59:49 | 000,034,816 | ---- | C] () -- C:\Windows\System32\drivers\rootrepeal.sys
[2011-03-03 12:40:41 | 000,000,094 | ---- | C] () -- C:\Windows\wininit.ini
[2011-02-28 17:59:24 | 000,000,008 | -H-- | C] () -- C:\Users\User\AppData\Roaming\mb_list.db
[2011-01-03 19:47:51 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010-11-30 19:51:51 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2010-10-31 23:12:09 | 000,006,710 | ---- | C] () -- C:\Users\User\AppData\Roaming\MhoraOptions.xml
[2009-12-20 02:54:32 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009-07-21 02:40:29 | 000,027,043 | ---- | C] () -- C:\Users\User\AppData\Roaming\UserTile.png
[2009-05-27 20:02:43 | 000,000,268 | R--- | C] () -- C:\ProgramData\Components
[2009-05-27 20:02:43 | 000,000,268 | R--- | C] () -- C:\Users\User\AppData\Roaming\Comedy Noises
[2009-05-27 20:02:43 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009-03-11 15:28:46 | 000,080,028 | ---- | C] () -- C:\Users\User\watch.htm
[2009-01-17 19:46:26 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009-01-07 06:21:35 | 000,229,376 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006-11-02 18:21:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 23:17:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 11:58:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 11:58:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F3AB0B43
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206E2596
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

[sayan.dg]

Hello Godawags!!!

The computer is running a bit slow and startup time has increased...
Also the disk space has increased to 32.5 GB on its own...
Am also getting an install driver software message on boot... this is a recent development since last 2 days ... i have attached a screen shot.



I am adding $word files screenshots










The contents of the folders Desktop/Sayan and C:/Users/User folder structures are same

[sayan.dg]

NOTE : due to same file structure the same file appears in 2 locations in screenshots
1. Untitled1 & Untitled1a
2. Untitled2 & Untitled2a
3. Untitled3 & Untitled3a

Thanks

[godawgs]

Hi sayan.dg,

Thanks for the screen shots. The OTL log is clean. The MalwareBytes and the ESET online scans were clean. I don't see anything malicious left on the system.

Now to the issue with the User folder, (instead of a folder named Sayan), in C:\Users. This is a new one for me. It deals with the operating system and not malware per se but since it's something I haven't run across before I wanted to know more about it. So after much research and talking with colleagues I understand what happened.

If you look in the C:\Users folder you will see a folder named User. This tells us that when you originally set the account up you named it User. And that's why the OTL log showed C:\Users\User.
Then at some point you changed the username from User to Sayan. When you change a user name on all NT based systems (XP, Vista, 7, 8) the system changes the username on the login screen and on the Start Menu but does not change the original folder name under C:\Users. It never has.
So the system is showing what it is supposed to show.
The Sayan folder appearing on the desktop was the result of the RogueKiller fix. Sometimes it has a senior moment and puts the Computer icon and the User's Files icon on the desktop. We can re-hide those.

As for the original problem with the recent programs not showing, it is likely just a setting in the Start Menu and Taskbar that has gotten unchecked. We can check that out.

As for the files that have recently shown up. They were always there. But windows is set by default not to show hidden system files and folders and to hide system operating files. When I had you show those items, the files became visible. We will re-hide them at cleanup and they won't show up anymore.

We haven't done anything that would install new hardware and require a driver. So unless you have installed something new I don't know why you are getting that message. You can open the Device Manager and see if you have any red X's or Yellow ?'s or !'s by any devices and maybe that will give you a hint.


This round we are gonna remove the Computer icon and the Sayan folder from the desktop and see if we can get the recent programs to show up in the Start Menu. Then we are gonna check the system for out dated programs and we'll be ready to start cleaning this puppy up.


Step-1.

Clear Desktop Icons

• Right click a blank area of the desktop and click Personalize on the context menu.
• On the Personalization window, under Tasks in the left column click Change Desktop icons
• On the Desktop Icon Settings page remove the check marks in the boxes beside Computer and User's Files. To do that simply click the boxes beside the name and the check mark should disappear.
• Click Apply and Ok and close the Personalization window.
  The Computer and Sayan folder icons should now be gone from the desktop.

Step-2.

Reset Recent Programs

• Right click on a blank area of the Taskbar and click Properties on the context menu. The Taskbar and Start Menu Properties window will open.
• Click the Start Menu tab.
• In the Privacy section, click the box beside Store and display a list of recently opened programs
• Click Apply and OK

Step-3.

Run Security Check

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Checkup.txt log

[sayan.dg]

Hello godawags!!!


A small query...Are the $word files normalwhen the files are not opened?

Here is the log you asked for :



Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (3.5) Firefox out of Date!
Google Chrome 24.0.1312.14
Google Chrome 24.0.1312.25
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````




THANKS

[sayan.dg]

The recent progrms have not returned

[godawgs]

A small query...Are the $word files normalwhen the files are not opened?

I don't use word but my understanding is that the $ files are hidden files and are only seen when the system is set to show hidden files. If you want to make sure, you can start a topic in the Applications forum when we are done and someone will be happy to clarify.

The recent progrms have not returned

I'm not sure what you are saying here. If the Store and display a list of recently opened programs box was not checked, there aren't any stored programs that will show up in the list.
Once you have checked the box, as you start to use programs they will be displayed in the list.

You have several programs that are security nightmares that need to be updated. Your Firefox is a very old version. The newest version is 17.0. Normally we would let FF update itself, but the version you have is prior to the last major revision the FF browser had so we will need to completely remove the 3.5 version before installing the new version.

NOTE: If you don't use Firefox and just want to completely uninstall it, go straight to B. under Step 1. and after clicking Uninstall in #3, tick the Remove my Firefox personal data and customizations box as well - this will delete all of your bookmarks and saved settings.


Step-1.

Completely Uninstall Firefox


A.

Back up the Firefox Bookmarks

• Open Firefox.
• Click Bookmarks on the Menu Bar and click Organize Bookmarks on the drop down menu. The Library page will open up.
• At the top of the Library page click the down arrow beside Import and Backup and click Export HTML. The Export Bookmarks File window will open.
• In the left column click Desktop. This will put the file on the desktop.
• Click the Save button. A file named bookmarks.html will be placed on the desktop.
• Click the down arrow beside Import and Backup again and this time click Backup... The Export Bookmarks File window will open.
• In the left column click Desktop
• Make note of the file name in the File name: box and click the Save button. This will put a file named bookmarks-XXXX-XX-XX.json on the desktop. (The X's are numbers representing the date)
• Close the Library page.
• Click Tools on the Menu Bar and click Options. The Options page will open up.
• Click the Manage Add-ons button. The add-ons page will open up.
• Click the Extensions icon at the top of the page and write down all of the Extensions in the list. Repeat for the Plugins. Don't worry about the ones like Java or Microsoft.Net, Firefox will add them automatically.
• Click the red X in the upper right hand corner to close the Add-ons window.
  Once you have reinstalled Fifefox you can go to the Mozilla site and reinstall the Extensions and Plugins.
  
  If you have any saved passwords complete the following. If you don't have any passwords saved, only do #14 and go to Unistall Firefox.
  
• Close Firefox
• Click the Start Orb. Right click Computer and click Explore. The Computer window wil open.
• In the left column, click Sayan then AppData then Roaming then Mozilla then Firefox then Profiles
• Under Profiles look for XXXXXXXX.default where the x's are 8 random numbers. This is the dafault profile. Click that folder to open it.
• Under the Name section, look for 2 files, one file named key3.db and another named signons.sqlite. Copy these two files to a backup location...like the desktop. Then when you have installed the new version you can copy them back to the XXXXXXXX.default folder and overwrite the existing files. This will get your passwords back.

B.

Uninstall Firefox

1. Click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Mozilla Firefox (3.5)

3. Right click on each program to highlight it and click Uninstall.
4. After the program(s) have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) in red (if present):

C:\Program Files\Mozilla Firefox
C:\Users\Sayan\AppData\Local\Mozilla
C:\Users\Sayan\AppData\Local\VirtualStore\Program Files\Mozilla Firefox
Delete all C:\WINDOWS\Prefetch\FIREFOX* files.

2. Close Windows Explorer.


C.

• Download the new version of Firefox Here and save it to the desktop.
• Right click the Firefox Setup 17.0.exe file and click Run as Administrator to install it.

Once you have installed the new FF:

• Open Firefox. If your Bookmarks are missing, complete the following:
• Click Bookmarks on the Menu Bar and click Organize Bookmarks on the drop down menu. The Library page will open up.
• At the top of the Library page click the down arrow beside Import and Backup and click Import HTML. The Import Wizard window will open.
• Click the radio button beside From an HTML file and click Next.
• The Import Bookmarks File window will open.
• Locate the bookmarks.html file on the desktop and click it. This will put it in the File name box. Click Open

This will restore your bookmarks.

If you have passwords that you want restored, follow #18 under Step A.


Step-2.

UPDATE JAVA
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

• Please download JavaRa to your desktop.
  • Click the Download button next to Legacy Version Version 1.1.6 to download JavaRA and unzip it to its own folder.
• Run JavaRa.exe
• Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. The most current version is Java SE 7u9.
  You want the Offline 32bit version, Windows x86 Offline 29.72 MB .
  • Click the link for the jre-7u9-windows-i586.exe file.

Step-3.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.

• Windows Vista /7 Users: Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
• Remove ALL instances of Adobe Reader
  • Adobe Reader 8
  • Adobe Reader 10.1.3
• Re-boot your computer as required.
• Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
• Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
• Click the Download Now button to download Adobe Reader and follow the directions.

Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the updates went.

[sayan.dg]

HI godawags

I'm not sure what you are saying here. If the Store and display a list of recently opened programs box was not checked, there aren't any stored programs that will show up in the list.
Once you have checked the box, as you start to use programs they will be displayed in the list.

The boxes were always checked and the number of programs was also NOT set to zero




I have removed firefox and updated Java and Adobe... there were several previous versions remaining...

The $word files are bit eerie as the windows system does not use word on its own and $word files are created usually when a word document is open and gets removed when it is closed...could be some unsaved versions of the document...i will check with applications section.

Awaiting Next instructions

Thanks

[godawgs]

Thanks, now I know what you were saying. I think we have a corrupt user profile here. Since you have already made the Sayan2 user profile and the Recent Programs work, let's transfer the needed files and folders from the Syan (User) profile and you should have everything back.

As for the $Word files, the Windows system does not use word on it's own, but when installed, Word integrates into the system. Just like IE is a part of the system. And like Windows Defender. Vista will not let you uninstall Windows Defender because Windows integrates Defender into the system. When we are finished and the hidden-system files are hidden again I think you will see everything back to the way it was.

Please carefully follow these directions. I would suggest printing them out so you will have them to look at.

Step-1.

Fix a Corrupted User Profile

Transfer Corrupted User's Files

• Log in to Windows with the Sayan user account.
• Click the Start Orb. Click Computer
• On the Computer window, double-click the primary drive of your computer (usually the "C:" drive).
• Double-click the C:\Users folder.
• Double-click the corrupted Windows user's folder,(This should be the C:\Users\USER folder),to show its contents in the right side of the window.
  • NOTE: If you get a warning that you don't have permissions to access that page, click Continue and you will be given access.
• Click the first file or folder listed at the top of the list in the corrupted user's folder. Press and hold the Shift keyboard key. Scroll to the bottom of the corrupted user's folder. Click the last file or folder in the list to simultaneously select it and all the rest of the files. Release the Shift key.
• Press and hold the Ctrl keyboard key. Click on the Ntuser.dat, Ntuser.ini and Ntuser.dat.log files to deselect them.
  • NOTE: There may be more than one Ntuser.dat.log file. Deselect them all.
• Release the Ctrl button. Right-click on a selected and highlighted file and click Copy. This will copy all of the files.
• At the top of the Computer window, click the back arrow. Right-click the new user's name, Sayan2.
  • NOTE: If you get a warning that you don't have permissions to access that page, click Continue and you will be given access.
• Click on Paste.
  • NOTE: When you get the warning asking if you want to overwrite the file or folder, check the box to allow all files/folders to be overwritten.
  This will copy all of the Sayan user files and folders (Documents, Downloads, Music, Pictures etc;) except the Ntuser files to the Sayan2 user profile.
  
• Log off of the Windows Sayan account.
• Log onto Windows using the Sayan2 account.
• Make sure you have the folders and that everything works.

After we have completed our cleanup, and you have confirmed that everything works OK in the Sayan2 user account you can go back to the Control Panel and delete the old Sayan account.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the transfer went.