Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Am getting a system error popups + nouveau dosseir shortcut is created


  • Please log in to reply

#1
vraghav

vraghav

    New Member

  • Member
  • Pip
  • 5 posts
Hi,

Am getting a system error-popups frequently (16 bit MS-DOS Subsystem Error - I've attached)

Every day nouveau dossier shortcut is created in certain folders even after deleting it everyday. And also my system has become very slow in responding

I downloaded the OTL and scanned the system. Please check below, I've copy pasted the scan results. There were actually two notepads open (OTL.Txt and Extras.Txt) - I've copy pasted both the results down.

--------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 3/18/2013 5:43:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.73% Memory free
4.29 Gb Paging File | 2.79 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 2504 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.55 Gb Free Space | 27.01% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 12.32 Gb Free Space | 31.53% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 6.04 Gb Free Space | 15.47% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 4.99 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 1.33 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
Drive H: | 19.52 Gb Total Space | 2.25 Gb Free Space | 11.53% Space Free | Partition Type: FAT32
Drive I: | 19.08 Gb Total Space | 4.81 Gb Free Space | 25.22% Space Free | Partition Type: FAT32
Drive J: | 4.88 Gb Total Space | 0.76 Gb Free Space | 15.68% Space Free | Partition Type: NTFS
Drive K: | 11.05 Gb Total Space | 2.84 Gb Free Space | 25.67% Space Free | Partition Type: NTFS

Computer Name: RAGHAV | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/18 17:42:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013/03/11 05:52:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/09 10:46:16 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/02/27 16:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2013/02/21 11:23:19 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/21 11:23:18 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/02/13 10:53:05 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 03:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/11/17 16:02:46 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/08 03:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/04 01:02:02 | 000,983,552 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/05/29 11:00:33 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2004/08/04 17:30:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/13 13:27:30 | 014,717,144 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/11 05:52:06 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/11 05:52:05 | 012,662,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/11 05:52:04 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/11 05:51:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/03/09 10:46:15 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/21 11:23:19 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/21 11:23:19 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/21 11:23:18 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
MOD - [2012/12/21 18:03:09 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\XSevenTo.dll
MOD - [2012/12/21 18:03:06 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\UniBytesCom.dll
MOD - [2012/12/21 18:03:04 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\rapidsharecom.dll
MOD - [2012/12/21 18:03:03 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\OronCom.dll
MOD - [2012/12/21 18:03:02 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\NetLoadIn.dll
MOD - [2012/12/21 18:03:01 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\MegaUploadCom.dll
MOD - [2012/12/21 18:02:57 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\LetItBitNet.dll
MOD - [2012/12/21 18:02:52 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\ExtaBitCom.dll
MOD - [2012/12/21 18:02:51 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\DepositFilesCom.dll
MOD - [2012/11/30 03:29:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/08/22 10:27:36 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\zidducom.dll
MOD - [2012/08/22 10:27:31 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\HotFileCom.dll
MOD - [2012/08/09 14:43:46 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\AddonsCondition.dll
MOD - [2012/08/09 14:41:48 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll
MOD - [2012/06/18 20:54:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2012/05/02 17:30:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2012/02/22 13:15:47 | 001,355,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
MOD - [2012/02/22 13:15:04 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2012/02/22 13:14:53 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
MOD - [2012/02/22 13:14:50 | 001,705,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
MOD - [2012/02/22 13:13:06 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2012/02/21 15:51:05 | 000,255,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
MOD - [2012/02/21 15:50:55 | 017,313,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\19644a754454916a619b68315e50b428\System.ServiceModel.ni.dll
MOD - [2012/02/21 15:50:26 | 002,338,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
MOD - [2012/02/21 15:50:08 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2012/02/21 15:49:56 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2012/02/21 15:49:29 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2012/02/21 15:47:38 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2012/02/21 15:47:29 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2012/02/21 15:41:46 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2006/10/26 13:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2004/08/04 17:30:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/04 17:30:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/13 13:27:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/09 10:46:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/21 11:23:18 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/05 03:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/11/19 17:58:33 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/17 16:02:46 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/17 17:42:33 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/25 08:47:04 | 008,176,640 | ---- | M] () [On_Demand | Stopped] -- F:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 07:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- F:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ew_hwusbdev)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013/02/21 11:23:19 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/10 03:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/08 03:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2010/12/30 15:19:40 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/10/09 13:00:36 | 000,039,520 | ---- | M] (NetSupport Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pcisys.sys -- (PCISys)
DRV - [2008/10/09 13:00:34 | 000,031,328 | ---- | M] (NetSupport Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gdihook5.sys -- (gdihook5)
DRV - [2007/04/14 13:58:58 | 000,094,592 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/09/12 16:57:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/08/04 17:30:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 17:30:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 17:30:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{7A143454-1876-4E17-948F-547C2CD12383}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-08-08 13:39:58&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: webrank-toolbar%40probcomp.com:4.4
FF - prefs.js..extensions.enabledAddons: daplinkchecker%40speedbit.com:1.0.0.8
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/03/06 11:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/21 11:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\DAP\daplinkchecker [2012/08/09 14:42:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012/08/09 14:42:30 | 000,000,000 | ---D | M]

[2012/01/04 10:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2013/03/11 10:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions
[2013/02/25 10:01:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/12/22 09:26:25 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012/11/07 10:42:49 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\[email protected]
[2012/08/04 12:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions
[2012/07/20 15:59:03 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/08/01 10:35:25 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2012/08/04 12:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\trash
[2012/06/19 10:32:44 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\[email protected]
[2013/03/11 10:55:43 | 000,275,665 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\[email protected]
[2013/02/25 10:09:22 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\[email protected]
[2012/12/05 18:29:37 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/08/04 12:41:44 | 001,621,801 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\[email protected]
[2012/03/12 15:55:47 | 000,164,858 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012/08/02 12:41:27 | 001,621,534 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\trash\[email protected]
[2013/03/09 10:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/09 14:42:31 | 000,000,000 | ---D | M] (DAP Link Checker) -- C:\PROGRAM FILES\DAP\DAPLINKCHECKER
[2013/03/09 10:46:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/21 11:24:05 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/01 10:15:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 12:00:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin8.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: DAP Link Checker = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.8_0\
CHR - Extension: Google Search = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.19_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: BitTorrentBar = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.19.11_0\
CHR - Extension: AVG Security Toolbar = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/16 15:45:48 | 000,000,871 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 88.80.4.19 senuke.com
O1 - Hosts: 88.80.4.19 www.senuke.com
O1 - Hosts: 88.80.4.19 updates.senuke.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\System File [Not Delete].vbe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Updates = C:\Documents and Settings\Admin\s4t4n\s4t4n.vbe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4530D278-5313-4554-B590-D8A63D4804D1}: NameServer = 125.22.47.125,202.56.250.5
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.pilsindia...s/pils-logo.png
O24 - Desktop Components:1 () - http://www.smiletemp...templates-b.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/05 14:06:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/03/09 16:57:10 | 000,000,000 | ---D | M] - D:\AutoPlay Media Studio 8.0.6.0 incl crack -- [ NTFS ]
O32 - AutoRun File - [2010/06/23 11:30:46 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/11 18:58:10 | 000,000,000 | ---D | M] - H:\Autoresponder -- [ FAT32 ]
O32 - AutoRun File - [2009/07/11 11:13:22 | 000,000,000 | ---D | M] - H:\Autorun files -- [ FAT32 ]
O33 - MountPoints2\{0136bd04-4a74-11e2-a1a2-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{0136bd04-4a74-11e2-a1a2-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0136bd04-4a74-11e2-a1a2-001966443ac8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript satan.vbe
O33 - MountPoints2\{0619b2bd-d306-11e1-a126-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{0619b2bd-d306-11e1-a126-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2930ad8d-1232-11df-869e-c0aba5dcf846}\Shell\AutoRun\command - "" = H:\DOBROJE///tudja.exe
O33 - MountPoints2\{2930ad8d-1232-11df-869e-c0aba5dcf846}\Shell\explore\command - "" = H:\DOBROJE///tudja.exe
O33 - MountPoints2\{2930ad8d-1232-11df-869e-c0aba5dcf846}\Shell\open\command - "" = H:\DOBROJE///tudja.exe
O33 - MountPoints2\{4d703904-1a64-11df-a328-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{4d703904-1a64-11df-a328-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4c13023-5c72-11e2-a1b5-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{a4c13023-5c72-11e2-a1b5-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4c13023-5c72-11e2-a1b5-001966443ac8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript satan.vbe
O33 - MountPoints2\{c2aae0f8-bf65-11e1-a10b-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{c2aae0f8-bf65-11e1-a10b-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d31edb28-69d6-11e2-a1c1-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{d31edb28-69d6-11e2-a1c1-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d31edb28-69d6-11e2-a1c1-001966443ac8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript satan.vbe
O33 - MountPoints2\{dce3bcb6-2040-11df-a32a-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{dce3bcb6-2040-11df-a32a-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/16 10:25:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013/03/12 13:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\VMware
[2013/03/12 13:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2013/03/09 11:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\KeywordMapPro
[2013/03/09 10:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/06 13:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/03/06 11:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/03/04 17:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\thickbox
[2013/03/04 14:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\WPML
[2013/03/04 13:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\wpml-cms.2.4.2
[2013/02/28 12:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\wp-cart-for-digital-products
[2013/02/27 17:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\woocommerce-product-addons
[2013/02/26 16:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\gravity_forms_addons
[2013/02/26 16:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\WooCommerce.Gravity
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 17:43:15 | 000,000,632 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Product InstallerIdle.job
[2013/03/18 17:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/18 17:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/18 16:58:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-606747145-1801674531-1003UA.job
[2013/03/18 14:29:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/18 13:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/18 10:59:57 | 113,733,147 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/03/18 10:58:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-606747145-1801674531-1003Core.job
[2013/03/18 10:57:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/18 10:56:50 | 004,688,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/18 10:55:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/18 10:55:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/18 10:55:20 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/16 11:25:11 | 000,696,745 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\happy_birthday_kirana.png
[2013/03/16 11:25:11 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2013/03/16 11:11:10 | 000,205,175 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\il_fullxfull.316730902.jpg
[2013/03/16 11:07:35 | 000,201,972 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Nirthday-cake-happy.jpg
[2013/03/13 10:55:24 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\pcisys.ntk
[2013/03/09 17:21:56 | 000,078,156 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\a.pdf
[2013/03/09 15:05:39 | 000,008,879 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiologist-bangalore.csv
[2013/03/09 14:08:58 | 000,006,807 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiologist india.csv
[2013/03/09 14:06:14 | 000,013,995 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiovascular surgeon.csv
[2013/03/09 14:02:32 | 000,002,805 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiovascular-surgeon-india.csv
[2013/03/09 13:49:40 | 000,005,386 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiologist.csv
[2013/03/05 12:20:26 | 000,238,684 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\EBS-API_Guide_V1.1(Beta) (6).pdf
[2013/03/04 18:24:38 | 001,070,596 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\thickbox.rar
[2013/03/04 14:00:53 | 001,534,500 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\WPML.rar
[2013/03/04 13:51:12 | 001,036,116 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\wpml-cms.2.4.2.zip
[2013/03/02 17:37:41 | 000,328,793 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/03/01 16:38:20 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/01 13:28:02 | 000,035,209 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\woocommerce.css
[2013/02/27 18:38:30 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\spacer.gif
[2013/02/27 17:38:55 | 000,020,486 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\woocommerce-product-addons.zip
[2013/02/26 16:58:18 | 001,280,206 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\gravity_forms_addons.zip
[2013/02/26 16:55:52 | 001,586,201 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\WooCommerce.Gravity.zip
[2013/02/25 16:37:54 | 000,008,543 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\download-brochure1.png
[2013/02/25 14:32:12 | 000,039,113 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\pccw-prospectus.png
[2013/02/25 11:29:11 | 000,388,026 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\PrivateContent_v2.33.rar
[2013/02/21 11:23:19 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/18 10:55:20 | 004,688,448 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/16 11:25:06 | 000,696,745 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\happy_birthday_kirana.png
[2013/03/16 11:11:09 | 000,205,175 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\il_fullxfull.316730902.jpg
[2013/03/16 11:07:34 | 000,201,972 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Nirthday-cake-happy.jpg
[2013/03/12 14:55:45 | 000,024,119 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\HUMOUR.vbe
[2013/03/12 14:55:45 | 000,024,119 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\System File [Not Delete].vbe
[2013/03/09 17:21:56 | 000,078,156 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\a.pdf
[2013/03/09 14:08:58 | 000,006,807 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiologist india.csv
[2013/03/09 14:06:14 | 000,013,995 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiovascular surgeon.csv
[2013/03/09 14:02:32 | 000,002,805 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiovascular-surgeon-india.csv
[2013/03/09 13:52:47 | 000,008,879 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiologist-bangalore.csv
[2013/03/09 13:48:46 | 000,005,386 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiologist.csv
[2013/03/06 13:27:56 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 13:27:56 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/05 12:20:25 | 000,238,684 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\EBS-API_Guide_V1.1(Beta) (6).pdf
[2013/03/04 18:24:37 | 001,070,596 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\thickbox.rar
[2013/03/04 14:00:51 | 001,534,500 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\WPML.rar
[2013/03/04 13:50:56 | 001,036,116 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\wpml-cms.2.4.2.zip
[2013/03/01 13:28:00 | 000,035,209 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\woocommerce.css
[2013/02/27 18:38:26 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\spacer.gif
[2013/02/27 17:38:53 | 000,020,486 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\woocommerce-product-addons.zip
[2013/02/26 16:58:17 | 001,280,206 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\gravity_forms_addons.zip
[2013/02/26 16:55:31 | 001,586,201 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\WooCommerce.Gravity.zip
[2013/02/25 16:37:53 | 000,008,543 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\download-brochure1.png
[2013/02/25 14:32:12 | 000,039,113 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\pccw-prospectus.png
[2013/02/25 11:29:10 | 000,388,026 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\PrivateContent_v2.33.rar
[2012/12/06 15:43:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\~wmrg
[2012/12/04 14:33:22 | 000,027,128 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\phpdesigner.xml
[2012/11/08 11:29:45 | 000,000,171 | ---- | C] () -- C:\WINDOWS\Nudi.INI
[2012/11/08 11:18:51 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/09/27 13:48:30 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Admin\d6fd9e4a
[2012/09/27 13:43:52 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Admin\da91c9ba
[2012/09/27 13:38:14 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Admin\32a07986
[2012/09/27 13:36:33 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Admin\9f22a59d
[2012/09/27 13:36:04 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Admin\401e455
[2012/09/10 13:16:57 | 000,136,507 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2012/09/10 13:16:57 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2012/08/13 12:33:23 | 000,000,132 | RHS- | C] () -- C:\WINDOWS\CTA1STET.BIN
[2012/08/13 10:54:12 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\dt.dat
[2012/08/09 14:42:29 | 000,109,256 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/08/09 14:42:29 | 000,090,824 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/08/03 11:40:06 | 000,001,000 | R--- | C] () -- C:\Documents and Settings\All Users\systemCP.$dk
[2012/07/20 17:54:40 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2012/07/20 17:52:21 | 000,042,483 | ---- | C] () -- C:\WINDOWS\Icccodes.dat
[2012/07/20 17:52:21 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2012/07/20 17:52:21 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2012/07/17 17:16:28 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/07/14 15:24:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2012/06/16 12:07:39 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jesterrun.dll
[2012/05/05 18:21:10 | 001,756,655 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-606747145-1801674531-1003-0.dat
[2012/05/05 18:21:10 | 001,141,280 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat~
[2012/04/23 13:25:07 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Cracklock.settings
[2012/02/09 17:14:30 | 001,130,410 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/04 15:44:33 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\keyfile3.drm
[2012/01/04 13:36:13 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Adobe PNG Format CS5 Prefs
[2012/01/04 13:13:26 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/04/08 17:26:44 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/08 17:26:44 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0804BAF8CD.sys
[2010/02/19 04:01:05 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/02/09 13:34:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 18:20:52 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/04 17:30:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 17:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/06 15:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Apowersoft
[2012/12/04 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Articulate
[2012/07/17 14:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG
[2012/05/02 16:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG Secure Search
[2012/05/02 16:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG2012
[2012/11/08 11:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Baraha Software
[2013/03/16 16:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BitTorrent
[2012/12/12 11:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.prezi.PreziDesktop
[2012/10/30 12:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.webdimensions.viralimagecuratorpro
[2013/01/08 17:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DevPHP
[2012/08/21 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\e
[2013/03/16 18:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FileZilla
[2012/08/16 15:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\IBP
[2012/08/11 15:13:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Admin\Application Data\IFViewer
[2012/06/11 16:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\IGC
[2010/03/19 10:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\NetSupport
[2012/01/27 18:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Notepad++
[2012/06/20 18:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Oracle
[2012/12/04 14:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\phpDesigner
[2012/12/04 14:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PicEdit
[2012/08/16 13:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Rovio
[2012/12/04 15:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Schoolhouse Technologies
[2012/12/04 14:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SmartDraw
[2012/12/12 14:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sublime Text 2
[2013/02/06 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TechSmith
[2012/02/15 19:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TeraCopy
[2012/02/11 11:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Thinstall
[2012/02/22 11:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ubot
[2012/05/29 16:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\XNote Stopwatch
[2012/08/30 11:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\You2bApp
[2012/02/13 13:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Youtube Downloader HD
[2012/06/16 12:10:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3rd Eye Solutions
[2012/06/26 16:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\airtel
[2012/05/02 16:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/09 13:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/28 14:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/02 16:26:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/12/11 17:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2013/03/06 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/19 10:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetSupport
[2012/08/21 13:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\phpDesigner
[2013/02/08 12:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/08/30 11:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SomeProduct
[2012/08/09 14:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/03/15 16:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2013/01/30 11:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/04 14:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3455479

< End of report >

OTL Extras logfile created on: 3/18/2013 5:43:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.73% Memory free
4.29 Gb Paging File | 2.79 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 2504 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.55 Gb Free Space | 27.01% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 12.32 Gb Free Space | 31.53% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 6.04 Gb Free Space | 15.47% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 4.99 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 1.33 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
Drive H: | 19.52 Gb Total Space | 2.25 Gb Free Space | 11.53% Space Free | Partition Type: FAT32
Drive I: | 19.08 Gb Total Space | 4.81 Gb Free Space | 25.22% Space Free | Partition Type: FAT32
Drive J: | 4.88 Gb Total Space | 0.76 Gb Free Space | 15.68% Space Free | Partition Type: NTFS
Drive K: | 11.05 Gb Total Space | 2.84 Gb Free Space | 25.67% Space Free | Partition Type: NTFS

Computer Name: RAGHAV | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"F:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe" = F:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6
"_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension
"{0084B0C3-F376-42E3-804A-885D249282BD}" = CorelDRAW Graphics Suite X6 - IPM
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07EA4E9F-BD35-4F38-9809-D825B772B833}" = Image Optimizer 3.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C93D216-E9C1-4089-807F-D2E10ED1630E}" = CorelDRAW Graphics Suite X6 - EN
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21C4741D-6DAA-498D-8317-7C4549A51019}" = Articulate Studio '09 Pro
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{25D69CEE-3EE2-47FD-9A0E-5013240EC953}" = CorelDRAW Graphics Suite X6 - Common
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C365981-03D8-4006-969D-3ED92E255CCA}" = Schoolhouse Test 3
"{2F3A3B57-8AB4-4136-8FD2-96A77D5183C1}" = AVG 2012
"{318FF3D7-0C40-483B-AF92-AF36416B0AC6}" = CorelDRAW Graphics Suite X6 - Writing Tools
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E5131E9-1241-4E43-8036-E870C0DEDD97}" = Articulate Studio '09 Pro
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{44A31720-8DC7-478C-9737-1054A698434B}" = Video Shadow
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 - Setup Files
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{579CA850-B2C3-43F3-A3F6-3A0AE42E8225}" = CorelDRAW Graphics Suite X6 - FontNav
"{5A52C32C-6F99-4732-B088-19228D1D3CF2}" = Articulate Studio '09 Pro
"{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61}" = CorelDRAW Graphics Suite X6 - Custom Data
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BEC144-7029-4BF4-B3F2-FA231FB9F84B}" = CorelDRAW Graphics Suite X6 - Redist
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F53FB68-6620-423E-B7CD-B8205655B421}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74FA94F1-9566-4252-9372-E7EAFFEFE209}" = CorelDRAW Graphics Suite X6 - Capture
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F}" = CorelDRAW Graphics Suite X6 - Filters
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}" = Snagit 11
"{7CCD75BD-5528-4FE1-90D2-392D661A2BF1}" = CorelDRAW Graphics Suite X6 - VSTA
"{7F9F6864-8CAB-440C-AF44-030D0135666D}" = CorelDRAW Graphics Suite X6
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{879E2460-18F9-48F2-B736-4E814A699504}" = CorelDRAW Graphics Suite X6 - VBA
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9209821A-9C57-C38A-9F74-7129BCE104B8}" = Viral Image Curator Pro
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AD99658D-C90E-4C24-86AA-A5B47F98575B}" = Articulate Studio '09 Pro
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1" = Streaming Audio Recorder V2.5.2
"{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAB89D31-4C55-472B-8909-6CBE2CC276B1}" = Microsoft Visual Basic for Applications 7.1 (x86) English
"{BBFDD98A-16DB-4A78-82A3-12ECCA29F1B0}" = AVG 2012
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5262276-0075-498B-B80F-7D997482E4DB}" = CorelDRAW Graphics Suite X6 - Draw
"{C619A1DC-8EE4-4BD2-82AB-D9424A23E42A}" = Auto Blog Samurai
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CA}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4A17D31-2F7B-4682-AD57-467021452909}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin
"{D4EFC6B7-3DA5-400D-9682-9BE287A5440E}" = CorelDRAW Graphics Suite X6 - Connect
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DF8D5A-2160-402B-819F-A5A964215528}_is1" = RegistryNuke 2012 version 2.0.0.90
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDFEB503-D662-4224-82C9-37A5698FDC25}" = CorelDRAW Graphics Suite X6 - VideoBrowser
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAC44ADF-D812-4EA4-BCD6-B7EDCB22898A}" = Math Resource Studio 5
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"Baraha 8.0_is1" = Baraha 8.0
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CCleaner Business Edition ( NavyCrack ) 3.14" = CCleaner Business Edition ( NavyCrack ) 3.14
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.webdimensions.viralimagecuratorpro" = Viral Image Curator Pro
"Cracklock_is1" = Cracklock 3.9.44
"DevPHP" = Dev-PHP
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.6.0.2
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"iWisoft Free Video Downloader_is1" = iWisoft Free Video Downloader 2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS Word Save Dot As Doc Software_is1" = MS Word Save Dot As Doc Software
"Notepad++" = Notepad++
"Nudi 4.0" = Nudi 4.0
"RealPlayer 12.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"Sublime Text 2_is1" = Sublime Text 2.0.1
"VLC media player" = VLC media player 2.0.5
"WampServer 2_is1" = WampServer 2.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"WinArchiver" = WinArchiver
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP 1.8.1
"XNote Stopwatch" = XNote Stopwatch

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"065b42c809538e1c" = Update or Uninstall SENukeX
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2013 7:32:56 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Do you already have another mysqld server running on port: 3306 ? For
more information, see Help and Support Center at http://www.mysql.com.

Error - 1/9/2013 7:32:56 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



Error - 1/9/2013 7:33:31 AM | Computer Name = RAGHAV | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> (OS 10048)Only
one usage of each socket address (protocol/network address/port) is normally permitted.
: make_sock: could not bind to address 0.0.0.0:80 .

Error - 1/9/2013 7:33:31 AM | Computer Name = RAGHAV | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> no listening
sockets available, shutting down .

Error - 1/9/2013 7:33:31 AM | Computer Name = RAGHAV | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Unable
to open logs .

Error - 1/9/2013 7:33:33 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Can't start server: Bind on TCP/IP port: No such file or directory

For
more information, see Help and Support Center at http://www.mysql.com.

Error - 1/9/2013 7:33:33 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Do you already have another mysqld server running on port: 3306 ? For
more information, see Help and Support Center at http://www.mysql.com.

Error - 1/9/2013 7:33:33 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



Error - 1/21/2013 6:41:21 AM | Computer Name = RAGHAV | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application dap.exe, version 10.0.3.5, stamp 4ff2cd6b, faulting
module ntdll.dll, version 5.1.2600.2180, stamp 411096b4, debug? 0, fault address
0x00043345.

Error - 2/9/2013 2:36:46 AM | Computer Name = RAGHAV | Source = Application Error | ID = 1000
Description = Faulting application httpd.exe, version 2.4.3.0, faulting module libapr-1.dll,
version 1.4.6.0, fault address 0x00013583.

[ OSession Events ]
Error - 7/24/2011 5:23:30 AM | Computer Name = ADMIN-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16022
seconds with 5580 seconds of active time. This session ended with a crash.

Error - 1/29/2013 4:34:18 AM | Computer Name = RAGHAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1147
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/12/2013 1:32:38 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 3/12/2013 3:56:38 AM | Computer Name = RAGHAV | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The system cannot find the path specified. .

Error - 3/12/2013 3:56:38 AM | Computer Name = RAGHAV | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Adobe\Adobe
Dreamweaver CS6\Dreamweaver.exe. Reference error message: The operation completed
successfully. .

Error - 3/12/2013 3:58:29 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 3/13/2013 1:26:13 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 3/13/2013 1:27:55 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 3/14/2013 1:05:13 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 3/14/2013 1:06:33 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.

Error - 3/15/2013 11:42:31 PM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 3/18/2013 1:25:58 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2


< End of report >

Attached Thumbnails

  • 16 bit MS-DOS Subsystem Error.JPG

Edited by vraghav, 18 March 2013 - 06:42 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (ew_hwusbdev)
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
O1 - Hosts: 88.80.4.19 senuke.com
O1 - Hosts: 88.80.4.19 www.senuke.com
O1 - Hosts: 88.80.4.19 updates.senuke.com
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\System File [Not Delete].vbe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Updates = C:\Documents and Settings\Admin\s4t4n\s4t4n.vbe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O32 - AutoRun File - [2013/03/09 16:57:10 | 000,000,000 | ---D | M] - D:\AutoPlay Media Studio 8.0.6.0 incl crack -- [ NTFS ]
O32 - AutoRun File - [2008/09/11 18:58:10 | 000,000,000 | ---D | M] - H:\Autoresponder -- [ FAT32 ]
O32 - AutoRun File - [2009/07/11 11:13:22 | 000,000,000 | ---D | M] - H:\Autorun files -- [ FAT32 ]
O33 - MountPoints2\{0136bd04-4a74-11e2-a1a2-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{0136bd04-4a74-11e2-a1a2-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0136bd04-4a74-11e2-a1a2-001966443ac8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript satan.vbe
O33 - MountPoints2\{0619b2bd-d306-11e1-a126-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{0619b2bd-d306-11e1-a126-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2930ad8d-1232-11df-869e-c0aba5dcf846}\Shell\AutoRun\command - "" = H:\DOBROJE///tudja.exe
O33 - MountPoints2\{2930ad8d-1232-11df-869e-c0aba5dcf846}\Shell\explore\command - "" = H:\DOBROJE///tudja.exe
O33 - MountPoints2\{2930ad8d-1232-11df-869e-c0aba5dcf846}\Shell\open\command - "" = H:\DOBROJE///tudja.exe
O33 - MountPoints2\{4d703904-1a64-11df-a328-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{4d703904-1a64-11df-a328-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4c13023-5c72-11e2-a1b5-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{a4c13023-5c72-11e2-a1b5-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a4c13023-5c72-11e2-a1b5-001966443ac8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript satan.vbe
O33 - MountPoints2\{c2aae0f8-bf65-11e1-a10b-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{c2aae0f8-bf65-11e1-a10b-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d31edb28-69d6-11e2-a1c1-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{d31edb28-69d6-11e2-a1c1-001966443ac8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d31edb28-69d6-11e2-a1c1-001966443ac8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript satan.vbe
O33 - MountPoints2\{dce3bcb6-2040-11df-a32a-001966443ac8}\Shell - "" = AutoRun
O33 - MountPoints2\{dce3bcb6-2040-11df-a32a-001966443ac8}\Shell\AutoRun - "" = Auto&Play
[2013/03/18 10:57:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/03/12 14:55:45 | 000,024,119 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\HUMOUR.vbe
[2013/03/12 14:55:45 | 000,024,119 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\System File [Not Delete].vbe
[2012/09/27 13:48:30 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Admin\d6fd9e4a
[2012/09/27 13:43:52 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Admin\da91c9ba
[2012/09/27 13:38:14 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Admin\32a07986
[2012/09/27 13:36:33 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Admin\9f22a59d
[2012/09/27 13:36:04 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Admin\401e455
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3455479

:files
H:\DOBROJE
C:\Documents and Settings\Admin\s4t4n
C:\autorun.inf
C:\Windows\Syste32\Wind0wS.vbe

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
[-HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA"=-

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
s4t4n.vbe
satan.vbe
Nouveau dossier.lnk
HUMOUR.vbe
autorun.inf
Wind0wS.vbe
tudja.exe
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
vraghav

vraghav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Dear Ron,

The first log, am pasting it below:

========== OTL ==========
Service huawei_ext_ctrl stopped successfully!
Service huawei_ext_ctrl deleted successfully!
Service huawei_enumerator stopped successfully!
Service huawei_enumerator deleted successfully!
Service huawei_cdcecm stopped successfully!
Service huawei_cdcecm deleted successfully!
Service huawei_cdcacm stopped successfully!
Service huawei_cdcacm deleted successfully!
Service ew_usbenumfilter stopped successfully!
Service ew_usbenumfilter deleted successfully!
Service ew_hwusbdev stopped successfully!
Service ew_hwusbdev deleted successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
88.80.4.19 senuke.com removed from HOSTS file successfully
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\System File [Not Delete].vbe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Updates deleted successfully.
C:\Documents and Settings\Admin\s4t4n\s4t4n.vbe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\consentpromptbehavioradmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File  not found.
File  not found.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0136bd04-4a74-11e2-a1a2-001966443ac8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0136bd04-4a74-11e2-a1a2-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0136bd04-4a74-11e2-a1a2-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0136bd04-4a74-11e2-a1a2-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0136bd04-4a74-11e2-a1a2-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0136bd04-4a74-11e2-a1a2-001966443ac8}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript satan.vbe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0619b2bd-d306-11e1-a126-001966443ac8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0619b2bd-d306-11e1-a126-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0619b2bd-d306-11e1-a126-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0619b2bd-d306-11e1-a126-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2930ad8d-1232-11df-869e-c0aba5dcf846}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2930ad8d-1232-11df-869e-c0aba5dcf846}\ not found.
File H:\DOBROJE///tudja.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2930ad8d-1232-11df-869e-c0aba5dcf846}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2930ad8d-1232-11df-869e-c0aba5dcf846}\ not found.
File H:\DOBROJE///tudja.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2930ad8d-1232-11df-869e-c0aba5dcf846}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2930ad8d-1232-11df-869e-c0aba5dcf846}\ not found.
File H:\DOBROJE///tudja.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d703904-1a64-11df-a328-001966443ac8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d703904-1a64-11df-a328-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d703904-1a64-11df-a328-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d703904-1a64-11df-a328-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4c13023-5c72-11e2-a1b5-001966443ac8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4c13023-5c72-11e2-a1b5-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4c13023-5c72-11e2-a1b5-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4c13023-5c72-11e2-a1b5-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4c13023-5c72-11e2-a1b5-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4c13023-5c72-11e2-a1b5-001966443ac8}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript satan.vbe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2aae0f8-bf65-11e1-a10b-001966443ac8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2aae0f8-bf65-11e1-a10b-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2aae0f8-bf65-11e1-a10b-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2aae0f8-bf65-11e1-a10b-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31edb28-69d6-11e2-a1c1-001966443ac8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31edb28-69d6-11e2-a1c1-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31edb28-69d6-11e2-a1c1-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31edb28-69d6-11e2-a1c1-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31edb28-69d6-11e2-a1c1-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31edb28-69d6-11e2-a1c1-001966443ac8}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript satan.vbe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dce3bcb6-2040-11df-a32a-001966443ac8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dce3bcb6-2040-11df-a32a-001966443ac8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dce3bcb6-2040-11df-a32a-001966443ac8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dce3bcb6-2040-11df-a32a-001966443ac8}\ not found.
C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job moved successfully.
C:\Documents and Settings\All Users\Documents\HUMOUR.vbe moved successfully.
File C:\Documents and Settings\Admin\Start Menu\Programs\Startup\System File [Not Delete].vbe not found.
C:\Documents and Settings\Admin\d6fd9e4a moved successfully.
C:\Documents and Settings\Admin\da91c9ba moved successfully.
C:\Documents and Settings\Admin\32a07986 moved successfully.
C:\Documents and Settings\Admin\9f22a59d moved successfully.
C:\Documents and Settings\Admin\401e455 moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E3455479 deleted successfully.
========== FILES ==========
File\Folder H:\DOBROJE not found.
C:\Documents and Settings\Admin\s4t4n folder moved successfully.
File\Folder C:\autorun.inf not found.
File\Folder C:\Windows\Syste32\Wind0wS.vbe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\EnableLUA not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Admin
->Flash cache emptied: 59187 bytes
 
User: All Users
 
User: Birungueta
 
User: Default User
->Flash cache emptied: 58264 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: Admin
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Birungueta
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03202013_130209

  • 0

#4
vraghav

vraghav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Dear Ron,

This is OTL code:

OTL logfile created on: 3/20/2013 1:11:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.18% Memory free
4.29 Gb Paging File | 3.57 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): C:\pagefile.sys 2504 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.52 Gb Free Space | 26.93% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 12.42 Gb Free Space | 31.80% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 6.04 Gb Free Space | 15.47% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 4.99 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 1.33 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
Drive H: | 19.52 Gb Total Space | 2.25 Gb Free Space | 11.53% Space Free | Partition Type: FAT32
Drive I: | 19.08 Gb Total Space | 4.81 Gb Free Space | 25.22% Space Free | Partition Type: FAT32
Drive J: | 4.88 Gb Total Space | 0.76 Gb Free Space | 15.68% Space Free | Partition Type: NTFS
Drive K: | 11.05 Gb Total Space | 2.84 Gb Free Space | 25.67% Space Free | Partition Type: NTFS
 
Computer Name: RAGHAV | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/03/18 17:42:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013/03/09 10:46:16 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/02/27 16:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2013/02/21 11:23:19 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/21 11:23:18 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/02/13 10:53:05 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 03:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/11/17 16:02:46 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/08 03:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/04 01:02:02 | 000,983,552 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2012/05/29 11:00:33 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2004/08/04 17:30:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/03/09 10:46:15 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/21 11:23:19 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/21 11:23:19 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/21 11:23:18 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
MOD - [2012/12/21 18:03:09 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\XSevenTo.dll
MOD - [2012/12/21 18:03:06 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\UniBytesCom.dll
MOD - [2012/12/21 18:03:03 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\OronCom.dll
MOD - [2012/12/21 18:03:02 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\NetLoadIn.dll
MOD - [2012/12/21 18:03:01 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\MegaUploadCom.dll
MOD - [2012/12/21 18:02:51 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\DepositFilesCom.dll
MOD - [2012/08/22 10:27:36 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.1_0\zidducom.dll
MOD - [2012/08/09 14:43:46 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\AddonsCondition.dll
MOD - [2012/08/09 14:41:48 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll
MOD - [2012/06/18 20:54:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2012/05/02 17:30:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2012/02/22 13:15:47 | 001,355,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
MOD - [2012/02/22 13:15:04 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2012/02/22 13:14:50 | 001,705,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
MOD - [2012/02/22 13:13:06 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2012/02/21 15:51:05 | 000,255,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
MOD - [2012/02/21 15:50:55 | 017,313,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\19644a754454916a619b68315e50b428\System.ServiceModel.ni.dll
MOD - [2012/02/21 15:50:26 | 002,338,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
MOD - [2012/02/21 15:50:08 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2012/02/21 15:49:56 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2012/02/21 15:49:29 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2012/02/21 15:47:38 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2012/02/21 15:47:29 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2004/08/04 17:30:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/13 13:27:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/09 10:46:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/21 11:23:18 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/05 03:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/11/19 17:58:33 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/17 16:02:46 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/17 17:42:33 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/25 08:47:04 | 008,176,640 | ---- | M] () [On_Demand | Stopped] -- F:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 07:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- F:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2013/02/21 11:23:19 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/10 03:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/08 03:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2010/12/30 15:19:40 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/10/09 13:00:36 | 000,039,520 | ---- | M] (NetSupport Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pcisys.sys -- (PCISys)
DRV - [2008/10/09 13:00:34 | 000,031,328 | ---- | M] (NetSupport Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gdihook5.sys -- (gdihook5)
DRV - [2007/04/14 13:58:58 | 000,094,592 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/09/12 16:57:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/08/04 17:30:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 17:30:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 17:30:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{7A143454-1876-4E17-948F-547C2CD12383}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={90BD74EE-B82C-46CB-AD27-E0686DBD0AD4}&mid=a7cb444c8a5c47d0835bd15020a0d33b-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=pr&d=2012-08-08 13:39:58&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: webrank-toolbar%40probcomp.com:4.4
FF - prefs.js..extensions.enabledAddons: daplinkchecker%40speedbit.com:1.0.0.8
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/03/06 11:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/21 11:23:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\DAP\daplinkchecker [2012/08/09 14:42:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 10:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012/08/09 14:42:30 | 000,000,000 | ---D | M]
 
[2012/01/04 10:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2013/03/11 10:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions
[2013/02/25 10:01:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/12/22 09:26:25 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012/11/07 10:42:49 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\[email protected]
[2012/08/04 12:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions
[2012/07/20 15:59:03 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/08/01 10:35:25 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2012/08/04 12:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\trash
[2012/06/19 10:32:44 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\[email protected]
[2013/03/11 10:55:43 | 000,275,665 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\[email protected]
[2013/02/25 10:09:22 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\[email protected]
[2012/12/05 18:29:37 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\bdndmzjl.default-1345623687000\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/08/04 12:41:44 | 001,621,801 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\[email protected]
[2012/03/12 15:55:47 | 000,164,858 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012/08/02 12:41:27 | 001,621,534 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\m9rlt8v9.default\extensions\trash\[email protected]
[2013/03/09 10:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/09 14:42:31 | 000,000,000 | ---D | M] (DAP Link Checker) -- C:\PROGRAM FILES\DAP\DAPLINKCHECKER
[2013/03/09 10:46:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/21 11:24:05 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/01 10:15:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 12:00:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin8.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: DAP Link Checker = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.8_0\
CHR - Extension: Google Search = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.19_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: BitTorrentBar = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.19.11_0\
CHR - Extension: AVG Security Toolbar = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/03/20 13:02:11 | 000,001,446 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4530D278-5313-4554-B590-D8A63D4804D1}: NameServer = 125.22.47.125,202.56.250.5
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.pilsindia.com/images/pils-logo.png
O24 - Desktop Components:1 () - http://www.smiletemplates.com/screenshots/00933/poster-templates-b.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/05 14:06:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/03/09 16:57:10 | 000,000,000 | ---D | M] - D:\AutoPlay Media Studio 8.0.6.0 incl crack -- [ NTFS ]
O32 - AutoRun File - [2010/06/23 11:30:46 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/11 18:58:10 | 000,000,000 | ---D | M] - H:\Autoresponder -- [ FAT32 ]
O32 - AutoRun File - [2009/07/11 11:13:22 | 000,000,000 | ---D | M] - H:\Autorun files -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: [b]AdobeAAMUpdater-1.0[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]Alcmtr[/b] - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]APSDaemon[/b] - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: [b]ctfmon.exe[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]Google Update[/b] - hkey= - key= - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: [b]googletalk[/b] - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]HotKeysCmds[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]IgfxTray[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]Persistence[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: [b]RTHDCPL[/b] - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: [b]SkyTel[/b] - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]TkBellExe[/b] - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: client32 - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\system32\tsccvid.dll (TechSmith Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/03/20 12:01:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013/03/19 17:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\.linkchecker
[2013/03/19 17:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LinkChecker
[2013/03/19 17:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\LinkChecker
[2013/03/13 13:27:10 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/12 13:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\VMware
[2013/03/12 13:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2013/03/09 11:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\KeywordMapPro
[2013/03/09 10:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/06 13:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/03/06 11:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/03/04 17:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\thickbox
[2013/03/04 14:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\WPML
[2013/03/04 13:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\wpml-cms.2.4.2
[2013/02/28 12:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\wp-cart-for-digital-products
[2013/02/27 17:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\woocommerce-product-addons
[2013/02/26 16:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\gravity_forms_addons
[2013/02/26 16:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\WooCommerce.Gravity
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/03/20 13:14:22 | 000,000,632 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Product InstallerIdle.job
[2013/03/20 13:06:31 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 13:06:21 | 004,688,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/20 13:04:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/20 13:04:55 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/20 13:04:30 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\pcisys.ntk
[2013/03/20 12:58:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-606747145-1801674531-1003UA.job
[2013/03/20 12:46:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/20 12:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 12:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/20 10:58:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-606747145-1801674531-1003Core.job
[2013/03/20 10:21:39 | 113,947,090 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/03/19 11:11:14 | 000,809,153 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\happy_birthday_hems.png
[2013/03/19 11:11:14 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2013/03/18 18:02:16 | 000,013,724 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\16 bit MS-DOS Subsystem Error.JPG
[2013/03/18 10:55:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/16 11:25:11 | 000,696,745 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\happy_birthday_kirana.png
[2013/03/16 11:11:10 | 000,205,175 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\il_fullxfull.316730902.jpg
[2013/03/16 11:07:35 | 000,201,972 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Nirthday-cake-happy.jpg
[2013/03/13 13:27:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/13 13:27:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/13 13:27:13 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/09 17:21:56 | 000,078,156 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\a.pdf
[2013/03/09 15:05:39 | 000,008,879 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiologist-bangalore.csv
[2013/03/09 14:08:58 | 000,006,807 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiologist india.csv
[2013/03/09 14:06:14 | 000,013,995 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiovascular surgeon.csv
[2013/03/09 14:02:32 | 000,002,805 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiovascular-surgeon-india.csv
[2013/03/09 13:49:40 | 000,005,386 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cardiologist.csv
[2013/03/05 12:20:26 | 000,238,684 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\EBS-API_Guide_V1.1(Beta) (6).pdf
[2013/03/04 18:24:38 | 001,070,596 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\thickbox.rar
[2013/03/04 14:00:53 | 001,534,500 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\WPML.rar
[2013/03/04 13:51:12 | 001,036,116 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\wpml-cms.2.4.2.zip
[2013/03/02 17:37:41 | 000,328,793 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/03/01 16:38:20 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/01 13:28:02 | 000,035,209 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\woocommerce.css
[2013/02/27 18:38:30 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\spacer.gif
[2013/02/27 17:38:55 | 000,020,486 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\woocommerce-product-addons.zip
[2013/02/26 16:58:18 | 001,280,206 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\gravity_forms_addons.zip
[2013/02/26 16:55:52 | 001,586,201 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\WooCommerce.Gravity.zip
[2013/02/25 16:37:54 | 000,008,543 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\download-brochure1.png
[2013/02/25 14:32:12 | 000,039,113 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\pccw-prospectus.png
[2013/02/25 11:29:11 | 000,388,026 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\PrivateContent_v2.33.rar
[2013/02/21 11:23:19 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/03/20 13:04:55 | 004,688,448 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/19 11:11:12 | 000,809,153 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\happy_birthday_hems.png
[2013/03/18 18:02:16 | 000,013,724 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\16 bit MS-DOS Subsystem Error.JPG
[2013/03/16 11:25:06 | 000,696,745 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\happy_birthday_kirana.png
[2013/03/16 11:11:09 | 000,205,175 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\il_fullxfull.316730902.jpg
[2013/03/16 11:07:34 | 000,201,972 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Nirthday-cake-happy.jpg
[2013/03/09 17:21:56 | 000,078,156 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\a.pdf
[2013/03/09 14:08:58 | 000,006,807 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiologist india.csv
[2013/03/09 14:06:14 | 000,013,995 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiovascular surgeon.csv
[2013/03/09 14:02:32 | 000,002,805 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiovascular-surgeon-india.csv
[2013/03/09 13:52:47 | 000,008,879 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiologist-bangalore.csv
[2013/03/09 13:48:46 | 000,005,386 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cardiologist.csv
[2013/03/06 13:27:56 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 13:27:56 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/05 12:20:25 | 000,238,684 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\EBS-API_Guide_V1.1(Beta) (6).pdf
[2013/03/04 18:24:37 | 001,070,596 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\thickbox.rar
[2013/03/04 14:00:51 | 001,534,500 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\WPML.rar
[2013/03/04 13:50:56 | 001,036,116 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\wpml-cms.2.4.2.zip
[2013/03/01 13:28:00 | 000,035,209 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\woocommerce.css
[2013/02/27 18:38:26 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\spacer.gif
[2013/02/27 17:38:53 | 000,020,486 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\woocommerce-product-addons.zip
[2013/02/26 16:58:17 | 001,280,206 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\gravity_forms_addons.zip
[2013/02/26 16:55:31 | 001,586,201 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\WooCommerce.Gravity.zip
[2013/02/25 16:37:53 | 000,008,543 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\download-brochure1.png
[2013/02/25 14:32:12 | 000,039,113 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\pccw-prospectus.png
[2013/02/25 11:29:10 | 000,388,026 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\PrivateContent_v2.33.rar
[2012/12/06 15:43:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\~wmrg
[2012/12/04 14:33:22 | 000,027,128 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\phpdesigner.xml
[2012/11/08 11:29:45 | 000,000,171 | ---- | C] () -- C:\WINDOWS\Nudi.INI
[2012/11/08 11:18:51 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/09/10 13:16:57 | 000,136,507 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2012/09/10 13:16:57 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2012/08/13 12:33:23 | 000,000,132 | RHS- | C] () -- C:\WINDOWS\CTA1STET.BIN
[2012/08/13 10:54:12 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\dt.dat
[2012/08/09 14:42:29 | 000,109,256 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/08/09 14:42:29 | 000,090,824 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/08/03 11:40:06 | 000,001,000 | R--- | C] () -- C:\Documents and Settings\All Users\systemCP.$dk
[2012/07/20 17:54:40 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2012/07/20 17:52:21 | 000,042,483 | ---- | C] () -- C:\WINDOWS\Icccodes.dat
[2012/07/20 17:52:21 | 000,039,095 | ---- | C] () -- C:\WINDOWS\Iccsigs.dat
[2012/07/20 17:52:21 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2012/07/17 17:16:28 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/07/14 15:24:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2012/06/16 12:07:39 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jesterrun.dll
[2012/05/05 18:21:10 | 001,756,655 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-606747145-1801674531-1003-0.dat
[2012/05/05 18:21:10 | 001,141,280 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat~
[2012/04/23 13:25:07 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Cracklock.settings
[2012/02/09 17:14:30 | 001,130,410 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/04 15:44:33 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\keyfile3.drm
[2012/01/04 13:36:13 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Adobe PNG Format CS5 Prefs
[2012/01/04 13:13:26 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/04/08 17:26:44 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/08 17:26:44 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0804BAF8CD.sys
[2010/02/19 04:01:05 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2012/02/09 13:34:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 18:20:52 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/04 17:30:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 17:30:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Drive Information ==========[/color]
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3802110A
Partitions: 6
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD1600AABS-00PRA0
Partitions: 4
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 20.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 55.00GB
Starting Offset: 20974464000
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 39.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #1
PartitionType: Extended Partition
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 110.00GB
Starting Offset: 41940702720
Hidden sectors: 0
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color]
 
[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2013/02/08 13:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2010/03/02 14:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AdobeUM
[2012/12/06 15:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Apowersoft
[2012/03/12 11:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Apple Computer
[2012/12/04 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Articulate
[2012/07/17 14:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG
[2012/05/02 16:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG Secure Search
[2012/05/02 16:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG2012
[2012/11/08 11:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Baraha Software
[2013/03/20 11:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BitTorrent
[2012/12/12 11:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.prezi.PreziDesktop
[2012/10/30 12:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.webdimensions.viralimagecuratorpro
[2012/05/02 18:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Corel
[2013/01/08 17:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DevPHP
[2010/03/26 13:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\dvdcss
[2012/08/21 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\e
[2010/04/23 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FastStone
[2013/03/16 18:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FileZilla
[2012/08/16 15:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\IBP
[2010/02/05 14:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Identities
[2012/08/11 15:13:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Admin\Application Data\IFViewer
[2012/06/11 16:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\IGC
[2012/12/04 17:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\InstallShield
[2012/01/03 17:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2010/06/03 11:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2013/03/05 12:46:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2012/01/04 10:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla
[2010/03/19 10:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\NetSupport
[2012/01/27 18:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Notepad++
[2012/06/20 18:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Oracle
[2012/12/04 14:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\phpDesigner
[2012/12/04 14:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PicEdit
[2012/05/29 11:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Real
[2012/08/16 13:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Rovio
[2012/12/04 15:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Schoolhouse Technologies
[2013/01/28 18:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Skype
[2012/12/04 14:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SmartDraw
[2012/12/12 14:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sublime Text 2
[2010/03/25 18:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sun
[2013/02/06 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TechSmith
[2012/02/15 19:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TeraCopy
[2012/02/11 11:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Thinstall
[2010/05/10 18:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\U3
[2012/02/22 11:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ubot
[2013/03/12 19:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\vlc
[2010/02/18 05:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\WinRAR
[2012/05/29 16:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\XNote Stopwatch
[2010/02/12 01:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Yahoo!
[2012/08/30 11:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\You2bApp
[2012/02/13 13:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Youtube Downloader HD
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/04 17:30:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 17:30:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
 
[color=#A23BEC]< MD5 for: AUTORUN.INF  >[/color]
[2010/01/30 19:05:17 | 000,362,824 | ---- | M] () MD5=BB9ABB848F100FC481392824350B9C67 -- C:\Program Files\HP\Digital Imaging\{96178C0A-BAF9-4E49-A2A5-CDE76722105B}\autorun.inf
[2010/01/30 19:05:17 | 000,362,824 | ---- | M] () MD5=BB9ABB848F100FC481392824350B9C67 -- C:\Program Files\HP\Temp\{96178C0A-BAF9-4E49-A2A5-CDE76722105B}\autorun.inf
[2009/07/14 13:53:44 | 000,000,079 | ---- | M] () MD5=D6813F423F1E27CB3506B02717BB2CC9 -- C:\Program Files\Articulate\Articulate Engage\templates\resources\autorun.inf
 
[color=#A23BEC]< MD5 for: CSRSS.EXE  >[/color]
[2004/08/04 17:30:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 17:30:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\dllcache\csrss.exe
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2004/08/04 17:30:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 17:30:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe
 
[color=#A23BEC]< MD5 for: HUMOUR.VBE  >[/color]
[2011/05/06 20:04:40 | 000,024,119 | ---- | M] () MD5=E29F4D5F26E4882C59928AA02238C97B -- C:\Documents and Settings\Admin\WINDOWS\HUMOUR.vbe
[2011/05/06 20:04:40 | 000,024,119 | -HS- | M] () MD5=E29F4D5F26E4882C59928AA02238C97B -- C:\WINDOWS\system32\spool\drivers\HUMOUR.vbe
 
[color=#A23BEC]< MD5 for: MSWSOCK.DLL  >[/color]
[2004/08/04 17:30:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2004/08/04 17:30:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\system32\mswsock.dll
 
[color=#A23BEC]< MD5 for: NWPROVAU.DLL  >[/color]
[2004/08/04 17:30:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2004/08/04 17:30:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\system32\nwprovau.dll
 
[color=#A23BEC]< MD5 for: PNRPNSP.DLL  >[/color]
[2004/08/04 17:30:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2004/08/04 17:30:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\system32\pnrpnsp.dll
 
[color=#A23BEC]< MD5 for: S4T4N.VBE  >[/color]
[2011/05/06 20:04:40 | 000,024,119 | ---- | M] () MD5=E29F4D5F26E4882C59928AA02238C97B -- C:\Documents and Settings\Admin\Local Settings\Temp\s4t4n.vbe
[2011/05/06 20:04:40 | 000,024,119 | ---- | M] () MD5=E29F4D5F26E4882C59928AA02238C97B -- C:\Documents and Settings\Admin\WINDOWS\s4t4n.vbe
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2004/08/04 17:30:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\dllcache\services.exe
[2004/08/04 17:30:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\services.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 17:30:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/04 17:30:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/04 17:30:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 17:30:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/04 17:30:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 17:30:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
[color=#A23BEC]< MD5 for: WINRNR.DLL  >[/color]
[2004/08/04 17:30:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2004/08/04 17:30:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\system32\winrnr.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/02/21 10:53:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/03/09 10:46:14 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/03/09 10:46:14 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/03/09 10:46:14 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/03/09 10:46:16 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/03/09 10:46:16 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/03/09 10:46:16 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/03/11 05:52:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/03/11 05:52:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/03/11 05:52:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/03/11 05:52:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/02/21 10:53:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/03/09 10:46:14 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/03/09 10:46:14 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/03/09 10:46:14 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/03/09 10:46:16 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/03/09 10:46:16 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/03/09 10:46:16 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/03/11 05:52:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/03/11 05:52:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/03/11 05:52:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/03/11 05:52:07 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

< End of report >


The next is Extras code:

OTL Extras logfile created on: 3/20/2013 1:11:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.18% Memory free
4.29 Gb Paging File | 3.57 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): C:\pagefile.sys 2504 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.52 Gb Free Space | 26.93% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 12.42 Gb Free Space | 31.80% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 6.04 Gb Free Space | 15.47% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 4.99 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 1.33 Gb Free Space | 6.79% Space Free | Partition Type: NTFS
Drive H: | 19.52 Gb Total Space | 2.25 Gb Free Space | 11.53% Space Free | Partition Type: FAT32
Drive I: | 19.08 Gb Total Space | 4.81 Gb Free Space | 25.22% Space Free | Partition Type: FAT32
Drive J: | 4.88 Gb Total Space | 0.76 Gb Free Space | 15.68% Space Free | Partition Type: NTFS
Drive K: | 11.05 Gb Total Space | 2.84 Gb Free Space | 25.67% Space Free | Partition Type: NTFS
 
Computer Name: RAGHAV | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (All) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"F:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe" = F:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6
"_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension
"{0084B0C3-F376-42E3-804A-885D249282BD}" = CorelDRAW Graphics Suite X6 - IPM
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07EA4E9F-BD35-4F38-9809-D825B772B833}" = Image Optimizer 3.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C93D216-E9C1-4089-807F-D2E10ED1630E}" = CorelDRAW Graphics Suite X6 - EN
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21C4741D-6DAA-498D-8317-7C4549A51019}" = Articulate Studio '09 Pro
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{25D69CEE-3EE2-47FD-9A0E-5013240EC953}" = CorelDRAW Graphics Suite X6 - Common
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C365981-03D8-4006-969D-3ED92E255CCA}" = Schoolhouse Test 3
"{2F3A3B57-8AB4-4136-8FD2-96A77D5183C1}" = AVG 2012
"{318FF3D7-0C40-483B-AF92-AF36416B0AC6}" = CorelDRAW Graphics Suite X6 - Writing Tools
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E5131E9-1241-4E43-8036-E870C0DEDD97}" = Articulate Studio '09 Pro
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{44A31720-8DC7-478C-9737-1054A698434B}" = Video Shadow
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 - Setup Files
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{579CA850-B2C3-43F3-A3F6-3A0AE42E8225}" = CorelDRAW Graphics Suite X6 - FontNav
"{5A52C32C-6F99-4732-B088-19228D1D3CF2}" = Articulate Studio '09 Pro
"{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61}" = CorelDRAW Graphics Suite X6 - Custom Data
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BEC144-7029-4BF4-B3F2-FA231FB9F84B}" = CorelDRAW Graphics Suite X6 - Redist
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F53FB68-6620-423E-B7CD-B8205655B421}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74FA94F1-9566-4252-9372-E7EAFFEFE209}" = CorelDRAW Graphics Suite X6 - Capture
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F}" = CorelDRAW Graphics Suite X6 - Filters
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}" = Snagit 11
"{7CCD75BD-5528-4FE1-90D2-392D661A2BF1}" = CorelDRAW Graphics Suite X6 - VSTA
"{7F9F6864-8CAB-440C-AF44-030D0135666D}" = CorelDRAW Graphics Suite X6
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{879E2460-18F9-48F2-B736-4E814A699504}" = CorelDRAW Graphics Suite X6 - VBA
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9209821A-9C57-C38A-9F74-7129BCE104B8}" = Viral Image Curator Pro
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AD99658D-C90E-4C24-86AA-A5B47F98575B}" = Articulate Studio '09 Pro
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1" = Streaming Audio Recorder V2.5.2
"{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAB89D31-4C55-472B-8909-6CBE2CC276B1}" = Microsoft Visual Basic for Applications 7.1 (x86) English
"{BBFDD98A-16DB-4A78-82A3-12ECCA29F1B0}" = AVG 2012
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5262276-0075-498B-B80F-7D997482E4DB}" = CorelDRAW Graphics Suite X6 - Draw
"{C619A1DC-8EE4-4BD2-82AB-D9424A23E42A}" = Auto Blog Samurai
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CA}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4A17D31-2F7B-4682-AD57-467021452909}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin
"{D4EFC6B7-3DA5-400D-9682-9BE287A5440E}" = CorelDRAW Graphics Suite X6 - Connect
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DF8D5A-2160-402B-819F-A5A964215528}_is1" = RegistryNuke 2012 version 2.0.0.90
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDFEB503-D662-4224-82C9-37A5698FDC25}" = CorelDRAW Graphics Suite X6 - VideoBrowser
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAC44ADF-D812-4EA4-BCD6-B7EDCB22898A}" = Math Resource Studio 5
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"Baraha 8.0_is1" = Baraha 8.0
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CCleaner Business Edition ( NavyCrack ) 3.14" = CCleaner Business Edition ( NavyCrack ) 3.14
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.webdimensions.viralimagecuratorpro" = Viral Image Curator Pro
"Cracklock_is1" = Cracklock 3.9.44
"DevPHP" = Dev-PHP
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.6.0.2
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"iWisoft Free Video Downloader_is1" = iWisoft Free Video Downloader 2.1
"LinkChecker_is1" = LinkChecker 8.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS Word Save Dot As Doc Software_is1" = MS Word Save Dot As Doc Software
"Notepad++" = Notepad++
"Nudi 4.0" = Nudi 4.0
"RealPlayer 12.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"Sublime Text 2_is1" = Sublime Text 2.0.1
"VLC media player" = VLC media player 2.0.5
"WampServer 2_is1" = WampServer 2.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"WinArchiver" = WinArchiver
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP 1.8.1
"XNote Stopwatch" = XNote Stopwatch
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"065b42c809538e1c" = Update or Uninstall SENukeX
"Google Chrome" = Google Chrome
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 1/9/2013 7:32:56 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Do you already have another mysqld server running on port: 3306 ?    For
 more information, see Help and Support Center at http://www.mysql.com.    
 
Error - 1/9/2013 7:32:56 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Aborting     For more information, see Help and Support Center at http://www.mysql.com.


 
Error - 1/9/2013 7:33:31 AM | Computer Name = RAGHAV | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> (OS 10048)Only
 one usage of each socket address (protocol/network address/port) is normally permitted.
  : make_sock: could not bind to address 0.0.0.0:80     .
 
Error - 1/9/2013 7:33:31 AM | Computer Name = RAGHAV | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> no listening
 sockets available, shutting down     .
 
Error - 1/9/2013 7:33:31 AM | Computer Name = RAGHAV | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> Unable 
to open logs     .
 
Error - 1/9/2013 7:33:33 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Can't start server: Bind on TCP/IP port: No such file or directory

For
 more information, see Help and Support Center at http://www.mysql.com.    
 
Error - 1/9/2013 7:33:33 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Do you already have another mysqld server running on port: 3306 ?    For
 more information, see Help and Support Center at http://www.mysql.com.    
 
Error - 1/9/2013 7:33:33 AM | Computer Name = RAGHAV | Source = MySQL | ID = 100
Description = Aborting     For more information, see Help and Support Center at http://www.mysql.com.


 
Error - 1/21/2013 6:41:21 AM | Computer Name = RAGHAV | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application dap.exe, version 10.0.3.5, stamp 4ff2cd6b, faulting
 module ntdll.dll, version 5.1.2600.2180, stamp 411096b4, debug? 0, fault address
 0x00043345.
 
Error - 2/9/2013 2:36:46 AM | Computer Name = RAGHAV | Source = Application Error | ID = 1000
Description = Faulting application httpd.exe, version 2.4.3.0, faulting module libapr-1.dll,
 version 1.4.6.0, fault address 0x00013583.
 
[ OSession Events ]
Error - 7/24/2011 5:23:30 AM | Computer Name = ADMIN-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16022
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
Error - 1/29/2013 4:34:18 AM | Computer Name = RAGHAV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1147
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 3/13/2013 1:27:55 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.
 
Error - 3/14/2013 1:05:13 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 3/14/2013 1:06:33 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.
 
Error - 3/15/2013 11:42:31 PM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 3/18/2013 1:25:58 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 3/19/2013 1:20:52 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 3/19/2013 7:02:00 AM | Computer Name = RAGHAV | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{4530D278-5313-4554-B590-D8A63D4804D1}.  The
 backup browser is stopping.
 
Error - 3/19/2013 9:59:03 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 3/20/2013 12:47:12 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 3/20/2013 3:35:35 AM | Computer Name = RAGHAV | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
 
< End of report >

  • 0

#5
vraghav

vraghav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ron,

You there? Please reply.

Regards,
Raghav.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
I'm here now but just got up. I'm in Washington state so Pacific Time.

Are you still getting your errors and shortcuts?

There are still a couple of remnants of the error but I don't think they are active. We can remove them with another OTL fix.

Uninstall:
JavaFX 2.1.1
Java™ 6 Update 20
Java 7 Update 9
I think you should also uninstall WampServer 2.2 asw it is not working. AVG may also be broken. I'm seeing an error that AVGIDSAgent service is not starting as it should. Probably need to download a new install then uninstall the old one, reboot and reinstall.

Copy the text in the code box by highlighting and Ctrl + c

:files
C:\Documents and Settings\Admin\WINDOWS\HUMOUR.vbe
C:\WINDOWS\system32\spool\drivers\HUMOUR.vbe
C:\Documents and Settings\Admin\Local Settings\Temp\s4t4n.vbe
C:\Documents and Settings\Admin\WINDOWS\s4t4n.vbe

:reg
[-HKLM\SYSTEM\CurrentControlSet\Services\adfs]

:Commands
[EMPTYTEMP]
[purity]
[Reboot]


then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

We should probably run some more scans to make sure there is nothing else.


Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

XP PCs are getting old so are often clogged with dust. Let's see if Speccy can give us the temps.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Is there a reason you have not upgraded to XP SP3?
  • 0

#7
vraghav

vraghav

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Ron,

Was not there for few days.

As of today, I haven't got any pop-ups. I will follow the steps and let you know.

Regards,
Raghav.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP